From the horse’s mouth
Officer Of The Privacy Commissioner Of Canada
Office Of The Australian Information Commissioner
Global privacy expectations of video teleconference providers – with open letter
Federal Data Protection And Information Commissioner (Switzerland)
Open Letter (PDF)
Information Commissioner’s Office (United Kingdom)
Open Letter (PDF)
Thanks to the COVID-19 coronavirus plague, we are making increased use of various videoconferencing platforms for our work, education, healthcare, religious and social reasons.
This has been facilitated through the use of applications like Zoom, Skype, Microsoft Teams and HouseParty. It also includes “over-the-top” text-chat and Internet-telephony apps like Apple’s Facetime, Facebook’s Messenger, WhatsApp and Viber for this kind of communication, thanks to them opening up or having established multi-party audio/video conferencing or “party-line” communications facilities.
Security issues have been raised by various experts in the field about these platforms with some finding that there are platforms that aren’t fit for purpose in today’s use cases thanks to gaping holes in the platform’s security and privacy setup. In some cases, the software hasn’t been maintained in a manner as to prevent security risks taking place.
As well, there have been some high-profile “Zoombombing” attacks on video conferences in recent times. This is where inappropriate, usually pornographic, images have been thrown up in to these video conferences to embarrass the participants with one of these occurring during a court hearing and one disrupting an Australian open forum about reenergising tourism.
This has led to the public data-protection and privacy authorities in Australia, Canada, Gibraltar, Hong Kong, Switzerland and the United Kingdom writing an open letter to Microsoft, Cisco, Zoom, HouseParty and Google addressing these issues. I also see this relevant to any company who is running a text-based “chat” or similar service that offers group-chatting or party-line functionality or adapts their IP-based one-to-one audio/video telephony platform for multi-party calls.
Some of these issues are very similar to what has been raised over the last 10 years thanks to an increase in our use of online services and cloud computing in our daily lives.This included data security under a highly-mobile computing environment with a heterogeny of computing devices and online services; along with the issue of data sovereignty in a globalised business world.
One of the key issues is data security. This is about having proper data-security safeguards in place such as end-to-end encryption for communications traffic; improved access control like strong passwords, two-factor authentication or modern device-based authentication approaches like device PINs and biometrics.
There will also be the requirement to factor in handling of sensitive data like telehealth appointments between medical/allied-health specialists and their patients. Similarly data security in the context of videoconferencing will also encompass the management of a platform’s abilities to share files, Weblinks, secondary screens and other media beyond the video-audio feed.
As well, a “secure by design and default” approach should prohibit the ability to share resources including screenviews unless the person managing the videoconference gives the go-ahead for the person offering the resource. If there is a resource-preview mechanism, the previews should only be available to the person in charge of the video conference.
Another key issue is user privacy including business confidentiality. There will be a requirement for a videoconferencing platform to have “privacy by design and default”. It is similar to the core data-security operating principle of least privilege. It encompasses strong default access controls along with features like announcing new participants when they join a multi-party video conference; use of waiting rooms, muting the microphone and camera when you join a video conference with you having to deliberately enable them to have your voice and video part of the conference; an option to blur out backgrounds or use substitute backgrounds; use of substitute still images like account avatars in lieu of a video feed when the camera is muted; and the like.
There will also be a requirement to allow businesses to comply with user-privacy obligations like enabling them to seek users’ express consent before participating. It also includes a requirement for the platform to minimise the capture of data to what is necessary to provide the service. That may include things like limiting unnecessary synchronsing of contact lists for example.
Another issue is for the platforms to to “know their audience” or know what kind of users are using their platform. This is for them to properly provide these services in a privacy-focused way. It applies especially to use of the platform by children and vulnerable user groups; or where the platform is being used in a sensitive use setting like education, health or religion.
As well it encompasses where a videoconferencing platform is used or has its data handled within a jurisdiction that doesn’t respect fundamental human rights and civil liberties. This risk will increase more as countries succumb to populist rule and strongman politics and they forget the idea of these rights. In this case, participants face an increased exposure to various risks associated with these jurisdictions especially if the conversation is about a controversial topic or activity or they are a member of a people group targeted by the oppressive regime.
Another issue being raised is transparency and fairness. Here this is about what data is being collected by the platform, how it is being used, whom it is shared with including the jurisdictions they are based in along with why it is being collected. It doesn’t matter whether it is important or not. The transparency about data use within the platform also affects what happens whenever the platform is evolved and the kind of impact any change would have.
The last point is to provide each of the end-users effective control over their experience with the videoconferencing platforms. Here, an organisation or user group may determine that a particular videoconferencing platform like Zoom or Skype is the order of the day for their needs. But the users need to be able to know whether location data is being collected or whether the videoconference is tracking their engagement, or whether it is being recorded or transcribed.
I would add to this letter the issue of the platform’s user-friendliness from provisioning new users through all stages of establishing and managing a videoconference. This is of concern with videoconference platforms being used by young children or older-generation people who have had limited exposure to newer technologies. It also includes efforts to make the platform accessible to all abilities.
This is relevant to the security and user privacy of a videoconferencing platform due to simplifying the ability for the videoconference hosts and participants to maintain effective control of their experience. Here, if a platform’s user interface is difficult to use safely. videoconference hosts and participants will end up opting for insecure setups this making themselves vulnerable.
For example, consistent and less-confusing function icons or colours would be required for the software’s controls; along with proper standardised “mapping” of controls on hardware devices to particular functions. Or there could be a user-interface option that always exposes the essential call-management controls at the bottom of the user’s screen during a videocall.
This issue has come to my mind due to regularly participating in a Skype videoconference session with my church’s Bible-study group. Most of the members of that group were of older generations who weren’t necessarily technology-literate. Here, I have had to explain what icons to click or tap on to enable the camera or microphone during the videoconference and even was starting it earlier to “walk” participants through using Skype. Here, it would be about calling out buttons on the screen that have particular icons for particular functions like enabling the camera or microphone or selecting the front or back camera on their device.
At least the public-service efforts have come about to raise the consistent security and privacy problems associated with the increased use of videoconferencing software.