Video Conferencing Technology
Balancing security and ease-of-use is no small task for video conferencing companies, and not as easy or cheap to develop as consumers think.
Video conferences are happening on a handful of platforms, not hundreds, so it’s easy to narrow and isolate how these apps compare. Zoom, Microsoft Teams, Skype, Google Meet, Adobe Connect, Cisco’s WebEx, GoToMeeting, Slack for business, and tools like WhatsApp, Signal, and FaceTime are familiar, but now there’s Tauria. The first business video conferencing program with end-to-end encryption and no-knowledge encryption for business.
Since video conferencing has increased with the number of people working virtually, and cyber crime up 330% as of March of 2020, you’d think there would be more attention on balancing security, cost, and ease-of-use.
United States data privacy laws are fractured, weak, and built around loopholes; let’s be honest. Moving, sharing, and storing American consumer data around the globe on cloud-based servers is more commonplace than you’d think.
Zoom sent non-E2EE encryption and keys to servers in China. Zoom CEO Eric Yuan told the Wall Street Journal he “really messed up.”
“U.S. data and communication companies must provide stored data for a customer or subscriber on any server they own and operate when requested by a warrant, BUT provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in” (Collins. 2018).
Many consumers don’t understand the security implications of using an app, much less what the data privacy laws are. Even the smallest bit of personal information can play into a more significant threat to personal privacy or even national security, depending on where you work.
“We remain concerned that mobile applications owned or operated by foreign developers, or that store the user data of U.S. citizens overseas, could enable our adversaries to access significant quantities of potentially sensitive information on American citizens without their knowledge to the detriment of U.S. national security” — National Security Representative Stephen Lynch, 2020
Current virtual conferencing systems have varying levels of security.
The Microsoft Teams app supports 2FA security, also known as two-factor authentication. Teams offer data encryption along the “data journey” of the user’s information, but it can decrypt content if needed. The important thing here is that Microsoft retains an availability key, which means Microsoft can access all customer data.
Skype, a Microsoft company, plans to end Skype for Business on, or around, July 31, 2021. Users may access Skype without making an account, totally anonymous, but there is no E2EE (end-to-end encryption), and Microsoft retains the ability to access all user data, even data that’s in transmission.
Apple’s FaceTime provides E2EE (end-to-end encryption). However, it’s not a robust business platform with the same features as those built for business.
Facebook’s WhatsApp is in the same category as FaceTime, great for chatting and calling capabilities, but not a business cross-platform.
Comparing Signal to Zoom, Teams, or Tauria is like comparing apples to oranges though, because a dedicated video business-conferencing platform is more complex and feature-rich.
Zoom has over 300 million users worldwide, known for it’s ease-of-use. They offer a free version, but they’ve been spotlighted for security concerns.
2019 For years, Zoom informed users that they offered “end-to-end encryption” when they did not. “Zoom is using an end-to-end encrypted connection. “Zoom even lied to the SEC in 2019 in its pre-IPO filings — J.Simons
2020 They said they were building it. “Today, Zoom released an updated E2EE design on GitHub. We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe — free and paid — while maintaining the ability to prevent and fight abuse on our platform. — Zoom Blog, E. Yuan
These type of discrepancies have given competitors ammunition to question the company.
And for free users, Zoom’s CEO says, “Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” E. Yuan This comment was made after he said that free users would have E2EE.
Tauria is an independent technology company based in Waterloo, Canada, offering true E2EE (end-to-end encryption) and Zero-Knowledge security, not as an add-on or a feature, but standard across all accounts. No-knowledge encryption ensures that not even Tauria staff have access to the information shared on the platform or through the video conferencing feature.
Tauria, newer to the market, hasn’t acquired any negative press or publicly identified security failures, but if they want to inspire people to move away from Zoom they must have a robust, and competitive, user adoption plan.
Balancing Digital Literacy and Security
The adoption rate of technology is dependent on several factors, the primary being ease-of-use and the secondary being cost. This is a constant consumer balancing act.
Most often, free means you’ll receive the least secure option because security costs money to develop, monitor, and maintain. However, accessibility and ease-of-use shouldn’t be at the cost of personal privacy. So, how do we balance the need for security with the pain of learning something new?
Until we solve this problem, the only thing we can do is to stay informed. Being an informed user is always the best way to operate on any platform connected to the internet, seeking multiple sources of information on an application before judging.
“Suggesting that a competitor has security problems is one technique used to shift markets and customers. However, if these suggestions are provided without attribution, they are not a very good basis for assessing risk” — James Andrew Lewis, Senior Vice President and Director, Strategic Technologies Program
Video conferencing technologies are, by nature, at-risk during a call, and if stored data is recorded and breached. The risk is lower as you add layers of encryption and multiple identification factors. The risk of using cloud services is equal to the risk of using any cloud service. The question of security expands from the information you provide when setting up your account, how the company stores and/or shares data, to the platform’s actual use, and where the data ends up.
The complexities of understanding how web-based applications work and the confusion around what’s being done with our information, paired with powerful tech lobbying firms, and weak American data privacy laws, begs the question of who is watching out for us.
Although a seemingly insignificant sample of respondents, if scaled and paired with other trending concerns, there is a case for more education, transparency, and data safeguards as United States citizens continue to rely on video conferencing technology.