The attack came without warning, and in front of hundreds of people. “It was our second AASL town hall meeting, at the end of March 2020,” says Kathy Carroll, president-elect of the American Association of School Librarians (AASL), American Library Association (ALA) councilor-at-large, and lead library media specialist at Westwood High School in Blythewood, South Carolina.
“Our president and immediate past president were there, and we were going to show a united face of leadership. This was my introduction to the association,” Carroll says. “I got on and introduced myself, and next thing you know, I saw the N-word in the chat. Then I saw it again. And I thought, ‘Someone will see it.’ And I’m just not going to respond. Then it just filled the chat. Over and over, like 70 times, and my face is right there, and you can see my reaction.”
She says that prior to this incident, she had been unaware of Zoombombing. “I didn’t know what this was, and I’m just devastated, and I’m trying not to react,” she says. “But it just went on. I was thinking, ‘This person has a bat to my head and is smashing it, and I’m trying to talk about reading lists.’” Carroll says the incident lasted for 10 minutes before the meeting was shut down by organizers.
This sort of attack isn’t new, but it’s been happening more and more frequently as COVID-19 lockdowns have forced people to connect remotely. When Charlotte Roh, scholarly communications librarian at University of San Francisco’s Gleeson Library Geschke Center, was Zoombombed in mid-March, she was holding office hours at home. “I had just had a faculty member leave the online Zoom [meeting] when five or six young men came online,” she says. “They were very loud. Someone asked me if I sucked dick.” Roh said the noise volume alone was shocking. “It’s cacophonous,” she said. “So I just turned it off. I think I did a good job not responding to it, but I wish I had taken a screenshot.”
Another form of online harassment
Becky Yoose, library data privacy consultant and founder at LDH Consulting Services, describes Zoombombing as “[having] your meeting crashed by uninvited guests.” Like other forms of online harassment such as trolling and doxxing, it’s designed to create chaos. “People search for publicly posted meeting information, and they disrupt the meeting,” says Yoose. “And I would bet money that in the Venn diagram of people who are Zoombombing, and people who are regulars at harassing and trolling women, minorities, and the LGBTQ+ community online, there’s a pretty big overlap. This is just another tool for serial harassers.”
People who have endured this kind of harassment say it’s not just disruptive but violating. “I keep hearing the term Zoombombing, but it’s just a civilized term for hate crime,” says Carroll. “For quite a while after, I thought, ‘What did I do to deserve that?’ I was trying to make myself responsible. I was filled with shame and embarrassment and humiliation. It was oozing out of my pores. But I did nothing wrong. I don’t want to be the poster child for this, but I’m not running from it. I felt traumatized.”
Roh agrees. “It sounds like a prank, but I labeled it sexual harassment,” she says. She filed a report with her IT department, and they showed her how to change her security settings. She also told her dean and tweeted about the incident. Roh says everyone was supportive, and as a result of her attack, her university put out a guide on Zoom protection. But the entire experience still left her feeling unmoored. “We’re all isolated and alone right now, and this made me feel like my workplace was unsafe,” says Roh. “And right now, my workplace is my home.”
The issue is particularly insidious because so much development and continued learning now is taking place online, says Tracie D. Hall, ALA executive director. “To tell someone, ‘You shouldn’t go online if you don’t want to experience trolling’ limits their social engagement. That’s all the more reason we have to take a stand against this practice, to limit it, and to eventually erase it.”
To that end, Hall and ALA are putting in place a series of protective measures to train leaders on Zoom security. “We want to make sure our meetings are inclusive, and also monitor these meetings for our members,” she says. “We’re talking about what to do if there is a disruption. How can we be preemptive and prepare speakers for that?” Hall says using the mute function in chat and moderating comments can help minimize disruption and rein in problems immediately. “And it may be that we end up using another channel later,” she adds. Zoom did not respond to a request for comment.
Yoose says Zoom meeting organizers and attendees can also help limit their exposure to hackers and mitigate the risk of unwanted attendees. “If you’re the meeting organizer, you have the option of taking [a disruptive] person out,” she says. “And there’s a point where you have to consider closing the meeting.” She also warns against making meetings public. “Be careful about where you publish your meeting information,” she says. “I highly recommend not publishing it on any public platform.”
Carroll says that AASL’s town hall meeting links used to be shared with the public, but no more. “After my experience, people now have to register to participate,” she says, while acknowledging that she is unaware if AASL has added other protective measures. She’s adamant, though, that something proactive needs to be done. “Strong statements need to be released about this, and we have to have a plan and support available,” she says. “We have to acknowledge the humanity of people involved. And we have to look for alternatives to Zoom.”
Yoose says that Zoom itself has worked to update some of its security features and created an update for desktop clients that defaults to password protection and waiting rooms, which limit meeting access. The company has also advised that users can minimize their risk of attack by implementing an elaborate string of protocols, which may be daunting for the average user.
As Zoom has grown its user base, it has been criticized for prioritizing ease-of-use over security and privacy and misleading clients about how safe it actually was. “Zoom data privacy practices don’t have true end-to-end encryption,” says Yoose. “And Zoom is a third-party client with questionable practices, such as the collection and transmission of user information.”
Yoose explains that harassers and trolls will gladly take advantage of any vulnerability, and because Zoom is so popular, many are trying to find ways to exploit its flaws. “But Zoom still has a lot of staying power at this point,” she says. “Even though several major organizations, schools, the Federal Bureau of Investigation, and governments are saying not to use Zoom.”
Responsibility of information professionals
There may not be a simple solution, but Hall says libraries have a responsibility to navigate technology challenges such as this. “We are information professionals, and we’re not going to sit by and let a platform for speech be taken over,” she says. “Libraries are always learning alongside their communities, and there’s a baseline expectation that we do something about what we see. So our response is always toward progress and taking a stand. And right now, Zoombombing is our responsibility. Full stop.”
Hall explains that it’s about more than just learning to use computers. “In today’s library world, it’s our responsibility to make sure that our staff, members, and community feel safe online and empowered. We’re watching the future of work, and these rules are being codified right now.” She adds that if the future of work is to be inclusive, then libraries need to support digital enfranchisement and empowerment.
For Carroll, the solution is also, importantly, about understanding that violence, both digitally and physically, disproportionately affects people of color, and people who have been historically marginalized. “With the pandemic and the economy, we’re so overwhelmed,” she says. “But we cannot put on the back burner our efforts in equity, diversity, and inclusion.” Those efforts must remain at the forefront of librarians’ minds and mission statements, she notes.
“We can’t get fatigued,” she adds. “That platform may change, but this won’t.”