Privacy and security of video-conferencing apps - The Daily Guardian
Connect with us

News

Privacy and security of video-conferencing apps

India must create a culture of innovation where there’s respect for individual privacy

Brijesh Singh and Khushbu Jain

Published

on

Privacy
Privacy and security of video-conferencing apps

The pandemic struck suddenly, before the world could fully comprehend its import, humanity went into a paralysis. Life across the globe came to a standstill. Governments, corporates, families and individuals had to suddenly adapt to new modes of communication, transaction and service delivery. In this mayhem, the online and digital world offered viable alternatives to commute, collaboration and decision-making. Apps and services, which were popular before Covid-19, suddenly became the only fallback option. A case in point being the popular video-conferencing application called Zoom. Such has been the surge in work from home and other collaboration needs that Zoom, which had 10 million daily users, crossed the 200 million mark in March; as of date it is claiming a daily user base of 300 million participants. Zoom is used by over 30,000 companies and over 40 million people worldwide including hundreds of thousands of educational institutions. Other such apps and alternatives also saw a huge growth, but Zoom was at the sweet spot of pricing, features, familiarity, differentiation and market presence to benefit from the Covid-19 outbreak.

With popularity came cyberattacks, hackers zoomed in on Zoom and started digging for flaws in its code, privacy advocates started examining its privacy and data use policies, others dug out its server locations, roots of the software code, permissions the app takes on your device and the safety/security of users on the platform. Pursuant to this, after rising sharply, Zoom’s share prices experienced a sharp fall in March when serious issues came to fore. To the company’s credit, it has been quick to adapt and has been responding well to criticism by making desired changes in code, configurations and policies. However, the broader question of the privacy, security and threats to individuals-businessesgovernments still needs a close examination. Recently, a former NSA researcher disclosed two new bugs that could have been used to take over a Zoom user’s Mac computer, including tapping into the webcam and microphone.

To make matters worse, these exploits apart from compromising Zoom can become a gateway for the attacker to additionally install other Malware and virtually takeover the victim’s computer or his/her identity. Security researcher Felix Steele dissected the Mac Zoom installer package. To his surprise he discovered that certain techniques that were being used by the pkg file were similar to those used by actual macOS malware samples (for example Coldroot and Proton). These malwares often pretend to be an Apple process or completely fake the password prompt. The installer also actually asks the user to blindly enter their system password into a dialog that pops up and makes use of elevated privileges to access system files. There have been instances of restricting Zoom usage by various countries for critical work and also by corporates. Examples range from Google stopping its employees downloading the app for work to Elon Musk’s rocket company SpaceX banning its employees from using it, in wake of “significant privacy and security concerns”.

Zoom also does not use end2end encryption which has become the standard for all communication apps and messengers. It was also found by Citizen Lab researchers that Zoom was using weak encryption keys, only 128-bit against a claim of the stronger 256-bit AES keys, as the company was proclaiming. The company has access to all encryption keys and to all video and audio content traversing its cloud, it’s possible that governments around the world could be compelling the company to hand over copies of this data, some of its servers are also hosted in China. It is also noteworthy that the video-conferencing software appears to be developed by three companies located in China, known as Ruanshi Software. Only two of these are owned by Zoom, ownership of the third company, American Cloud Video Software Technology, remains unknown. On a closer examination, the usage terms and privacy policy of Zoom mandates transfer of data outside India and it is also subject to commercial exploitation.

Though Zoom updated its privacy policy which is better than it was, it still collects a huge amount of data about users. Consent is only valid where it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use and/or disclosure of the personal information to which they are consenting whereas Zoom policy falls short on this aspect. It should be noted that it considers its home pages “marketing websites”, which means it’s still using thirdparty trackers and surveillance-based advertising. The policy of commercial exploitation and transfer of data outside India can have impact and invite punishment if used by the government officials/departments (due to such inevitable transfer of government data outside its jurisdiction) since the same may be in a violation of the Public Records Act, 1993, the Official Secrets Act, 1923, The Email Policy as well as Policy for Usage of IT Resources of Government of India. It should be noted that the ministries and departments may host their servers with third parties, but are not permitted third-party hosting in servers outside India (as per the guidelines issued by the Ministry of Home Affairs and CERT-IN). In wake of the above security concerns, the Ministry of Home Affairs issued an advisory stating that ‘Zoom’ app is not a safe platform for video-conferencing and none of the critical meetings to be conducted using Zoom platform.

Nonetheless, the security of video-conferencing and live-streaming apps needs urgent audit including a forensic audit of the possible breaches due to known and unknown vulnerabilities (even though some recently patched by Zoom). Our dependence on these technologies today is so complete that until viable alternatives emerge, we have no recourse but to keep using them. If we undertake a set of system hardening and tweaking of configuration settings, contingent risks can be mitigated to a large extent. Another way would be to use alternatives which are less popular or are self-hosted on company’s or personal servers/cloud accounts. Organisations should carefully consider the risk if they should continue working with the popular ‘free’ solutions. The general user should assert her rights in relation to these technology giants. We exhibit extreme caution and vigilance in using government apps and services, while paradoxically falling prey to corporate surveillance wilfully. The same standards (if not more stringent) of accountability as those applied to the services by administration should be made applicable to intermediaries and platforms which provide these technologies.

