Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Zoom Claims That Free Users Are Not Getting End-To-End Encryption Because Law Enforcement Needs Access to Their Communications

Wednesday, June 17, 2020

Categories: ASCF News Cyber Security

Comments: 0

Zoom is finally taking a major step to address ongoing data security and privacy criticism by adding an end-to-end encryption feature, but it will only be available as a premium paid feature. While that by itself would be a contentious move, CEO Eric Yuan has fanned the flames by stating that the decision was made so that the FBI and local law enforcement departments can have access to the communications of platform users.

Zoom’s new end-to-end encryption is pay-to-play

There is currently no timeline for when the new end-to-end encryption feature will be rolled out, but Zoom has confirmed that it will only be available to those paying for its upgraded Business or Enterprise services. Business customers are charged $20 per host and are required to purchase a monthly minimum of at least 10; Enterprise clients must purchase at least 100. The company did not make a statement on whether the paid Pro accounts (which run $15 per host per month) will or will not be able to use end-to-end encryption on their own.

Withholding a fundamental data protection feature until the user pays up is ethically questionable on its own. But Yuan, saying the quiet part out loud during an earnings call, admitted openly that the move was meant to be a compromise to appease law enforcement. Yuan claimed that Zoom is rife with people using it for “bad purposes” and wants to give law enforcement a clear path to them. Yuan did say that there may be some exceptions for nonprofit organizations or dissident groups, but did not commit to any specifics as to exactly who would qualify for free end-to-end encryption.

Not many details about the end-to-end encryption feature are available, but the company has stated that it will not have backdoors and that Zoom will not monitor the content of meetings. The company claims that it only volunteers information to law enforcement in the case of serious crimes such as child sex abuse.

The end-to-end encryption feature is being developed by Keybase, which Zoom purchased in early May.

Does Zoom have a crime problem?

There is an elevated risk of child grooming and sex trafficking during an extended pandemic lockdown period that has kids spending more time online and taking remote classes; there are no specific crime statistics to reference since the platform exploded in popularity several months ago, but federal prosecutor Austin Berry called Zoom the “Netflix of child pornography” during a trial in Pennsylvania in late 2019. He indicated that predators are attracted to it because live streams do not leave a stored record and are harder to trace, a view supported by lead Zoom security consultant Alex Stamos.

If the Pro subscription tier is not eligible for end-to-end encryption, Zoom users would need to be part of an organization with a subscription to use it. However, that would also mean that the majority of the platform’s user base would be operating without a fundamental security feature.

Some sources have claimed that the streaming of child pornography on platforms such as Zoom is more common than people realize, and that the law is such that an employee of the company needs to be able to monitor these streams in real time and testify to their content in order for charges to be brought against the perpetrators. The people that participate nearly always use free throwaway accounts (which require nothing more than an email address) to hide their identities, and would be very unlikely to abuse an end-to-end encryption feature if they were forced to tie a digital form of payment to it that could be used to track them down.

Encryption for free users

After widespread criticism for using an outdated and weak encryption standard, Zoom updated to AES 256-bit GCM and is no longer routing any traffic from outside of China through servers in that country. The company also added a number of requested security features with its 5.0 update in mid-April, and is in the middle of an ongoing 90-day feature freeze in which it is addressing nothing but privacy and security issues.

“Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse,” the company said in a statement. “We do not have backdoors where participants can enter meetings without being visible to others.”

While this gives free users a good deal of protection from malevolent third parties, it does not actually prevent Zoom from monitoring meetings. End-to-end encryption puts the decryption key on the user’s device, requiring physical access to the machine to use it.

Zoom’s prospects during civil unrest

It remains to be seen what effect, if any, the current political climate will have on Zoom’s decisions and fortunes. What initially appeared to be an American phenomenon has turned into demonstrations throughout the world. Zoom’s user base has been rising in Hong Kong since the protests there began last year, driven by businesses and schools shifting meetings online due to unpredictable outbreaks of violence. Those organizing protests and related efforts are also likely to have interest in the platform since it has already been widely adopted, but are also likely to either push back or opt for another video conferencing platform if end-to-end encryption is not available to them.

Photo and Link: https://www.cpomagazine.com/data-privacy/zoom-claims-that-free-users-are-not-getting-end-to-end-encryption-because-law-enforcement-needs-access-to-their-communications/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search