|Photo by ThisIsEngineering from Pexels|
"Things you just would like to have in a chat and video application — strong encryption, strong privacy controls, strong security — just seem to be completely missing," said Patrick Wardle, a security researcher who previously worked at the National Security Agency.The article also tells of several unfortunate examples of zoombombing including a doctoral thesis defence that got hijacked and a meeting of a branch of Alcoholics Anonymous, prompting even a warning from the FBI. Zoom has been working hard at calming fears and they are now prioritising security issues while putting new feature development on hold (see the Zoom message to users from 1 April). It was also revealed that the company have been sharing user data with Facebook and LinkedIn (see Mashable), something that they admitted and claimed was a mistake. Furthermore, a bug was found that enabled hackers to access users' accounts (see Mashable). I can imagine that many of Zoom's staff have had little sleep during the past week.
I have been trying to adjust my Zoom settings and giving participants much less control than before. Many articles recommend using passwords for all meetings but I haven't gone that far yet. Since I'm often involved in webinars and open sessions in Zoom we usually want to reach a wide audience. I love the idea of people from different places, professions and areas of expertise getting together to discuss and exchange ideas and up till now that has been possible using different e-meeting platforms. Adding passwords and so on adds barriers to spontaneous participation and it is sad to lose that opportunity because of the destructive behaviour of a minority of idiots.
I'm sure Zoom will address all these issues and are promising regular updates on progress, but the central issue here is one of trust. The education sector works with children and young people whose privacy and integrity we have a duty to safeguard. We are also dependent on commercial platforms and tools that we assume also respect this duty and with whom there are special agreements adapted for the education sector. But if we find that there are loopholes in these agreements that trust is broken and we have to face the question of who we should trust in the future. I can almost understand that if you use a service that is labelled as free there will be a price in terms of how my data is used, but if you are paying a lot of money for a tailored educational solution then there should be very strict controls on encryption, data protection and so on. If these companies want to be in the education sector they have to be able to guarantee security and integrity. The alternative is for the education sector to run its own platforms in its own infrastructure and be in control of its own security. Not a very likely scenario given the costs but in today's world who knows what lies ahead.
Update: A good and balanced overview of the situation is an article, Zoom isn't malware, by three security experts.