In response to Michigan Municipal League webinars (here and here) on communities conducting remote-access meetings, several of our members have decided to use the Zoom platform. We wanted to share some information regarding the “zoombombing” that’s been happening.

Zoombombing is when someone (who may or may not be a resident of your community) joins a Zoom meeting/chat session and causes disorder by saying offensive things in chat, during public comment, or hijacking the meeting by screen sharing content on their computer. This can be disruptive and even a little uncomfortable when it occurs.

There are some things you can protect yourselves from and still stay within the confines of the virtual meetings executive order (EO 2020-15). Regardless of what platform you chose to host your meetings, double check these settings:

• Check that file sharing is turned off – that way you’re not allowing a participant to send potential profane/virus infected documents to other attendees.
• Check that screen sharing for attendees is disabled. This will prevent a hijack and potential visibility of profane/unwanted content displayed in your meeting.
• Check your mute/unmute settings. In the regular version of Zoom, you can turn off the capability of people unmuting themselves until you’re ready for them to do so.
• Turn off video sharing in the meeting for participants. This is difficult to do in the regular version of Zoom (as a user can override it), but this is made easier in Zoom Webinars, which is a purchase add-on. You have more control over what a participant does – when they can talk, and if their video is shown or not.
• Don’t allow participants to join the meeting before you, the host. No one should be allowed entry unless the meeting has begun. This includes board members to ensure they are not present without the public.
• Turn off the annotation and whiteboard features (if any).
• Either turn off chat functionality completely, or change your chat to only allow chat to presenters/hosts/panelists for technical issues and warn against clicking links. *As of 4/1/2020 passing hacked links in Zoom chat (when clicked) can cause a leak of Windows passwords.
• Set a meeting password, but it must be posted with the notice (WebEx requires a password by default). I know that I recommended you not do this due to complexity issues, but as of 4/1/2020, folks across the world are taking advantage of increased Zoom use and scanning for open meetings to disrupt.
• Ensure that you have the latest software release from the service provider installed on your computer. Zoom updated their software in January to prevent the scanning of opening meetings which is currently helping to spread the Zoombombing attacks.
• Ensure in your settings that participants who have been removed for disruptive behavior aren’t allowed to return to the meeting.

Unfortunately, these settings won’t fully protect you from participants that are intent on causing disorder during the public commenting period. If a participant’s comment results in disruptive behavior (exceeding per-person time limit for comments; intentionally interfering with the conduct of the meeting), the executive order does allow for a person to be excluded from the meeting “for a breach of the peace actually committed during the meeting.”  Before such removal, the public body should provide clear warning the person that their behavior must cease or they will be removed from the meeting.

The League hopes this helps you navigate the murky waters of virtual public meetings and the disruption this recent spate of Zoombombings can cause. As always, if you have questions on Zoombombing or virtual meetings, please contact the League.