> You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content.
> (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof
> Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.
It’s worth mentioning that per this agreement they can still do almost anything else with that data. They could put your face up on a billboard if they wanted to.
I’m out. I was a paying user. Can’t run fast enough from ever doing business with them again.
†but we'll prompt you an overly long privacy policy including such consent whose acceptation is just a checkbox you tick the first time your join a call without even paying attention (nor choice)
They'll do inference all day long, but not train without consent. Only being slightly paranoid here, but they could still analyze all of the audio for nefarious reasons (insider trading, identifying monetizable medical information from doctor's on Zoom, etc). Think of the marketing data they could generate for B2B products because they get to "listen" and "watch" every single meeting at a huge swath of companies. They'll know whether people gripe more about Jira than Asana or Azure Devops, and what they complain about.
Enterprise may resonate with something with Signal level e2ee.
Has anyone tried Element IO, as an example, in a commercial setting?
Asking for a friend.
How does this apply for court hearings, council meetings, etc…
This is very Technologic
I generally feel like the general slowdown of capital availability in our industry will lead/is leading to companies doing a lot more desperate things with data than they've ever done before. If a management team doesn't think they'll survive a bad couple of quarters (or that they won't hit performance cliffs that let them keep their jobs or bonuses), all of a sudden there's less weight placed on the long-term trust of customers and more on "what can we do that is permissible by our contract language, even if we lose some customers because of it." That's the moment when a slippery ethical slope comes into play for previously trustworthy companies. So any expansion of a TOS in today's age should be evaluated closely.
Hats off to zoom for the free contract drafting lesson!
[edit: thanks to HN commenter lolinder for the actual lesson].
> > Landlord will clean and maintain all common areas.
> In most basic contracts, I recommend using "will" to create obligations, as long as you are careful to be sure any given usage can't be read as merely describing future events. I'm generally against "shall" because it is harder to use correctly and it is archaic.
https://law.utexas.edu/faculty/wschiess/legalwriting/2005/05...
Yes, as with most terms of service. It's one of the things that makes terms of service statements unreliable.
One implication is that lawyers can no longer use Zoom for anything which is attorney-client privileged.
Agreed, and these kinds of short-term incentives are one of the problems with American companies. On the flip side...
Japanese companies think about products in decades -- the product line has to make money 10 years from now.
Some old European brands think about their brand in centuries -- this product made today has to be made with a process and materials that will make people in 100 years think that we made our products at the highest quality that was available to us at the time.
Was zoom careful to be sure any usage can’t be read as merely describing future events? Will ambiguity exist until this agreement is tested ?
Meanwhile not once do they use "Zoom shall". It's pretty clearly just a stylistic choice and not anything sneaky.
Edit: They even use "will" in the all-important phrase "you will pay Zoom". Surely you don't think they meant to be sneaky in that usage, and that is merely meant as a prediction of future events?
They claim they can’t read anything passing through the server. Is there some other way they’ll get access?
https://support.zoom.us/hc/en-us/articles/360048660871-End-t....
I guess it makes sense. Companies are people, after all
> [...] for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof [...]
Those two clauses, coupled with the current murky state of AI-from-copyrighted-material, should make everyone run screaming from Zoom as a product that can be entrusted with confidential information.
But what are the best alternatives at the moment?
Zoom is very popular…
What you and what you say need to be consistent to preserve user trust and then being inconsistent shows mismanagement by senior leadership or even potentially intent to deceive or spin the situation while still implementing the policy. It’s the PR classic do one thing say another.
Edit: Oh, and then this hits almost at the same time…
https://www.sfgate.com/tech/article/zoom-return-to-office-an...
Webex seems to be the "corporate" video conference service, when secrets are a concern, from my experience.
I agree with this sentiment and it feels like a heuristic at this point.
I think it comes from a decade of watching when corporate officers get caught red handed then try and denial of service the bad press with their jingoistic pablum.
Can you imagine the response to telephone company saying they can use your voicemail messages for their own purposes.
