During the COVID-19 shutdown, I asked my counselor to hold our video sessions on Signal app which offers secure end-to-end video encryption on iOS and Android devices. Signal offers me a level of privacy which comes close to being in a provider’s office. And this in turn allows me to speak comfortably and have deeper conversations.
On the other hand, I turned down a Zoom-powered telehealth visit with my doctor and waited until I felt comfortable returning in person.
I knew Zoom had privacy issues, I did not know Zoom is deeply rooted in China and that it had lied about its encryption practices.
Earlier this year I had a chance to work with longtime friend and colleague Allen Gunn (Gunner), Executive Director of Aspiration, on a couple of different projects. I mentioned to Gunner that I planned to blog about my concerns about overuse of Zoom for telehealth and he encouraged me to do a deep dive on Zoom security and Signal app.
You can read the results of this effort at Aspiration’s website, Protecting the Privacy of Your Video Conversations: Understanding the differences between Zoom and Signal App.
The two most striking findings about Zoom by University of Toronto’s Citizen Lab researchers were first that Zoom’s largely developed in and controlled by China, an authoritarian dictatorship.
Citizen Lab found that, “Zoom software is developed by 700 employees in three Chinese subsidiaries and that Zoom’s encryption keys for meeting participants are sometimes distributed by servers in China” (meaning that China can listen in) and “the mainline Zoom app appears to be developed by three companies in China, which all have the name 软视软件 (‘Ruanshi Software’). Two of the three companies are owned by Zoom, whereas one is owned by an entity called 美国云视频软件技术有限公司 (‘American Cloud Video Software Technology Co., Ltd.’)”
China likely has had access to the Zoom conversations it wanted to. And, that is chilling from a privacy and security perspective.
Second, Zoom lied to users about it’s supposed end-to-end encryption.
The term end-to-end encryption means that only the parties involved in a conversation (e.g. texting, email, audio or video) have the means to access the content of the conversation. Signal provides this service but Zoom does not. All other forms of encryption leave doors open to a third party and additional avenues of compromised privacy.
Zoom conversations are not well protected. Your telehealth conversations are not appropriately secure and the term “HIPPA compliant” does not guarantee privacy.
For all Trump’s talk about TikTok, which is a security risk to Americans, he’s ignored the threats of us conferencing regularly on Zoom.
Learn more about all of this in my report, Protecting the Privacy of Your Video Conversations: Understanding the differences between Zoom and Signal App.