Categories
Technology

Zoom – From A Simple Business Communicator to a World Connector

Zoom wasn’t meant to become a consumer-grade product. It has been in the enterprise space since 2011 and until this pandemic most people have never heard of it. The monthly active users have gone from about 7 million to more than 200 million by some accounts. Because of this the company is under a microscope and it has a lot of fixing to do.

One of which is their messaging about how secure it is, as of right now. According to the website The Intercept zoom isn’t end-to-end encrypted.

The researchers [from the University of Toronto] … found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.

The Intercept

The second part is even more concerning. The fact that there is a link back to the Chinese government means you should absolutely not talk about secrets of any type on Zoom.

Zoom has responded:

In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect. We have since corrected this, and would like to use this blog post to explain how our system typically works, where our misstep occurred, and how we will prevent these kinds of problems in the future. We have also been working on improving our encryption and will be working with experts to ensure we are following best practices.

We appreciate the questions we are getting, and continue to work actively to address issues as we identify them. As video communications become more mainstream, users deserve to better understand how all these services work, including how the industry — Zoom and its peers — manages operations and provides services in China and around the world.

Zoom Blog

Now, I’m not saying to stop using Zoom. What I am saying is be aware of its limitations.

Also lock it down.

Lately there has been a rash of Zoom Bombings, which is when bad actors invade public and private unprotected Zoom rooms and show/share/say nasty stuff. Zoom has released a blog post on what you need to do to protect your Zoom calls. Everyone should follow every point to the best of their ability.

At first the settings page for Zoom can be quite daunting, but if you take the time to secure your room right, you’ll have a much better experience.

In the end, is the Zoom platform perfect? No, not in the least. They are taking strides to make it more secure and robust for everyone to use. It’s on us, the public, to make sure we take our own security to heart and make it a top responsibility.

Categories
Security

Using Mobile Technology To Track Covid-19

The United States government as well as their counterparts in Israel are looking at way s to use cell phones to combat the spread of Covid-19.

The idea is to use location-based data from tech giants the likes of Facebook and Google, and others, to help with this effort, according to Elizabeth Montalbano writing on ThreatPost.com.

U.S. officials are in active discussions with technology giants like Facebook and Google as well as public health experts about how potentially to use location data collected from cell phones to track whether people are practicing social distancing or to track the movements of those infected with COVID-19, in order to stem the outbreak, according to a report in the Seattle Times.

The government is mulling this potential compiling of people’s personal and location-specific data with the purpose of mapping the spread of infection and using this knowledge to provide solutions to the problem, according to the report.

By analyzing the movement trends of smartphone owners, officials believe they can track the spread of COVID-19 and possibly limit the damage it has already caused, the report said. They also could use location-based information to see if people are indeed practicing recommended and, in some places, mandated social distancing, which requires people to ensure a certain amount of space between themselves and others when meeting people on the street or in a shop.

ThreatPost.com

Israel’s security service Shin Bet is using technology it has been using to track Palestinian militants to track Covid-19 cases.

Many privacy advocates are concerned that, though, these efforts are being done in the interest of public health, where and when does it stop? Will these new found surveillance powers be given up once Covid-19 is under control?

Sara Morrison in Recode writes:

Still, even the idea must seem unsettling to some. Many Americans lack trust in both the federal government and in how companies handle their personal data, so it’s understandable that even a hint of collaboration between the two would come under suspicion. We’ve also seen a litany of problematic privacy invasions from other countries’ governments, as they battle this virus.

Recode

Though this is a valid argument, in the U.S. at least there are safeguards in place to stop abuse of this data.

However, in this case, there are some limits to what the government can get from tech companies. America has rules when it comes to what it can force businesses and individuals to give up and how it can force them to do it. Cellphone location data is seen as particularly sensitive because of the immense amount of personal information that can be gleaned from it. The Federal Communications Commission (FCC) recently moved to issue massive fines to cellular phone carriers that were accused of selling individual location data; in 2018, the US Supreme Court ruled that law enforcement must obtain a search warrant to access an individual’s cellphone location data.

Recode

In my opinion, we should allow the government the authority to surveil, but limit it with legislation. We also need to make sure that once Covid-19 is under control and these powers aren’t needed anymore, they are relinquished.

It seems like even the Electronic Frontier Foundation is willing to allow the government some leeway.

Adam Schwartz, senior staff attorney for the Electronic Frontier Foundation, similarly says that current circumstances give the government a little more leeway here — but just a little — to strike the balance between gathering information for the public good and protecting individuals’ privacy.

“We are in the middle of a public health crisis,” Schwartz told Recode. “And some rebalancing of collective and individual interests may be appropriate. But those adjustments need to be temporary and science-driven and not discriminate.

“Any time you’ve got location data in the mix, that’s a concern,” he added.

The government must be as restrictive as possible with the data it uses, how it uses it, and for how long, Schwartz said.

Recode

What do you think? Should we, the public, be okay with more surveillance to help combat Covid-19? Or is this just to creepy and over reaching.

Image by Silviu Costin Iancu from Pixabay

Categories
Security

End-To-End Encryption Is Under Bipartisan Fire

Below is a sneak peek of this content!

End-to-end encryption keeps your messages, documents, and files private and out of the prying eyes of strangers and the government. It has many good uses as well as some nefarious ones. There is currently a bipartisan push in the U.S. Senate to break end-to-end encryption citing the more nefarious uses and ignoring the beneficial reasons for it. The U.S. government claims that bad actors use these services to plan terrorist attacks and do other bad things. To some extent this is true. But the politicians are missing a critical piece of the argument. There are many legitimate uses for...

To view this content, you must be a member of Insights on Tech Patreon at $0.01 or more