At risk, in the quarantine

April 12, 2020

Zoombombing reveals more than design flaws in an app. It highlights the fundamental tension between privately-owned technology and the welfare of end users

Courtesy: techcrunch.com

Social distancing and self-isolation practices have disrupted our economic, political and social lives in an unprecedented manner. Many of us have increased our reliance on technology to fill the void, to substitute for social contact. This need for human connection has manifested in the sharp increase in the use of video-based applications.

While these applications have become an enabler for activities that would have been impossible otherwise, the dependence has engendered new risks in the ways that we communicate. Just as Zoom was becoming synonymous with communicating under self-isolation, giving way to online classes, remote working, family reunions and a litany of memes, details regarding the digital vulnerabilities in the Zoom application started to emerge. The word ‘zoombombing’ is a nascent entry in our vocabulary, much like ‘coronavirus’ and ‘social distancing’. It reflects the intersection of technology and society in times of crisis and uncertainty.

Zoom’s inadequate default settings have led to bad actors exploiting the loopholes to launch Zoombombing attacks, most prominently to disrupt Zoom classroom sessions and meetings in malicious ways, such as shouting offensive slurs or displaying sexually explicit imagery. Some attacks have been conducted by organised troll groups, exploiting settings that enable strangers to enter both public and private meetings. This can have potential national security implications too as even high-level government meetings are being conducted through Zoom.

‘Private’ Zoom meetings are susceptible to attacks not just in explicit ways like Zoombombing, but also through data collection and surveillance by private tech companies. When talking about the centrality of technology during social distancing caused by Covid-19, we often speak of technology as a thing in and of itself. Framing the applications and devices we use in purely technological terms obscures the social and economic relations that underpin these technological artifacts. We tend to forget that Zoom is a private enterprise; that it doesn’t provide a public service, rather a service in the pursuit of profit. It is a tech platform profiting from the increased traffic as our lives increasingly play out on screen.

As use of Zoom skyrocketed, greater scrutiny of the company’s practices revealed egregious lapses in security protocols, and violations of user privacy. According to a report by Citizen Lab, Zoom was misleading in its marketing claims that its video meetings were end-to-end (E2E) encrypted – meaning that the communication can only be decrypted by the users on either end of the chat and not by the company hosting the communications. Zoom has since stated that it cannot guarantee E2E encryption for its primary video conferencing product.

Additionally, significant concerns were raised regarding the location of Zoom’s servers in China: To avoid paying US-market competitive wages, its software teams are housed by three Zoom-owned companies in China. While Silicon Valley is replete with privacy violations and government-private cooperation, situating companies in China raises another set of red flags given the Chinese government’s history of pressuring companies to share data and enable its vast surveillance system. Furthermore, Zoom does not publish transparency reports on data-sharing with governments, which has become an industry-wide standard over the last few years.

Further, it has also come to light that user data was being shared with Facebook by connecting user devices to Facebook’s Graph API. While not uncommon, the data-sharing arrangement was not disclosed in Zoom’s privacy policies, thus denying due notice to users. Until last week, Zoom also allowed for peer surveillance of users within the application whereby the meeting ‘host’ could enable the ‘attendee attention tracking’ feature and monitor if a meeting participant was inactive on the Zoom window for more than 30 seconds.

Since these revelations, Zoom has publicly acknowledged flaws in its application and introduced a patchwork of solutions to enhance privacy and now provides more choices to increase privacy. However, these problems might have occurred by design. The Citizen Lab report states that the very features that made Zoom so attractive to users around the world, such as speed and reduced friction during meetings, reduce privacy and security. The particular experience of Zoom illustrates the fundamental tension between privately-owned technology and the welfare of end-users.

Increased reliance on technology means more reliance on private companies to mediate every aspect of our lives. Barring the inequality in access to ICTs in a country like ours, where no personal data protection law exists and lack of digital literacy means that users rarely alter default settings on apps, inviting these companies into our lives has implications for economic power relations. Private companies can take more liberties with personal data, with fewer incentives to introduce security functions in the absence of any legal obligation to do so.

As argued by Shoshana Zuboff in her book The Age of Surveillance Capitalism, details about our lives - no matter how mundane, like how many steps we took on our way to work or the number of times we order food per week - have become sites of economic extraction.

In light of the revelations about Zoom, some users are likely to move to alternative platforms. However the fundamental issues will remain. Open-source, community-owned platforms offer users more control over their data and security, however these applications are unlikely to compete with the efficiency and reliability that privately-owned ones can provide. Calls for transparency and stricter data protection regulation can also seem cosmetic, skirting around the larger issue of profit models of big tech companies. Many public intellectuals have postulated that the coronavirus pandemic is an opportunity to expand welfare schemes and programmes for more equal distribution of wealth into systems that can be sustained post-pandemic. Perhaps, the greater scrutiny of the technologies we are turning to in times of crisis can snowball into fundamental shifts in how technology is developed, owned and used.


The writer is a programme manager at Digital Rights Foundation

Zoombombing highlights fundamental tension between privately-owned technology and welfare of end users