Privacy being hampered due to Zoom App
____________________________________________________________________
This Blog is written by Ayush Meena from Narsee Monjee Institute of Management Studies, Indore. Edited by Saumya Tripathi.
____________________________________________________________________
INTRODUCTION
Zoom Video communication application is an US-based company, headquartered in California, founded by current CEO and former Cisco Webex engineer- Eric Yuan in the year 2011, and launched its software in 2013. This application enables video conference and online chat facilities through a cloud-based peer-to-peer software platform and is used for teleconferencing, telecommuting, distance education, and social relations.
Zoom app have various features including one-on-one meetings, Group video conference and screen sharing, as well as it’s easy to download in both PC and mobile devices, and user can conveniently sign in through Facebook or Google.
After continuous growth of the app it became a “unicorn” (startup company valued at over $1 billion) company in 2017. But company witnesses an exponential growth in its users due to quarantine measures adopted for COVID-19 pandemic, mainly used by peoples working from home as for teaching and meeting. The app even surpassed WhatsApp and TikTok in number of downloads on Google play store for time being.
In the month of March, there was a 535% rise in daily traffic to the zoom. As the app grows, it faced public scrutiny and criticism related to security and its private issues mainly data sharing policies all over globe. Security researchers have called Zoom “a privacy disaster” and “fundamentally corrupt”, Analyst also stated security issues with Zoom’s waiting room feature and warns users to not use Zoom waiting rooms in order to achieve confidentiality as allegations of the company mishandling user data.
Research team from Citizen Lab at university of Toronto stated that zoom calls are being routed, through servers in China. According to the researchers, more than 700 employees are paid to develop zoom’s employees are paid to develop zoom’s software and they own three companies in china.
Yuan has apologized for the “Zoom bombing” or security and privacy issues which are being reported in his app globally. The zoom CEO also said, the company would be dedicated for fixing issues proactively to “maintain your trust” over the next 90 days.
Several countries have expressed concern about the security issues of the app, countries such as Germany, Singapore and Taiwan have already banned the application. Before this FBI have warned Americans to be cautious while using this App as it has security loopholes. After gaining popularity in India the app has also come under the radar of the government of India because of its surrounding controversy. The ministry of home affairs has given warning on the “usage”, it has said the use of platform is “not safe”.
SC SEEKS CENTRE’S REPLY ON PLEA FOR BAN ON ZOOM APP OVER PRIVACY CONCERN
The Supreme Court seeks response from centre on plea for ban on the use of video communication app ‘Zoom’ for official as well as personal purpose until on “appropriate” legislation put in place, after PIL filed against Zoom.
The plea was filed by Delhi resident- Harsh Chugh, claiming that the app violates the provisions of the Information Technology act 2000 and Information Technology Rules 2009 as effect software application was not safe, also use of zoom app is “making the users vulnerable and prone to cyber threats” and the main issue was regarding privacy. Plea alleged that “the app is exploiting and misusing the personal information and privacy of millions of users”. It has also alleged that the app is storing personal data and cloud recording of its user which is known as “data hoarding and cyber hoarding”. High chances of increase in cases of cyber threads and cybercrimes. The app has also been alleged of leaking information to third party. The app is falsely claiming calls as end-to-end encrypted.
The petitioner also said it is an easy task to hack in system if a secure system is not used since cyberspace risk is increasing due to global connectivity and it makes easier to hack and access into sensitive data of users. It was submitted that the zoom founder and CEO, Eric S Yuan had accepted the fact that his company was not prepared for the new and inexperienced employees.
The plea stated that the software application was a thread to individual privacy and cited that the CEO of app had already “apologised publicly and accepted the app to be faulty in terms of providing a secure environment digitally which is against the norms of cyber security”. The petitioner contents the application is prone to hacking and cyber breaches.
The bench was headed by CJI SA Bobde comprising of Justice AS Bopanna and Justice Hrishikesh Ray, the matter came up for hearing through video-conferencing before the bench. Justice Bobde issued notice to the union government on the plea which has raised privacy concern and asked centre to respond to the plea seeking ban on video conferencing app ‘Zoom’, claiming that continued use of zoom is “making the users vulnerable and prone to cyber threads”. Bench also said Centre should study into security and privacy risks of using zoom and asked centre to reply within 4 weeks (on 22nd may) on the plea.
IMPACT
Zoom has exponentially increased in popularity due to ongoing coronavirus pandemic as people turn to video calling software mainly used for school lessons and virtual meeting because of lockdown. The app has gone on to top of iOS and android app stores.
Since zoom is gaining lot of attention it also drew attention due to its policies and malfunction leading to huge privacy and security backlash as security experts, privacy advocates and lawmakers warn that App isn’t secure enough. Zoom own success became problem for it. The Nodal cyber security agency which is CERT-in has also warned zoom users of cyber risks.
Now the company have to deal with its security and privacy issues which are being scrabbled. Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices. Eric S. Yuan also stated that he didn’t predicted zoom unusual success that, now it is being use by newcomers of technology instead of big corporate which he regret not recognizing the possibility.
