A recent report by cybersecurity group Citizen Lab revealed that video conferencing app Zoom is not as secure as the company claimed. The app’s popularity has jumped from 10 million users a day to 200 million daily in just a few months, largely thanks to the CCP coronavirus lockdown that has forced people to work from home. Similar privacy concerns have also been raised on the data collection efforts of tech companies and governments who do so in the name of fighting against the coronavirus outbreak.
Big tech and privacy
In their documentation, Zoom claimed that video conferences featured “end-to-end encryption.” This would mean that even the intermediary itself, which in this case is Zoom, would not be able to access video conferences between users. However, Citizen Lab proved that this was not the case and that a third party could access user data. Worse, since some of the servers were located in China, it would also mean that Beijing could get its hands on video calls of companies. Zoom tried to wriggle out of the mess by claiming that this was all a “misunderstanding.”
“We want to start by apologizing for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption. Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it,” the company said in a blog post.
Some of the recent projects by other tech companies are also being scrutinized. Google recently launched Verily, a website that directs people in San Francisco to coronavirus testing sites. Since people are required to have a Google account to use the service, this has raised alarm bells among some U.S. lawmakers who question whether Google will use the collected data for commercial purposes later on.
An app launched by Apple has also been questioned by congressmen with regard to its privacy risk. Many fear that allowing companies to procure people’s data without any restriction just because of an emergency situation could lay the groundwork for consolidating such activities.
Meanwhile, a shareholder of Zoom Video Communications Inc. has sued the company for overstating its privacy standards. The shareholder “claimed in a court filing that a string of recent media reports highlighting the privacy flaws in Zoom’s application have led to the company’s stock, which had rallied for several days in the beginning of the year, to plummet,” according to Reuters. Since hitting record highs in late March, the company’s share price has lost almost a third of its value.
Governments also seem to be ditching privacy concerns in favor of public data collection. In the U.S., the CDC has launched a new platform that tracks the spread of the CCP coronavirus. US$500 million has been set aside for modernizing the organization’s surveillance and analytics infrastructure. The agency is expected to report the development of surveillance and data collection systems soon. The White House has talked to Facebook and Google about accessing their data concerning user movements.
The success of Asian nations in aggressively using surveillance tools to deal with the virus is acting as an impetus for other countries. “The reason that South Korea, Taiwan, and Singapore were able to get their outbreaks under control quickly was because they tested everybody and they did contact tracing… These are tried and true public health methods,” Susan Erikson, a medical anthropologist at Simon Fraser University in Burnaby, Canada, said to IEEE Spectrum.
Contact tracing is basically the process of identifying people who may have come into contact with an infected person. Countries like Spain and Italy, which have some of the highest coronavirus mortality rates in the world, are reportedly opening up to the idea of mobile apps that can make contact tracing efficient.