A free product commoditises you; even if one has accepted this position, the moral and ethical obligations of the service provider to protect the interests of the average user do not go away. The service provider must incorporate data privacy principles for the collection, use and disclosure of personal information such as: Accountability; Identifying Purposes; Informed/ Explicit Consent; Limiting Collection; Limiting Use, Disclosure and Retention; Accuracy; Safeguards; Openness; Individual Access; and, Challenging Compliance. Union Minister for IT Ravi Shankar Prasad has spurred innovators in India by challenging them to create a world-class, homegrown video-conferencing solution. India, as a rapidly digitising nation, should create a culture of innovation where the respect for individual privacy is built in by design. Brijesh Singh is Inspector General of Police, Maharashtra, and Khushbu Jain is practising Advocate in the Supreme Court.

The Daily Guardian is now on Telegram. Click here to join our channel (@thedailyguardian) and stay updated with the latest headlines.

For the latest news Download The Daily Guardian App.

News

Pune: 15-year-old boy commits suicide for getting new phone

Published

on

By

Suicide

Due to his mother’s refusal to let him get a new phone, a 15-year-old boy committed suicide on Thursday in Baramati, Pune.

The boy, who was in Class 9, reportedly wanted to get a new phone for online studies, but his mother refused, and this made the child unhappy, so he decided to commit suicide. When he was home alone, he took a drastic step.

Arun Avchar, police inspector, Malegaon police station, said, “Prima facie, it appears that the child wanted a new phone and his mother refused. The neighbours and family members informed the Malegaon police about the incident. We reached the spot and sent his body for a post-mortem.”

A teacher from the child’s school said, “The boy died by suicide after school hours. His behaviour was normal. We had told him that there was no need for a new phone as offline classes have started, but he was not ready to listen.”

Malegaon police station has started an investigation and filed a case.

(A Pune-based non-profit organisation called Connecting strives to prevent suicide by offering help to those who are experiencing emotional distress by utilising the philosophy of mindfulness-based active listening. The toll-free hotlines are 1800-209-4353 and 9922001122, which are open daily from 12 p.m. to 8 p.m. Walk-in hours are Monday through Saturday from 12 to 5. Using Gmail to connect with an NGO.) 

Continue Reading

News Plus World

Woman arrested for eating at restaurant without hijab in Iran

Published

on

By

According to her family, a woman was arrested by the Iranian security forces for eating at a restaurant in public without a hijab.

Donya Rad was arrested after an image of her and another lady eating in a restaurant in Tehran without wearing headscarves went viral online, according to CNN.

The image, which surfaced on Wednesday, depicts the two ladies having breakfast at a cafe that, like the majority of cafés in Iran, is generally frequented by men.

According to Rad’s sister, security agencies contacted Donya and summoned her to explain her actions.

“After visiting the designated place she was arrested, after a few hours of no news, Donya told me in a short call that she was transferred to Ward 209 of Evin Prison,” her sister told CNN.

The dictatorship imprisons political dissidents in Tehran’s notoriously harsh Evin Prison, which is only intended for inmates under the control of Iran’s Intelligence Ministry.

According to reports, security officials have recently imprisoned a number of prominent Iranians, including the author and poet Mona Borzouei, the Iranian football star Hossein Mahini, and Faezeh Rafsanjani, the daughter of former Iranian President Ali Akbar Hashemi Rafsanjani.

According to the non-governmental organisation Iran Human Rights, Iranian artist Shervin Hajipour was also arrested this week after releasing a poignant song based on tweets shared by Iranians expressing their feelings about why people are demonstrating.

The song “For…” by Hajipour became extremely popular online, garnering millions of views and being extensively distributed among Iranians both inside and outside of their nation.

The killing of a Kurdish woman named Mahsa Amini sparked the country’s first anti-government protests.

Mahsa, 22, passed away in police custody after being arrested for reportedly wearing a “improper hijab,” in violation of Iran’s stringent laws regarding women’s attire.

The government crackdown has continued after almost two weeks of protests, with dozens dying in clashes between security forces. Iran Human Rights estimates that at least 83 people including children, are confirmed to have been killed in protests following the death of Mahsa Amini, reported CNN.

More than a thousand people connected to the protests have been detained as of last weekend. At least 28 journalists arrested were arrested as of Thursday, according to the Committee to Protect Journalists.

In a statement released on Thursday, Amnesty International stated that they are “investigating the authorities’ mass arrests of protesters and bystanders, as well as journalists, political activists, lawyers, and human rights defenders, including women’s rights activists and those belonging to oppressed ethnic minority groups.”

