Article – From the horse’s mouth
Previous Coverage on videoconferencing platform security
As the COVID-19 coronavirus plague had us homebound and staying indoors, we were making increased use of Zoom and similar multi-party video conference software for work, education and social needs. This included an increased amount of telemedicine taking place where people were engaging with their doctors, psychologists and other specialists using this technology.
Thus increased ubiquity of multi-party videoconferencing raised concerns about data-security, user-privacy and business-confidentiality implications with this technology. This was due to situations like business videoconference platforms being used for personal videoconferencing and vice versa. In some cases it was about videoconferencing platforms not being fit for purpose due to gaping holes in the various platforms’ security and privacy setup along with the difficult user interfaces that some of these platforms offered.
During August 2020, the public data-protection authorities in Australia, Canada, Hong Kong, Gibraltar, Switzerland and the UK called this out as a serious issue through the form of open letters to the various popular videoconferencing platforms. There has been some improvement taking place with some platforms like Zoom implementing end-to-end encryption, Zoom implementing improved meeting-control facilities and some client software for the various platforms offering privacy features like defocusing backgrounds.
Zoom has now answered the call for transparency regarding user privacy by notifying all the participants in a multi-party videoconference about who can save or share content out of the videoconference. This comes in to play with particular features and apps like recording, transcription, polls and Q&A functionality. It will also notify others if someone is running a Zoom enhanced-functionality app that may compromise other users’ privacy.
There is also the issue of alerting users about who the account owner is in relation to these privacy issues. For corporate or education accounts, this would be the business or educational institution who set up the account. But most of us who operate our personal Zoom accounts would have the accounts in our name.
Personally, I would also like to have the option to know about data-sovereignty information for corporate, education or similar accounts. This can be important if Zoom supports on-premises data storage or establishes “data-trustee” relationships with other telco or IT companies and uses this as a means to assure proper user privacy, business confidentiality and data sovereignty. A good example of this could be the European public data cloud that Germany and France are wanting to set up to compute with American and Chinese offerings while supporting European values.
Another issue is how this will come about during a video conference where the user is operating their session full-screen with the typical tile-up view but not using the enhanced-functionality features. Could this be like with Websites that pop up a consent notification disclosing what cookies or similar features are taking place when one uses the Website for the first time or moves to other pages?
It will be delivered as part of the latest updates for Zoom client software across all the platforms. This may also be a feature that will have to come about for other popular videoconferencing platforms like Microsoft Teams or Skype as a way to assure users of their conversation privacy and business confidentiality.