[liberationtech] Pertinent to the list's Zoom discussion | Re: recommendations on videoconference platforms

[Yosem Companys]

From:  Derry
Date:  April 5, 2020 at 7:50:19 PM EDT
To:  David
Cc:  Bob, Marci, Kitty
1) zoom does have an underlying security issue that has nothing to do with the
current press. David/Kitty addressed most of it. However, zoom does leave a
security hole as it has some open ports on the client computer when they install
the app and an attacker can go after that attack surface.
Also -very important -  you unintentionally allow zoom to run in the background
with full desktop recording capabilities. They have yet to disclose if / how
they are using any of that data.
2) teams works  only if everyone is on Office 365.
3) Bob is 100% correct. If you want a really secure meeting, use your own.
I have Nextcloud (open source) installed and it does the encryption and I can
control everything about who sees things and who can get on.
What I do not have is full bandwidth answers. The server will need to be able to
handle bandwidth to receive all streams and then broadcast out streams to each
user - could get interesting.
Thanks,Derry
-------------On Apr 5, 2020, at 6:41 PM, David wrote:
+100 to Bob's comments and concur, this was part of my implied recommendation to
evaluate the threat model. 

And a less-than-friendly entity might still target a small startup if the IP
being discussed by that vulnerable startup in the seed stage is valuable. 

One question Bob, do we have any insights into the bandwidth of Wickr if people
all start using it? Can they scale to meet demand and how much does the
encryption add to the lag?
On Sun, Apr 5, 2020 at 6:35 PM Bob wrote:
David made me think of another comment Marci. Not sure if this belongs
in your opinion piece or not, but it is something I have most strongly
advocated for with my clients who are CEOs and are wondering about
zoom for board meetings. To me it is not suitable for board meetings.
No commercial teleconference solution is in my opinion. Those deserve
extra protection. My recommended solution there is Wickr Pro. The
enterprise version of Wickr supports video and audio and adds in the
level of protection that board meetings deserve.

I wanted to mention that because the threat model matters. The PRC MSS
might not target a small business Zoom session. But they very well may
target a Fortune 1000 Board Meeting. So those meetings should be in
person or when remote participants join should be via a secure VTC,
not Skype, Microsoft Teams, Webex, RingCentral Zoom or the others.