As this all comes to picture zoom CEO have apologize over Facebook privacy issues. Yuan said- “We sincerely apologize for the concern this has caused, and remain firmly committed to the protection of own user’s privacy”. Ultimately it looks like the app wasn’t ready for sudden increase in number of users and the video conferencing app hasn’t planned anything for situation like this as 40-minute meeting can be done without requirement of account and is reliable. So, due to sudden coronavirus pandemic zoom became a very useful tool for people and brought in spotlight.
ABOUT ONGOING CASE IN SUPREME COURT
A PIL has been filed in the supreme court raising security and privacy concerns in relation to video call app, Zoom, the petition stated that Ministry of Home Affairs has given suggestive steps but it would be better to ban the application for both official as well as personal purpose until a legislation is passed as it could be unsafe for children too. As the app is being widely used to provide online classes to children, the data can be misused for exploitation and their videos can be used for illegal and pornographic purposes.
The PIL has been filed by one Harsh Chugh, drawn by Advocates Nimish Chib and Divye Chugh, and filed by Advocate Wajeeh Shafiq. Petitioner side lawyer Wajeeh Shafiq, alleged that continued usage of this app might put the national security at stake. Supreme Court Advocates has written a letter to the Supreme Court Chief Justice regarding infringement of fundamental right of privacy by of the citizens on account of permitting use of video conferencing application named “Zoom”. The app violates right to privacy under Article 21[1] of the Constitution, the petitioner contends further. In this regard it is submitted that data collection, storage and access without letting the user know is “nothing but infringing their fundamental right of privacy”. K. S. Puttaswamy v. Union of India[2] is quoted to emphasise on the fact that the fundamental right to privacy is sacrosanct right guaranteed under Article 21 of the Constitution of India as declared by the nine Judges Constitution bench of Hon’ble Supreme Court.
According to many news articles Zoom App has caused many security and privacy breaches. The security issue are very vital for whole India, the petitioners added due to lockdown, representation to this effect could not be made which is urgent in nature, describing about how the zoom application gained popularity, due to restrictions on physical movements, virtual means are being used for communicating in work, attending meeting, taking online classes and other works which involves visual facilities.
The petition also goes on to say that after usage of zoom for these purposes, it was found the app has bug which led in leaking of personal data and it was found that this app is not secured with end-to-end encryption but it falsely advertised as it is. PIL also contended that – “while many companies are prioritizing people over profits to fight COVID-19, Zoom is prioritizing profits over people. Zoom was capitalizing off of the global pandemic by selling user information to Facebook without user consent”.
Therefore, the petitioner wants government to have proper technical study into security threats and ban its use until an ‘Appropriate’ legislation takes place. Supreme Court wanted a response from central government on the use of zoom video conferencing software, citing privacy and security concerns. Justice SA Bobde headed bench stated it need “issue notice returnable in four weeks” which would be around middle of June.
STATUTORY PROVISIONS
Article 21 of the Constitution of India provides that “No person shall be deprived of his life or personal liberty except according to procedure established by law”
Section 72 (Penalty for Breach of confidentiality and privacy) of Information Technology Act: “Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.”
ANALYSIS
Currently whole world is going through a tough time which wasn’t expected by anyone. This virus suddenly stopped whole world in blink of an eye. Due to this virus more and more countries are getting lockdown leading into stoppage of work around the world since people cannot go out of home, but in meantime we got introduced to virtual video conferencing App such as Zoom which is gaining exponential growth throughout the world by all classes as it was being used by savvy businessman before leading to more exposure of the app.
Along with gaining popularity it also came up in the radar of many Journalist and security researchers as public found default in the security system of the app and realising the app can led to infringement of privacy and personal data, but its CEO Yuan have apologized and promised to address concern and admitted “working around the clock” for privacy and security expectations.
However, one of biggest worries about the app is lack of end-to-end encryption of meeting and “Zoom bombing”, where strangers join calls by generated ID number between 9 and 11 digits which are easy to guess which led to uninvited guests and broadcast porn or shock videos. In order to avoid this zoom management is working upon this and they have assured they will find a solution which would make the application more reliable.
CONCLUSION
After global pandemic has formed video conferencing application ‘Zoom’ have got really benefitted and of all tech companies zoom stand at the top. The company’s multi-platform video conferencing software was well known before even with all the decent alternatives such as Cisco Webex, GoToMeeting, Microsoft Team and Skype.
According to data zoom participant increased from 10 million on 1st April 2020 to 200 million between December 2019 and March 2020. But it also caused lot of problems too, as series of bad programming security, marketing and privacy the company has taken which clearly shown the app was sloppy. It also made many poor privacy decisions over which we conduct private, confidential, or secret conversations.
Zoom has publicly acknowledged and addressed problems quicker due to coronavirus boom. As now company has publicly committed to improving them.
REFERENCE
https://en.wikipedia.org/wiki/Zoom_Video_Communications
https://duexpress.in/zoom-app-ban-petition-sc-seeks-centres-response/
[1] Article 21 of the Constitution of India, 1950 provides that, “No person shall be deprived of his life or personal liberty except according to procedure established by law.”
[2] Writ Petition (Civil) No. 494 of 2012.