Last year, the “Big Brother Award”, a negative price for surveillance by the civil rights organization Digitalcourage in Germany, was given to Zoom in the “Communication” category. Based in the USA, Zoom is subject to the cloud act, the Patriot Act and the FISA Act, which means that it must pass on all data from non-US citizens to the US secret services. Zoom is therefore not legal in Europe.
An online video conference platform established in 2011, Zoom enjoyed rapid increase of popularity during the pandemic years. Meanwhile, it has been found with severe security gaps like the undesirable penetration of internet trolls into video conference talks, as well as data protection injuries such as the sale of Zoom account details via the Dark Web. According to Digitalcourage, Zoom evaluates personal data on identification such as name, email address and telephone number, information about its users’ activity, as well as the end device and internet connection used, e.g., operating system and IP address.
As early as in April 2020, the Irish Data Protection Commission announced that data protection authorities in Europe were concerned with the security of this US video conference platform. The EU Data Protection Officer, however, did not publish any guidelines for the potential use of Zoom within the EU institutions. Before the pandemic, however, the EU institutions in Brussels fundamentally distanced themselves from using Zoom tools for internal video conferences, preferring Cisco tools like Webex and Jabber. Yet during the pandemic where free movement was much limited, the European Commission began to use Zoom platform for “non-sensitive online workshops and webinars”, despite the fact that Zoom is not an officially approved IT solution for use by the Commission’s departments.
The problem with Zoom is that Zoom data have been pushed back and forth between themselves and Facebook, explained Marius Jost from the Corporate Training Academy. Zoom doesn’t make it clear which further data it exchanges with Facebook. Such information should belong to data protection declaration of a company, which is missing at Zoom.
For companies, the stored information by Zoom includes the name of the administrator and the account ID, billing data and the profile. Likewise, participant information such as name, photo, email address, the respective contacts and, if used, the calendar data are interesting for Zoom, wrote Julia P. Manzau, a free-lance writer, for “EXPERTE.de”. The settings linked to a Zoom account include audio and video preferences, the recording location of the file, screen release and the configuration status. Users’ operating systems, hard drive ID, PC name, MAC address, IP address, battery level and WLAN status are also within the Zoom radar.
To disguise the IP address, a so-called VPN in front of Zoom is necessary. This option gives Zoom an argument for using the software in accordance with the data protection requirements of the EU. But the excessive range of data upload by this software is by no means a mere game with the IP address. For the protection of the civil rights of the European citizens, Zoom remains a current security issue with urgency, which should not be ignored at the EU level.
(2024.06)
Be the first to comment on "Zoom and the EU Security"