Since the Coronavirus pandemic, the use of Zoom videoconferencing has been widespread. But with such innovative means of communication and doing business comes a new form of trolling and hijacking known as Zoombombing.
Zoombombing is the unwanted, disruptive intrusion, generally by Internet trolls, into a video-conference call. A typical Zoombombing incident can result in, but is not limited to, insertion of material that is lewd, obscene, racist, homophobic, or antisemitic in nature, typically resulting in the shutdown of a teleconference session. Like many forms of cyberhacking, this sort of hijacking on the Internet can have devasting impacts on social and family settings, religious services, business meetings, and remote learning environments. In addition to potential copyright infringement, there are several violations that can occur when one commits a Zoombomb.
- Violation of Privacy Laws
Many states allow plaintiffs to sue for invasion of privacy, however the extent in which they do recognize these types of claims may vary. One kind of invasion of privacy is the public disclosure of private facts, which can arise when one who gives publicity to a matter concerning the private life of another and the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public. Another is the intrusion upon seclusion, which occurs when one who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, and such intrusion would be highly offensive to a reasonable person.
Unfortunately, these claims do not generally succeed when security settings, such as waiting room and password features, are not put in place. Anything that discussed on an online setting that lacks these kinds of security features will generally be treated as public instead of private.
What if you’ve enabled security features in your Zoom conference call, and someone is still able to Zoombomb you? This is where the Computer Fraud & Abuse Act (CFAA) can be affected. The CFAA is a federal privacy statute “makes it illegal to intentionally access a computer without authorization or in excess of authorization.” Violations of the CFAA can sometimes lead to criminal prosecution, making it perhaps one of the most punitive statutes in privacy law. Although the CFAA was initially implemented to counteract against computer hacking, it has been applied in other contexts as technology has evolved. For instance, the CFAA was used as an attempt to prosecute cyberbullying back in 2008 in the case of United States v. Drew. Again, security settings can be a factor in determining whether access is authorized or in excess of authorization, as well as any cease-and-desist letters received.
- Trespass to Chattels
Another relevant tort action is trespass to chattels, which is the intentional interference of another’s personal property. The first case to apply this tort to the Internet was CompuServe Inc. v. Cyber Promotions, Inc back in 1997. Between the late 1990s and early 2000s, courts had applied trespass to chattels when dealing with spamming, screen-scraping, and data havesting. However, the court in Intel v. Hamidi emphasized that the tort does not extend to claims in which the electronic communication involved “neither damages the recipient computer system nor impairs its function.” To the California Supreme Court in this case, the alleged economic productivity lost due to company disruption caused by emails was not sufficient in satisfying a trespass to chattels claim.
Using Zoom, Skype, or FaceTime in a way that is not allowed under their terms of service can potentially lead to a breach of contract. The key issue with this kind of claim is whether the Zoombomber had notice of the online platform’s terms, and whether such notice was conspicuous enough.