On the team’s very first video conference, we were bombed.
Hackers were able to break in and scribble red ink all over the presenter’s PowerPoint slides. Nothing obscene or objectionable was written, but the interruption was disquieting, to say the least. The presenter called to his tech for help – “Can you see that Dave? Can you get rid of it?” – but only the passage of time seemed to help.
As it happens, ideas for the long-distance transmission of audio and video signals have been helped by the passage of time, too: One of the first audio/video transmissions was 1927. A commercially available video conference system was released in 1964.
Yet even with the age of the idea and plenty of time for implementation, some videoconferencing systems may have come to the market too quickly. For their own good, if not ours.
The California-based communications technology company known simply as Zoom is surely not the only case in point that can illustrate the tension – some might say outright conflict – among market influences such as innovation, speed to market, scalability, and data security.
A recent industry survey of tech operations managers and developers came up with a troubling finding: seventy per cent said they “sacrifice data security for faster innovation.” Seventy!
Even more sobering: 99 per cent said vulnerabilities that can be exploited are “ones already known by security and IT professionals.”
“A number of recent breaches indicate system misconfiguration and unpatched, known vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases,” described Alex Peay, SVP of product and marketing at SaltStack where the survey results were tabulated and published in a downloadable pdf. “There are simply not enough skilled humans to secure digital infrastructure at scale without … improved collaboration among teams.”
And, as Jeffrey Vagle, an assistant professor of law at the Georgia State University College of Law, underscores in a piece he wrote for the security blog Just Security, businesses all too often zoom in on growth rather than security.
The demanding process of getting a new product to a large audience often means seemingly non-essential steps are disregarded, such as proper safety audits. Companies can externalize security costs and shield themselves from the fallout associated with poor data security practices, he says, and we are left holding the bill.
(In one of the surest signs a company is becoming exponentially more popular, Zoom and its many users are being targetted with specific new malware attacks. The security company Check Point Software Technologies warned in a blog post that hackers are faking various video platforms to target users these days.)
For its part, Zoom is taking action to address growing pains associated with its service (concerns about data privacy and security were so great that some individuals, organizations and even governments had banned its use in their operations; some have now changed that tune as a result of changes at the company).
“We recognize that we have fallen short of the community’s — and our own — privacy and security expectations,” wrote company CEO Eric S. Yuan in an explanatory, even apologetic blog post. “For that, I am deeply sorry, and I want to share what we are doing about it.”
Befor Zoom, he’d long been working with video conferencing tools and technologies at companies like Cisco and its acquisition WebEx. Eventually, he used his engineering expertise and corporate experience to launch Zoom in 2011.
In 2019, Zoom held its IPO and within a year or so, it was a $35 billion dollar company with 30,000 corporate clients worldwide and untold numbers of personal or public users.
It all happened very fast, and Yuan explained with slight exaggeration in his blog that the company “did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.”
No, it was not designed for every person in the world. But it was designed to provide solid, secure, dependable video conferencing services. And it was supposed to be encrypted. Yet early investigations into the product’s safety and security measures, including one by online researchers at Canada’s Citizen Lab, indicated otherwise.
So Zoom has now acquired an encryption company with the needed expertise, called Keybase. Although Zoom is nearly ten years old, the company said in its acquisition announcement that “[t]he first step is getting the right team together.”
The speed with which users embraced the Zoom cloud-based services also strained its technical infrastructure, or at least strained relationships among providers of that infrastructure: Amazon Web Services (AWS) is refuting a claim by Oracle that Zoom runs on Oracle Cloud, not the AWS cloud.
Yuan has acknowledged that the volume of traffic caused problems: “During this pandemic crisis, every day is a new record. Our own [existing data centres] really cannot handle this traffic.”
In other steps apparently taken to ease people’s concerns about the product’s data privacy and security, Zoom has hired former U.S. national security adviser H.R. McMaster to serve on its board. McMaster, a retired Army lieutenant general, served in the Trump administration until he was fired after a little more than a year on the job.
The company has also hired Washington, D.C.-based consulting firm The Cohen Group; another high-ranking former Trump administration official, former Defense Secretary Jim Mattis, serves as a senior counsellor at the company, founded by former U.S. Secretary of Defense William Cohen.
Such acquisitions and connections may well help the company’s push to deliver a more secure service, and they may ease people’s concerns about using it. Steps taken as part of a fix are understandable and welcome. Steps taken simply to secure the shield, as Vagle might put it, not so much.
So I have another Zoom conference to do today, and so do tens of thousands of other users. The service is definitely meeting a need as individuals and businesses around the world try to stay tech-connected while physically distancing.
But video conferencing has become so ubiquitous that, among many others offering advice, the Office of the Privacy Commissioner (OPC) of Canada has published a list of recommended tips to do so more safely, regardless of the platform being used.
Interestingly, the tip at the top of the chart: follow the news about your videoconferencing service of choice.
# # #
You’ve been zoomed.
And in a future posting, you’ll have the chance to read about other tips for safe video conferencing, more tools for video conferencing, and why more people say that videoconferencing is physically, emotionally, and socially draining.
# # #
WhatsYourTech.ca has more COVID-19 related technology articles you can read; please visit our dedicated articles listing page.
-30-