Bob

On Sun, Apr 5, 2020 at 6:25 PM Marci wrote:
>
> Got it. Super helpful. Thank you!!
>
> On Apr 5, 2020, at 3:20 PM, David wrote:
>
> For public meetings, no concern except a very, very *small* chance an entity
could disrupt the video stream in a time of emergency so you couldn't get the
message out or selectively disrupt when a certain politician was about to speak.
>
> The geo-fencing need arose because companies (and one would assume
governments) might be concerned if you're having a Board Meeting about trade
secrets, next quarter plans, or other info you don't want others to know.
>
> To which Zoom has responded, they've implemented Geo-Fencing and "Zoom for
Government" allows governments to specify their own internal needs.
>
> On Sun, Apr 5, 2020 at 6:16 PM Marci wrote:
>>
>> Thanks, David!
>>
>> Can you say a bit more on why it would be a concern to have data on servers
in China? (For public meetings that are also displayed via YouTube, CSPAN, etc).
I understand it is not ideal but also trying to understand what the actual risk
would be.
>>
>> On Apr 5, 2020, at 2:52 PM, David wrote:
>>
>> I would echo what Kitty says. Also, where there are concerns with Zoom about
some design choices they made - the "Zoom Bombings" concerned can be resolved by
>>
>> (1) don't share the Zoom URL publicly for a meeting
>> (2) use a password to enter a meeting
>> (3) make sure only the host has the ability to share the screen
>>
>> etc. My hunch is any platform that becomes too popular will have similar
concerns, so better to address how to mitigate the issues vs.
>>
>> Congress may have been concerned that when Zoom surged to address the entire
world wanting more capacity for video calls, they added more servers around the
world and - until a fix was implemented by them - there was a *chance* that you
might initiate a Zoom call only to have it routed to cloud servers in China even
if you were not in China yourself.
>>
>> Zoom says they have now fixed it. See below, also note " no impact on our
Zoom for Government cloud, which is a separate environment available for our
government customers and any others who request the specifications of that
environment. "
>>
>> 
https://blog.zoom.us/wordpress/2020/04/03/response-to-research-from-university-
of-torontos-citizen-lab/
>>
>> We want to address research published by University of Toronto’s Citizen Lab
this morning. We’ve taken steps to address two primary topics — geo-fencing and
meeting encryption — and are sharing these steps as part of our ongoing
commitment to improve security and privacy.
>>
>> In our urgency to come to the aid of people around the world during this
unprecedented pandemic, we added server capacity and deployed it quickly —
starting in China, where the outbreak began. In that process, we failed to fully
implement our usual geo-fencing best practices. As a result, it is possible
certain meetings were allowed to connect to systems in China, where they should
not have been able to connect. We have since corrected this, and would like to
use this blog post to explain how our system typically works, where our misstep
occurred, and how we will prevent these kinds of problems in the future. We have
also been working on improving our encryption and will be working with experts
to ensure we are following best practices.
>>
>> We appreciate the questions we are getting, and continue to work actively to
address issues as we identify them. As video communications become more
mainstream, users deserve to better understand how all these services work,
including how the industry — Zoom and its peers — manages operations and
provides services in China and around the world.
>>
>> Geo-fencing
>>
>> During normal operations, Zoom clients attempt to connect to a series of
primary datacenters in or near a user’s region, and if those multiple connection
attempts fail due to network congestion or other issues, clients will reach out
to two secondary datacenters off of a list of several secondary datacenters as a
potential backup bridge to the Zoom platform. In all instances, Zoom clients are
provided with a list of datacenters appropriate to their region. This system is
critical to Zoom’s trademark reliability, particularly during times of massive
internet stress.
>>
>> Even during these periods of high traffic, Zoom’s systems are designed to
maintain geo-fencing around China for both primary and secondary datacenters —
ensuring that users outside of China do not have their meeting data routed
through Zoom’s mainland China datacenters (which consist of infrastructure in a
facility owned by Telstra, a leading Australian communications provider, as well
as Amazon Web Services).
>>
>> However, in February, Zoom rapidly added capacity to our Chinese region to
handle a massive increase in demand. In our haste, we mistakenly added our two
Chinese datacenters to a lengthy whitelist of backup bridges, potentially
enabling non-Chinese clients to — under extremely limited circumstances —
connect to them (namely when the primary non-Chinese servers were unavailable).
This configuration change was made in February.
>>
>> Importantly:
>>
>> Upon learning of the oversight yesterday, we immediately took the mainland
China datacenters off of the whitelist of secondary backup bridges for users
outside of China.
>> This situation had no impact on our Zoom for Government cloud, which is a
separate environment available for our government customers and any others who
request the specifications of that environment.
>> Zoom has layered safeguards, robust cybersecurity protection, and internal
