> According to Ryan Hughes, a reporter from local outlet WFLA, Judge Christopher Nash said next time he'll require a password.

Are you kidding me? I know the courts tend to be tech Luddites, but jeeze.

Reading the article felt like a flashback to Lulzsec news stories from 2011

Well, this brings up the problem, even if you require a password, as an open court, they're required to publish it to allow people to join. Would they simply post it physically somewhere and only local people could access? But then people could share it with bad actors anyway.

Maybe it would just reduce the volume of attacks, not eliminate them.

I have to use Zoom at my day-job, and there's quite a few things you can do to try to minimize noise, unwanted guests, etc, including:

- Automatically muting people on entry

- Not allowing people to unmute themselves

- "Locking" the room after the mandatory attendees have joined.

It's not intuitive, but it's not super-complicated, either. I don't think it's a failure of the judge, per se--it's a failure of the court not to provide someone knowledgeable to help setup the meeting.

They could use Zoom for meeting participants, and a separate video streaming service for viewers.

That's what all of the courts I've seen do. They stream the Zoom meeting via YouTube.

Ah, that's a good solution. Although clearly beyond the current capabilities of many departments still...

Zoom also has a Webinar format where only the host can transmit, IIRC.

I think this is a lot more optimal too, as it broadens the availability to those without zoom on their device.

Organizations really need someone who is technically proficient enough to dig in to zoom settings and configure meetings to disallow anonymous users, screen shares, videos. Zoombombing can be simply prevented by putting everyone not part of the hearing in a "listen-only" mode, and I'm pretty sure the controls to enable that are already there.

I'd argue that this is something that Zoom should have made easily discoverable and probably the default from the beginning. It's bad UI design.

Reminds me of the televised trial that was using Skype to conduct an interview of a witness and 4chan got ahold of the phone number. The video[1] of it happening is hilariously surreal.

[1] https://youtu.be/QKhOFRMkE-0

okay this was hilarious

but it did answer a burning question I had about how they froze this kid's funds in a prior case: they were on Bitmex and Bitmex cooperated with authorities, and unfroze the funds when authorities realized they had no standing.

Why are courts using Chinese spyware to conduct official business?

The same reason why Europeans use American spyware and adware to communicate with eachother.

Because the risk profile permits it. In this county, many courts are open, and prior to COVID, you could just walk into one and listen. Court decisions are likewise open, and part of the public record.

Edit: Did you also know that courts and lawyers still use faxes? Did you know that tapping a fax line has been trivial for decades?

"Sorry, we can't accept an email. You'll have to fax it to us. Why, you ask? Because security reasons..."

Just a side note, but some jurisdictions treat faxing similarly to giving a document in-person. For example, signing a contract and faxing it can be considered the same as certified mail. Generally not so with email. I'm not saying it's right by the way, just that is how it is sometimes.

Interesting. I know for a long time "HIPAA reasons" was another justification, which is just downright crazy.

The court is already public, no spying necessary.

So? Most of Zoom's vulnerabilities have been about endpoint security, not meeting privacy.

That is clearly not the case. This particular issue with Zoom was caused by user error, there are settings to prevent exactly what happened, not some endpoint exploit.

The court is open to the public. What threat is "chinese spyware" when you are publishing the meeting anyway?

His point was that the software itself is insecure and installing it on your machine is a security issue, regardless of the content you're hosting using it.

Punk kids and thinking they know everything.