Videos circulating on social media show protesters in the cities of Qom, Rasht, and Mashhad calling for the overthrow of the clerical establishment despite the rising death toll and a stern crackdown by the police, according to CNN report.

Continue Reading

Nation

‘If you want a change, choose me’ : Tharoor on Congress president poll

Published

on

By

Shashi Tharoor claims party's support

In the upcoming presidential election of the grand old party, Congress leader Shashi Tharoor reiterated on Saturday that his contest against senior party member Mallikarjun Kharge “is not a battle.” Following days of turmoil surrounding the intra-party troubles in Rajasthan, Tharoor and Kharge finally submitted their nominations for the crucial elections, which are set for October 17, on Friday.

“This is not a war. We can belong to different schools of thoughts. Let the members decide,” Tharoor told news agency ANI in an interview on Saturday. “All I am telling the members is  that if you’re satisfied with the functioning of the party, please vote for Kharge Sahab. But if you want a change, choose me.. If you want the party to function differently.”

His remarks came as news spread that the Gandhis were endorsing the 80-year-old Kharge for the top party position. On Saturday, Kharge announced his resignation as the opposition leader in the Rajya Sabha, a day after more than 30 leaders surprised many by end-of-nomination support for his candidacy. In contrast, Tharoor was not accompanied by as many senior leaders.

“But there is no ideological problem here. Whatever the message has so far of the Congress will continue to remain,” Shashi Tharoor said on Saturday, dismissing any differences.

Even though the Gandhis made it clear that they would no longer be running for president post, their management has continued to draw criticism. Regarding the family’s importance for the party in light of the BJP’s dynastic politics allegations.

Continue Reading

News

Student visa interviews to start from November by the US Embassy

Published

on

The US embassy in India has announced that interviews for the student visas will open from mid-November. Minister counselor for consular affairs at US Embassy, Don Heflin, said that the process of interviews will continue till the end of December.The announcement was made by Don Heflin while answering student visa queries for the United States related to waiting and processing time. He said, “We will open up for the first half in mid-October and for the second half in mid-November.”Last month, US missions in India said that record 82,000 student visas have been issued in 2022 so far, higher than in any previous year. Indian students received more American student visas than any other country, the missions added.Amid delays, foreign minister S Jaishankar also raised the issue of the huge backlog of US visa applications from India with US Secretary of State Antony Blinken.S Jaishankar said, “To the people who are concerned about the visa issues, I would like to give the message that I understand their anxiety and the urgency and which is precisely the reason why I took up the matter.”

Continue Reading

News Plus World

Iran : 19 people including guard colonel killed in anti-govt protest

Published

on

By

Iranian women chop off hair to mark protest over death of Mahsa Amini

In one of the deadliest clashes between police and protesters since Iran’s anti-government demonstrations began, nineteen people were killed on Friday. This was in response to the death of Mahsa Amini, a 22-year-old Kurdish woman who died in police custody after being arrested for allegedly disobeying Iran’s strict dress codes for women by donning an “improper hijab.”

Iranian protesters and police had a violent confrontation in southeastern Iran. The confrontation happened as worshippers from Iran’s Sunni minority left Friday prayers at the Makki Grand Mosque in Zahedan, capital of Sistan and Balochistan province, reported Voice of America (VOA).

“Nineteen people were killed and 20 injured in the incident,” regional governor Hossein Khiabani told the state broadcaster.

“Provincial intelligence officer of the Islamic Revolutionary Guards Corps Colonel Ali Mousavi was also killed,” state television added.

Iranian state media earlier on Friday stated that security personnel had retaliated after armed men attacked a police station in the provincial capital of Zahedan.

The protesters were labeled as terrorists and separatists by the Iranian state media, who also charged them with shooting guns at police.

Continue Reading

Auto & Tech

Using 5G technology, PM Modi test drives a car from Delhi in Europe

Published

on

5G

Using the newly launched 5G technology, Prime Minister Narendra Modi conducted a test drive of a car in Europe from Delhi’s Pragati Maidan on Saturday. Union minister Piyush Goyal tweeted the photo and wrote, “India driving the world’.PM Modi inaugurated the India Mobile Congress 2022 exhibition before he launched the 5G mobile telephony services in India. At the exhibition, he visited the pavilions of the different telecom operators to experience the first-hand experience of the 5G technology.PM Modi was briefed about the technology by Mukesh Ambani and Akash Ambani at Reliance Jio stalls.Then PM Modi went to the stalls of Airtel, Vodafone Idea, C-DOT and others.Union telecom minister Ashwini Vaishnaw said, “Telecom is the gateway, the foundation of Digital India. It is the mode to bring digital services to every person.”Reliance Industries chairman Mukesh Ambani promised to deliver 5G to every town, every taluka by December 2023. He said, “I can say we are ready to take leadership and Indian Mobile Congress should now become Asian Mobile Congress & Global Mobile Congress. India may have started a little late, but will finish first.”

Continue Reading

Trending