Zoom will introduce end-to-end encryption in video calls, but only for users who subscribe to the service: this is to allow law enforcement agencies to intervene in cases of crimes committed through the platform. A delicate balance between user privacy and security. Here is what you need to know
Zoom, the popular video conferencing platform that has faced a number of privacy and security issues in the past, has announced that end-to-end encryption will be adopted in video calls but only for users who subscribe to the service.
Eric Yuan, CEO of the company, has created alarm and amazement among privacy advocates by saying that Zoom plans to exclude free calls from end-to-end encryption so as to leave open the possibility of collaborating with law enforcement in the repression of online crimes.
All previous of Zoom
There is no peace, therefore, for this application already heavily under attack. In fact, the volcano that erupted at the end of last April when a series of bugs had undermined the security and privacy of millions of users around the world has not yet died out.
The forced need to shift corporate productivity to online due to the Covid-19 pandemic caused a 535% increase in daily traffic to the Zoom.us download page, according to analytics firm SimilarWeb.
Furthermore, according to the market research firm of mobile apps Sensor Tower, Zoom for iPhone was the most downloaded app in the United States for weeks; even politicians and other high-profile figures, including British Prime Minister Boris Johnson and former chairman of the American Federal Reserve, Alan Greenspan, used it for video conferencing, working from home.
Sadly, though, Zoom also won negative mention of being “a privacy disaster” and “fundamentally corrupt” according to some security researchers.
The FBI, for example, has had to intervene due to the increase in cases of video hijacking (also known as Zoombombing) in which hackers infiltrate video meetings often shouting insults or racial threats.
Then it was noticed that Zoom could install a hidden web server on users’ devices that could allow the user to be added to a call without their permission.
Then they went on to find a bug that apparently allowed hackers to take control of a Zoom user’s Mac and hack their webcam and microphone.
Last but not least, the possibility of so-called “in-app surveillance measures” such as its “attention tracking” feature, which allows a host to see if a user clicks on a Zoom window for 30 seconds or more.
The latter, for example, would allow employers to check if employees are really tuned into a business meeting or if students are actually following a presentation in the classroom remotely.
Zoom, encryption of paid video calls
The company that develops Zoom has certainly undertaken for some time a study of the code and a series of actions aimed at correcting the “mistakes of youth” but also a series of sins that leave little room for justifications.
This, however, does not extinguish the fuse linked to the possible novelty of being forced to reach out to the wallet in order to take advantage of a feature such as end-to-end encryption, which certainly should not be counted among the “premium features”.
In addition to not making many people happy who use apps like Zoom to work and meet people every day, the problem is not exclusively of an economic nature and linked to customer satisfaction.
Encryption that secures communication so that it can only be read by engaged users is especially important at a time when video apps and other digital platforms are being used for sensitive issues such as organizing protests, discussing legal matters or medical consultations (and just to name a few examples).
The privacy combined with the security of these apps are the fundamental cornerstones for the protection of the rights of those concerned to the processing of personal and particular data (former sensitive data).
It is not surprising, therefore, that in the “land of the free” like the United States where there had not already been soft with the affair of data on Facebook, lawsuits and class actions have already been filed against the “Zoom factory”, while press releases and statements from Zoom spokespersons follow.
They say, for example, that the company already offers basic encryption for users of all skill levels, and add that Zoom does not “proactively monitor meeting content.”
“We do not share information with law enforcement, except in circumstances such as child sexual abuse,” they say.
The decision, however, to charge extra to guarantee one’s privacy could set a dangerous precedent… and not just in the United States.
In fact, the writer’s opinion is in line with the statements of Tim Wade, technical director of the information security company Vectra: “in an online world, encryption is fundamental for privacy and privacy promotes security, freedom and equity in our social fabric. Eliminating personal privacy behind a paywall erodes basic freedoms and equity “.
And in Italy?
The beautiful country is discovering (and for some confirming) the enormous potential of smart working, remote meetings, productivity that moves from office desks to the home.
This equally exponential increase in the use of video conferencing apps has in turn opened the doors to digressions into the adequate privacy and security that these platforms offer, especially when they are completely free, so easy to install and zero configuration.
Of course we do not want to argue to the bitter end that paid applications are the safest in the world (there are wonderful examples of open source apps, and even “Linux docet” operating systems that do their duty also with regard to privacy and security issues) .
This, however, must never make us forget that the development of free applications suffers a gap in research, analysis, correct conduct in the development of the code and scarce investments in the security and encryption functions of the data that in the short and medium future then risk creating. not a little damage.
The high number of users who use a platform / application does not sanction its greater security, but simply its greater success in terms of layout, user satisfaction.
Tips for securing videoconferencing
So what should you really look for when downloading an app?
First of all, you should check which permissions the app requires, depending on the platform you are using. Anything not considered relevant should not be allowed.
If the app does not allow it to be used without access to these functions, it is useful to consider whether it is really worth installing it.
Often, the default settings on these types of services may not be configured taking into account our privacy and security: it is therefore important to modify the settings appropriately to ensure that your account is as secure as possible.
Finally, it is helpful to encourage users to read the terms and conditions of these services so that they understand what type of data is collected about them and how it is used, as well as the mechanism for reporting any abuse.
This will help limit the amount of personal information shared with the service or with third parties.
Zoom, video call encryption: why pay?
Also in this case, as in many others when it comes to the delicate relationship between technology, security and digital privacy, the deep-rooted culture, historical habits and the dizzying evolution with which human beings struggle to get carried away constitute one of the most major obstacles in guaranteeing a more “fair and supportive” “private security” system.
Technology within the reach of all budgets, of course … but to the detriment of the protection of fundamental human rights, if not for a fee?