When it comes to video conferencing services, top-notch privacy and security should be primary concerns, case closed. But if it were, then there wouldn’t be so much choice in the market, nor would there be so much controversy. Since the boom in 2020, video conferencing services have exploded in popularity, giving rise to security breaches and leaks.
In fact, the rise of video conferencing, most notably Zoom, has been a chosen favorite by leaders in top positions who need the tech to keep things on track. For example, CEOs holding nationwide syncs or the UK government using it to hold daily cabinet meetings. Video conferencing truly can be used for turning any in-person event into a digital one.
But just how safe is the video conferencing technology you’re using? What transactions are happening behind the scenes that you might not be aware of? Where was the software built and where is it maintained? Who might be listening in? Two-way user communication isn’t new, but the ways in which we use, rely on, and expect privacy and security from it is.
Especially in light of the vast uses video conferencing supports, like healthcare and highly sensitive patient data or legal services, businesses and different sectors have to question how protected their data is when it’s being sent at the speed of light from one corner of the world to the other.
As China becomes more prominent on the world stage, and challenges the dominance of rule-of-law Western countries, concerns are emerging about China’s role in building Zoom’s product and in hosting facilities. Should you worry about video communications being redirected and hosted in China, even if all participants are in the same city in the same online meeting in a completely different country?
Why is this happening?
It first started at the beginning of 2020, when the worldwide pandemic led to a massive and sudden influx of users on Zoom. Adding server capacity and deploying quickly led to an oversight in “geo-fencing” (calls that originate and end in the same region) where the growth of technology couldn’t meet overall demand.
Typically, calls connect to data centers in a user’s region, but upon facing multiple connections and thereby exhausting the system and creating congestion, connections are then routed to a list of data centers in secondary and tertiary regions, where certain meetings have been discovered to be connected to the system in China. It has been reported by Secureworld.io that after being caught by the University of Toronto’s Citizen Lab for routing North American calls through China, Zoom pledged not to do it again, but Zoom maintains a very large technical presence in China where Zoom does software development and has open access to the Zoom network. According to Politico.com, Zoom has been subject to Chinese government oversight and interference, for which Zoom has issued apologies.
Here’s the thing, routing calls through China is bad, but there’s a secondary problem; Encryption or lack thereof. In this specific case, calls made over Zoom didn’t provide end-to-end encryption which means that interception is more readily a possibility. For example, the Chinese government can intercept and decrypt data for legal purposes, thereby defying the rest of the world’s privacy and security standards.
Why are calls being rerouted out?
When the network is overwhelmed by users connected to the platform via primary data centers in or around their region, multiple connections fail because of a surge or other issues. Therefore, other data centers kick in as a potential backup bridge to the platform. Calls are redirected to the nearest data center that has the maximum capacity available at the time.
Furthermore, it’s been reported that if Zoom used servers in China and generated encryption keys from there, Zoom may be obligated to share data with Chinese authorities. This level of secrecy and Chinese key-encryption makes oversight from rule-of-law countries very difficult.
The Chinese Communist Party is encouraging companies operating within its borders to comply with its surveillance objectives. From start-ups to enterprises, and everyone in between including governments and nonprofits, Chinese law “requires local employees to assist with government information and censorship…. An enormous security risk considering how many people rely on video conferencing for their professional and personal lives.” Zoom’s strategy is worrisome.
According to Make Use Of, Zoom has been host to other security breaches too, including:
1. Zoom-Bombing
Borrowing from the familiar term “photo-bombing,” this clever portmanteau is used to describe users who are able to intercept calls they were not invited to and “drop-in” (or bomb) the conference. When meeting ID numbers are 11 digits long, it’s easy for hackers to guess it and create problems.
2. Unsecure Desktop Apps
Zoom’s web app is safer and more private to use than the desktop app. The web app gets more security enhancements and updates much faster than the desktop app which is easier to penetrate.
3. False End-To-End Encryption
E2E encryption should mean that no one can decrypt data sent between users in a video conference. However, in 2020 Zoom came under fire for not having sufficient end-to-end technology. While anyone on a public Wi-Fi network wouldn’t be privy to your data, Zoom employees could.
4. Installers With Bundled Malware
The Zoom installer has been taken, copied, and redistributed many times over, creating a product that was open to malware being embedded with the installer. In April 2020, users were tricked and if installed, the contaminated malware would mine for crypto-currency, eating up and zapping your machine’s computing power.
5. More Security Flaws
Zoom has been under careful watch as security flaws and vulnerabilities have been brought to light. It’s hard to pinpoint how many there have been, but what’s also worth mentioning is how many have yet to be discovered
What’s the solution?
Other video conferencing apps like Google Meeting, Microsoft Teams, iotum Callbridge and Webex are preferable. Thankfully, there are plenty of Zoom alternatives on the market, with no rerouting anywhere other than the region where the data centers are located. Choose a video conferencing platform that is built and subject to the rule-of-law and does not rely on support from authoritarian governments.
With iotum’s product Callbridge.com, what you send and receive passes through local servers. Its highly secure and private platform comes with point-to-point 128-bit encryption, fully encrypted via WebRTC, granular privacy controls and is recognized by the Canadian Anti-Spam Legislation (CASL), HIPAA Seal of Compliance, and it’s GDPR compliant.
Furthermore, iotum ensures the following:
-
Localized Western Developers
Unlike other big-name video conferencing platforms that have developers spread out around the world, iotum’s developers are located in North America and the United Kingdom – Canada, the United States, and Britain. A significant portion (if not a majority) of Zoom’s software developers and engineers are located in China, according to Zoom’s most recent SEC Filings.
-
High-Quality Global Network
Calls are never rerouted or stored anywhere outside of the global network of iotum’s media Points of Presence (POPs). iotum’s Communication Cloud (ICC) uses the POPS to stay connected only to each other using a high-quality and low latency private network. That’s why iotum has high-quality video and voice for participants located around the world.
-
A Robust Platform
For a far-reaching and powerfully built system, iotum currently has POPs in the USA, Canada, London, Germany, Mumbai, and Sydney.
-
Low Vulnerability
iotum’s platform (ICC) is a cloud-based, multi-tenant solution built to withstand vulnerability. Not only are scale and security at the forefront of its design, ICC is impenetrable because of its browser-based technology. Other solutions that provide a downloadable app make their technology more susceptible to hackers. A downloadable app provides an easy access point for hackers to plug in and monitor or record.
-
Secure Conference Rooms
Everyone in the room is visible (as seen in the participant list) and no one else. It’s easy to block, remove or grant access to latecomers. For an extra layer of protection, add one-time access codes and security pins to your meetings, and lock the room to ensure the meeting is closed.
-
Every Conference Comes With A Security Code
Add a security code to the meeting that when enabled, all participants must punch in to join the call.
-
Personal Information Is NOT Shared
Your information doesn’t go anywhere else and is not sold to a third party.
-
End-to-end Encryption
Media, links, documents – anything that is sent and received is encrypted and then decrypted so it can be processed and encrypted again before being sent to participants. All two-person point-to-point calls are encrypted end-to-end.
Choose iotum for a painless video conferencing experience that is built and run locally but appeals globally. Connect to anyone at any time from anywhere using a robust two-way communication platform that is reliable and professional. Learn more about programmable video and audio capabilities.
About the Author
Mashum Mollah is a tech entrepreneur, and passionate blogger. He shares his journey, insights and experiences at TechMagNews. If you are an entrepreneur, tech savvy, or simply an info-holic, then this blog is for you.