Can we really trust Zoom?

We are all 'zooming' these days. But can we trust the platform that is taking over our lives India Inc. Group Founder and CEO Manoj Ladwa asks the tough questions that will make us sit up and think.

Highlights:

• Zoom's installer software doesn't warn users that it contains codes that send data to Facebook and other third parties and that the software has bugs that can be used to spy on people.

• There have been multiple instances of unauthorised people gaining entry into virtual meetings that do not require passwords to access, which is now being called 'Zoom bombing.'

• This can lead to serious national security breaches, massive corporate espionage opportunities or just plain harassment for many people.

Zoom has become the video conferencing platform of choice during this period of lockdown. From governments using it for cabinet meetings to businesses conducting board meetings, to families trying to stay connected with their near and dear ones. In fact, this week, I even attended a funeral by Zoom of one of our dear family friends who sadly succumbed to the coronavirus. We are all zooming these days. But can we really trust the platform that has become so all prevailing in our daily lives A recent news item that said Zoom routed some of its calls through China has only served to raise the levels of wariness that a lot of users, including myself, are starting to feel.

The facts of the case

Questions have been asked about the level of privacy on Zoom ever since analysts discovered that the platform's installer software doesn't warn users that it contains codes that send data to Facebook and other third parties and that the software has bugs that can be used to spy on people. These facts are also mentioned in a lawsuit filed against Zoom in the US in March 2020 alleging unauthorised passing of sensitive personal data to third parties.

Then, Zoom changed its claim of offering end-to-end encryption - that it was encrypting data at every point from origin to finish and even in transit over Zoom servers - to say it offers only “encryption” after US magazine Intercept found this claim to be false.

A new term, called “Zoom bombing” has gained currency in recent times following multiple instances of unauthorised people gaining entry into virtual meetings that do not require passwords to access - as more than 2.2 million new users across the world, ranging from locked down members of families to corporate executives, have logged on to Zoom in the first three months of this year alone in the wake of the COVID-19 pandemic.

I read about two shocking incidents of Zoom bombing on Sky News today. In one, hackers intruded into an online geography class for 13-year-old girls in Singapore and streamed photographs of male genitalia on their screens. They also passed lewd remarks. This forced the authorities to stop further classes over Zoom till the security problems are resolved. In the second incident, a school in the US permanently banned Zoom after a naked man entered a password-protected meeting and shouted racial slurs. To me, these facts point to a grave security risk that all of us are exposing ourselves to. Then, although Zoom is an American company, the fact that it has routed some calls through Chinese servers only adds to the level of anxiety. Zoom has clarified that it was done in an emergency to deal with the massive extra traffic it was suddenly getting, but...

The danger

I take the issue of data security very seriously. Some countries, including India, have brought in laws to regulate the use of personal data and many more are considering doing so.

We will start generating much greater amounts of data as 'work from home' becomes the norm in some sectors and more acceptable in others and many more companies and their employees jump on to this as a workable alternative to paying heavy rents in prime city locations.

As more data, some of it poorly encrypted (as in the case of Zoom), flies back and forth between distant corners of the earth, and as more families and private individuals log on to platforms like Zoom to stay in touch, it will become that much easier for hostile nations, corporate rivals, personal enemies or even pranksters and hackers to gain access to this information. And that can lead to serious national security breaches, massive corporate espionage opportunities or just plain harassment for a lot of people.

The alternatives

I must hasten to add here that my intent is not to slam Zoom. I am just pointing out a valid concern that I - as family person, friend, and someone who runs a business with many employees - and many others like me, have.

I'm delighted that Zoom has announced that it will not launch any new products or features for 90 days and will, instead, use this time to enhance the platform's security features. That's good news for the future but still doesn't resolve the immediate issue of the absence of an acceptable level of security.

I looked around for other apps and platforms that offer similar services but with much higher levels of security such as end-to-end encryption. Though I'm not an expert on this issue, I understand that Google Duo, which offers video chat services, has the highest level of security. The downside: the maximum group size is 12. That should, however, suffice for most families and groups of friends and all but a very few corporate meetings.

Facetime is another possible substitute, but it's open only to Apple users; it allows up to 32 users but will not run on Windows or Android devices. Cisco's WeBex is another option but it doesn't come free; it costs $12 per month for video calls with up to 150 participants. And if you're okay with lower levels of security, ie not end-to-end encryption, you can use Skype, Slack or even Facebook Messenger.

The solution

Video chatting with groups of friends, family and colleagues and virtual meetings, both official and personal, are a reality we will have to get used to. There's no running away from that. The only way to ensure data security will to be use one of the more secure apps available. But some of them are not as easy to use as Zoom.

For most business people, the integrity of data and its security is paramount. But I understand that for some others, ease of use may be more important.

That means each of us will have to find a balance between these two issues based on our individual and business requirements.