Home Tech Zoom: Data protection officers warn of video chat software

Zoom: Data protection officers warn of video chat software

by drbyos

Düsseldorf, Berlin From one day to the next, entire companies have shifted their business to their home office: the corona pandemic forces radical rethinking. Many companies use video conferencing to communicate between the M. Dozens of providers vie for the favor of the companies.

The video conference provider Zoom is particularly popular. The US company gained more active users in the first two months of 2020 than in 2019 as a whole, writes Zane Chrane, an analyst with the wealth manager Bernstein, in an analysis. Since the beginning of the year, the company’s valuation on the stock exchange has skyrocketed by more than 70 percent.

However, how the US company handles user data is worth discussing. The software thus offers a function with which conference leaders can monitor the attention of the participants. In addition, a “not inconsiderable data outflow” takes place while using the app, as the Hamburg data protectionist Johannes Caspar criticizes. “From a data protection perspective, this tool should be viewed critically,” the lawyer told Handelsblatt.

Zoom provides detailed information about the use of data. The data protection guideline on the website is 30,000 characters long, in addition there are additional documents that are intended to document compliance with the General Data Protection Regulation (GDPR), for example. The company also explains what information it uses and why. In addition to providing the service, competitions and marketing activities are also mentioned as reasons.

However, it grants itself far-reaching rights: it may store data for the identification of users as well as information on the end devices used, networks and Internet connections, the use of the service and location data. However, much of the information remains vague. “We can also collect personal data from external partner companies,” it says.

Protector Caspar is particularly critical of this data transfer: “Zoom not only collects personal data of the participant of this type directly from the user, but also from third parties.” For this, Zoom uses external service providers such as Google Adds and Google Analytics.

Secret transmission on Facebook

An analysis by IT security expert Mike Kuketz shows that Zoom forwards user data to various service providers, not only when visiting the website, but also after registering with its own profile. “Everything that is not on the trees in three is collected here,” the computer scientist, who also works for the data officer of the State of Baden-Württemberg, writes in a blog entry. “Against this background, the use of zoom is only strongly discouraged.”

Zoom is also accused of transmitting data about its users to Facebook without consent. When using the app AppleDevices, information was forwarded to the Internet company in the background, reports the online magazine Motherboard. The transmitted data includes the device model, the time zone, the city and the network operator. In addition, an advertising ID can be transmitted, with which advertising companies can assign the user individually.

According to the lawyer Carsten Ulbricht from the law firm Menold Bezler in Stuttgart, such a transfer is clearly inadmissible, “if the users concerned have not given their active consent”. The privacy policy provides little information about this. A “certain uncertainty” cannot be ruled out from a legal perspective, explains the lawyer, who specializes in IT law and data protection.

Data protection officer Caspar is also critical that the program offers “attention monitoring”. “This function enables callers to receive a notification as soon as the participants leave the focus of the chat window for a certain time,” said the lawyer. Such a function exerts “enormous pressure” on participants in the conversation not to leave them under any circumstances.

Ulbricht, the lawyer, sees companies as obliged to comply with at least the most important data protection regulations when using Zoom and other conference services – even in emergency situations. For this purpose, the lawyer recommends paying attention to transparent data protection information and the conclusion of an order processing contract with the provider.

IT staff are also obliged: “To ensure the privacy of your own employees and customers, the administrator must ensure that the settings are selected in such a way that only the user data that is required to carry out the video conference is saved.” Controversial surveillance Attention can be switched on and off with Zoom, for example.

Caspar recalled that Zoom had been criticized several times in the past from the perspective of IT security and data protection. In 2019, millions of webcams could have been viewed by MacOS users because the company’s MacOS application installed an undocumented web server on the devices and did not remove it when the service was uninstalled.

When asked by the Handelsblatt, a Zoom spokesman did not comment on Caspar’s criticism, but said that Zoom had changed the practice of sharing data with Facebook. In an updated version of the application on Apple devices, the data would no longer be transmitted. “We remain committed to protecting the privacy of our users,” said Zoom.

Alternatives to Zoom

The digital courage association, which specializes in data protection, recommended the open source application Jitsi as a safe alternative to commercial providers such as Zoom. In contrast to the US company, the Jitsi service can be installed on its own server. All data about a video conference therefore remains with the company or organization.

The term Jitsi comes from Bulgarian and means “wires” or “lines”. The software establishes an encrypted video and audio connection. Neither the moderator nor the participants need an account of the service.

The software solution Jitsi has already made several changes of ownership. Australian IT company Atlassian bought Jitsi from BlueJimp in 2015. In 2018, Jitsi was then resold to the US provider 8 × 8, which specializes in digital telecommunications. 8×8 offers cloud telephony for small and medium-sized companies. Jitsi continues to develop the company and offers the service free of charge.

A number of universities and educational institutions in Germany use Jitsi. These include the Leibniz computing center of the Bavarian Academy of Sciences and numerous universities in Germany. Some of the universities also make Jitsi available on their servers for students and external users, so that the software can be used free of charge.

More: The home office works with these four open source tools.

.

You may also like

Leave a Comment