Seems like it might be worth them including, IANAL. Otherwise can't they just change it in the website UI...? They don't promise any particular process for acquiring consent, but sure declare you give it to them for many many other things.
You think a TOS that's biased towards the company, or the customer, has any legal effect on a Chinese domestic corporation that's subject to the laws and regulations of the Ministry of State Security? Really?
> We will not use ... protected health information, to train our artificial intelligence models without your consent.
> We routinely enter into ... legally required business associate agreements (BAA) with our healthcare customers. Our practices and handling of ... protected healthcare data are controlled by these separate terms and applicable laws.
To my understanding there is nothing in the separate terms (BAA) or applicable laws (HIPAA) that actually guarantees this.
I don't want to assume malice but if in good faith I would have expected an updated BAA with an explicit declaration regarding data access and disclosure in a legally-binding fashion rather than a promissory blogpost vaguely referencing laws that don't themselves inherently restrict the use of PHI for training by Zoom.
It would really only require a single term.
Konami vs Kojima and any of the DieselGate companies come to mind.
> Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.
The BAA still states: Zoom shall not Use and/or Disclose the Protected Health Information except as otherwise limited in this Agreement ... for the proper management and administration of Zoom ... Zoom will only use the minimum necessary Protected Health information necessary for the proper management and administration of Zoom’s business specific purposes
As discussed in my comments on yesterday's post "proper management and administration" is vague language copied from HHS and can be construed as improving products as described in a legal analysis I quoted. I would also hazard a guess that a provider signing this agreement could be construed to have implied consent.
Nevertheless, it would not be hard to explicitly state that this does not include training models in the only truly legally binding agreement at play. An explicit declaration was also recommended in said legal analysis.
In addition Skype's ToS granted MS a licence to any and all IP you might discuss during a Skype call.[1] I wonder why no businesses were bothered by that...?
[1] ...decades ago, I don't know how it reads now, can't be arsed to check.
What is the secure way to video conference? Webex? FaceTime offers end to end encryption, but can not easily share non-mac os screens.
Articles like this sure make me like Apple sometimes
https://9to5mac.com/2023/07/20/apple-imessage-facetime-remov...
This should work: https://web.archive.org/web/20230808072418/https://explore.z...
> Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.
they also got caught being malicious and/or dumb in the past (https://www.businessinsider.com/china-zoom-data-2020-4) so there's no reason to bother with them now.
Until the TOS clearly says otherwise, as far as I can see, the TOS at least implies this:
1. We will not use your data to train AI without your consent.
2. By accepting these TOS, you give your consent to everything in this long list (which includes training AI).
However, many companies reckon they'll get away with it, the enforcement is not universal and rapid, and I don't trust Zoom as far as I can throw it on this particular score.
So they can create a transcript of the conversation and train with it. Or train on any document you may have shared during a Zoom meeting.
I woukd have preferred the exception - if that was the intent - to enumerate the components of the Customer Content that they want to use for training.
10.1 Customer Content. You or your End Users may provide, upload, or originate data, content, files, documents, or other materials (collectively, “Customer Input”) in accessing or using the Services or Software, and Zoom may provide, create, or make available to you, in its sole discretion or as part of the Services, certain derivatives, transcripts, analytics, outputs, visual displays, or data sets resulting from the Customer Input (together with Customer Input, “Customer Content”);
Which means that in the case where Zoom is provided to you by your employer, they claim that the employer consent is just what matters. Once more "Fuck GDPR".
They just made another edit and removed the line.
Here's the edit history going all the way back to March:
- 4/1 https://www.diffchecker.com/dCuVSMnp/
- 7/1 https://www.diffchecker.com/Zny4Rjqw/
> You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, … [rest already quoted several times in the thread]
so that promise to not do it without consent is meaningless as they have consent from anyone who has agreed to the ToS which anyone using the service/product has done.
Well I might just take that heuristic and do some basic sentiment analysis to rank companies on their doublespeak.
> American companies.
> Japanese companies
> Some old European brands
Unless the parent comment was edited, of course.