#!trpst#trp-gettext data-trpgettextoriginal=1125#!trpen#Skip to content#!trpst#/trp-gettext#!trpen#
Fun Facts and Artefacts (Part II), iDS Zoom, Data Artefacts

By Timothy J. LaTulippe, MSc. Director Europe at iDS on 8/4/20 5:44 PM

In Part I of the series I discussed some of the prominent conferencing and communication platforms that have enjoyed a major uptick in recent months. The expansive adoption of work-from-home has further digitised our interactions, much to the dismay of café and pub owners.

Platforms like Microsoft Teams, Slack and G-Suite have been with companies for a while and their data and export capabilities are fairly well known to those litigation, investigations or compliance. I covered Zoom at a high-level in Part I of the series, but as time has progressed, so has the application itself and the company’s policies around data requests and retention.

As it relates to legal process or government requests sent to Zoom Video Communications, Inc. in The United States, their updated documentation is quite clear and concise. Some (but not all) of the information below was previously available on PC’s (Macs as well to an extent), where users had the full application installed. If a company’s security settings allow for it, users can also join directly from a web browser, in which case locally stored artefacts on a PC may be limited or virtually non-existent.

Data Zoom retain as a company

  • Technical information about a user’s device, network, and internet connection, including the user’s IP address, MAC address, other device ID (UDID), device type, how the user connected, network performance, operating system type and version, client version, type of camera, microphone, or speakers; for Zoom Phone users, the phone number of the user making the call;
  • Approximate location to the nearest city;
  • Metadata, including duration of the meeting or Zoom Phone call; email address, name, or other information that participants enter to identify themselves in a meeting, join and leave time of participants, meeting name, the scheduled date and time of a meeting, call data records for Zoom Phone.

Do you notice anything missing from that impressive list? The substantive communications are by design not available upon request and are encrypted in a manner that cannot be accessed by Zoom (as per their own documentation). Data that are provided by Zoom will arrive in csv delimited style text files or spreadsheets, and any available audio/video (say a cloud recording of a meeting), would arrive via mp4 video format.

Data Zoom makes available to administrators

Without the need to serve Zoom with legal papers on official letterhead, meeting details can be exported and analysed by a Zoom administrator for an organisation. These are slightly less detailed but include, topic of the meeting, usernames, e-mail addresses, join date and time, leave date and time, duration of the meeting as a whole and the meeting’s ID.

Using an investigation scenario as an example, the authorities are still going to remain interested in WhatsApp and more substantive chat data in which people often confide, however; it is all but certain that demands for data that Zoom retains will come into the fold. Investigations are a fragmented affair, and the more data points users create, the more they will be scrutinised and exploited. Has your organisation considered these types of stored data? As counsel, have you discussed this with our clients?
Watch this space.

iDiscovery Solutions, Inc. (iDS) is an award-winning, global, and expert services firm that delivers customized, innovative solutions for legal and corporate clients’ complex challenges. iDS’ subject matter experts testify and consult in connection with electronic discovery (eDiscovery), digital forensics, data analytics, and cybersecurity/information governance.