Security and privacy in video conferencing software
Zoom has come under heavy criticism for its performance on security and privacy, with more than a dozen serious issues being exposed since March 2020.
Among these was the phenomenon known as ‘zoombombing’, whereby uninvited users gatecrash the meetings of strangers, in some cases shouting racist insults and other abuse.
In June 2020, Zoom admitted to suspending the accounts of human rights activists on the basis of complaints made by the Chinese government, which drew condemnation from human rights groups who accused it of being complicit in censorship. Zoom defended its actions, stating it was only complying with local law.
The company pledged to fix the issues. Updates were released that resolve some of them, although new problems keep on surfacing.
However, the reason that Zoom has attracted so much negative press is at least in part just due to its unprecedented success. It is not alone: recent research by Consumer Reports highlighted a number of ambiguities in the privacy policies for Microsoft’s Skype and Teams, Google’s Duo and Meet, and Cisco’s Webex: the report stated:
“All three companies can collect data while you're in a video conference, combine it with information from data brokers and other sources to build consumer profiles and, potentially, tap into the videos for purposes like training facial recognition systems.”
Among the criticisms levelled at Zoom, perhaps the most damaging was the misleading of customers over its encryption. Zoom had claimed to use ‘end-to-end’ encryption – signifying that only end-users (i.e. the people on the call) would have access to the content of meetings – but were forced to admit that, in reality, its own servers were able to access this content.
Zoom has since announced that it will roll out true end-to-end encryption to paying users. However, it will not be available to free users, which the company has said is to allow law enforcement agencies such as the FBI the possibility of accessing calls on free accounts.
End-to-end encryption is offered on the following platforms (in some cases this is switched on by default; in others, it will need to be set by the user): Jitsi, Kopano Meet, Whereby, BlueJeans, Lifesize, CyberLink U, Cisco Webex, Skype, MS Teams, Hangouts, Duo, WhatsApp, and Facebook Messenger.
Surveillance systems using facial recognition technology are growing in usage around the world, both for private security and state law enforcement.
According to UK campaigners Big Brother Watch, “Police and private companies in the UK have been quietly rolling out facial recognition surveillance cameras taking ‘faceprints’ of millions of people”.
In China, a vast network of facial recognition-enabled cameras are used for mass surveillance over the entire population and have been part of an oppressive crackdown on ethnic Uyghurs, a Muslim minority, in the Xinjiang region.
The accuracy of the technology is another human rights concern, with increased rates of misidentification among particular ethnic groups being a widely reported issue.
Companies involved in facial recognition
In 2019, Microsoft was accused of enabling an Israeli government surveillance program in the West Bank through its investment in facial recognition company AnyVision. In response Microsoft cited an independent report that concluded AnyVision’s technology did not power such a program, but nevertheless announced that it would divest from AnyVision and end all investments into third-party facial recognition.
Microsoft still develops facial recognition of its own but has stated it will never sell the technology for surveillance.
Amazon announced, in June 2020, it would pause the supply of racially biased facial recognition to US police forces, as we have reported in our feature.
Facebook and Google have also run into controversies. Facebook recently paid a $550 million settlement after its facial recognition tool was found to be in violation of the privacy laws of the US state of Illinois. Google was criticised for using deceptive methods to collect data from members of the public to improve its own facial recognition, by enticing people to submit to face scans using $5 gift cards.
Cisco uses facial recognition in its Webex video conferencing software “to create name labels in a meeting”. The company asserts that the feature has to be switched on by the user, and that users have ‘complete control’ over facial recognition data.
Other companies in the guide which develop facial recognition include Apple, whose Face ID feature allows users to unlock their iPhones via a face scan, and CyberLink, which calls itself “a world leader in facial recognition and face-attribute technologies”.
Ethical Consumer considers facial recognition technology to be insufficiently regulated, and to pose a severe threat to human rights which far outweigh any potential consumer benefits. Companies found to be involved in the development of facial recognition therefore lost half a mark under Ethical Consumer’s Human Rights category.