controls in place to prevent unauthorized access to data, including by Zoom
employees — regardless of how and where the data gets routed.
>>
>> Meeting Encryption
>>
>> We recognize that we can do better with our encryption design. Due to the
unique needs of our platform, our goal is to utilize encryption best practices
to provide maximum security, while also covering the large range of use cases
that we support. We are working with outside experts and will also solicit
feedback from our community to ensure it is optimized for our platform. In
accordance with the action plan I outlined in my note to our users on 4/1, we
expect to have more to share on this front in the coming days.
>>
>> More Work Ahead
>>
>> We recognize how important it is that our systems operate in the manner that
we intend — and that is expected of us from our users, even as we all adjust to
the new demands this pandemic has brought us all. As part of the security
program we announced earlier, we are implementing additional process and
technical controls around our inter-region isolation.
>>
>> We have an immense responsibility to get things right, particularly at a time
like this. We know we have a long way to go to earn back your full trust, but we
are committed to throwing ourselves into bolstering our platform’s security with
the same intensity that we committed to ensuring that everyone would be able to
remain connected.
>>
>> On Sun, Apr 5, 2020 at 3:26 PM Kitty wrote:
>>>
>>> Hi Marci,
>>>
>>> The whole security flap strikes me as a tempest in a teapot, at least where
adult usage is concerned.  Two years ago, our network of 450 adults settled on
the lowest paid tier ($15/mo.) of Zoom after testing and long experience with
all the major platforms for these reasons:
>>>
>>> it was easier to pull old & young fuddie-duddies onto video the first time
(a major challenge as I sought to transition from hosting in-person dinners in
DC to hosting virtual conversations from CO)
>>> audio and video (SD or HD) were crystal clear
>>> there were ways to reduce required bandwidth, if necessary (1) Close other
apps that use bandwidth--everybody, (2) Switch to SD--administrator)
>>> it had enough functionality
>>> if we needed to record, we ended up with video & audio tracks and also now a
transcript generated by otter.ai
>>>
>>> Organizational accounts at higher paid tiers come with more functionality
(>100 participants, traditional webinar format & configurable rooms such as
Adobe Connect's, etc.).
>>>
>>> The problem comes when:
>>>
>>> the meeting link is distributed publicly (ours aren't) - thereby inviting
the other problems that have been highlighted,
>>> --IF--
>>> administrators don't customize the settings beforehand including requiring
passwords when necessary, etc. and organizers don't tell people what to do
(requiring actually thinking through the use cases and communicating.)
>>>
>>> In hindsight, Eric Yuan's generosity should have been accompanied by
over-communication to new adopters.
>>>
>>> My aim has been to reduce administrative control as much as possible, so
that participants are challenged to push beyond their comfort zones and are not
treated like children (as is still the case with almost all instructional design
& delivery) and presentation, conversation and knowledge transfer are
free-flowing.  Again, I'm talking adults, because with children the protections
of COPPA etc. come into play.  One of my daughters is managing a different use
case at her company, for which Microsoft Teams is working brilliantly.  This is
simply my experience.  There's enough tech at this point.  The frontier is
"ordinary" human behavior change.  My two cents.
>>>
>>> Everybody stay well,
>>>
>>> Kitty
>>>
>>> On Sun, Apr 5, 2020 at 10:40 AM Marci wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> Thank you for the input on the call chat about video conference tech.
Starting an email thread to ask for continued thoughts.
>>>>
>>>> Here is the issue:
>>>> Congress is spooked about the recent reports about Zoom privacy and
security. The issue is not substantive (most staff and members don't understand
what issues are being reported an why they are or are not important), it is
emotional (they don't like the bad press). My interest is in giving them
workable options for remote proceedings and I don't want to try to convince them
to use Zoom (which I prefer) if that is going to be a heavy lift. So, for those
of you who regularly use other platforms, I would love your input on these
options.
>>>>
>>>> The main considerations are:
>>>>
>>>> Cost: Congress is not going to procure and implement a big expensive new
system for a short-term solution. The decision to use a platform will be
office-by-office, committee-by-committee, and needs to be light-touch and
ideally under $100 per month.
>>>> Ease of use: The tech savviness of members and staffers (and potential
witnesses) ranges significantly from the very savvy to members who still don't
own a smartphone or use email. While participation in a videoconference will
likely be managed by a staffer for the less savvy members, it is still important
to err on the side of super simple, no app installation required.
>>>> Display of videos for multiple participants:  The platform should allow
multiple participants to display video (so, some webinar platforms would not
work)
>>>>
>>>>
>>>> Thanks for any reviews, tips, or suggestions!
>>>>
>>>> --
>>>> Marci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200406/c9dbe8ae/attachment-0001.html>