Posts Tagged ‘zoom’

ZOOM accused of suspending accounts of human rights defenders

July 29, 2020

Bernise Carolino on 28 July 2020 wrote in the Canadian lawyers Magazine that Lawyers’ Rights Watch Canada has condemned Zoom Communications Inc.’s suspension of the accounts of human rights activists, calling it a breach of its responsibility to respect the rights to free expression, association and assembly.

A letter from Lawyers’ Rights Watch Canada called upon Zoom to ensure that the communications of its users are not similarly suspended or disrupted in the future. The group urged Zoom to establish a company policy to clarify how it intends to adhere to its international legal responsibility under the United Nations Guiding Principles on Business and Human Rights. The group also requested that Zoom refrain from blocking participation of users based on geography.

In June, Zoom suspended three accounts of activists based in the U.S. and Hong Kong in compliance with a request from the government of China, which claimed that the activists were trying to use Zoom to host meetings commemorating the anniversary of the Tiananmen Square massacre. Zoom then reinstated the accounts and said that it would not in the future permit such requests to affect individuals outside mainland China.

Despite the reinstatement of these accounts, the lawyers’ rights group took issue with Zoom’s plans to develop technology that will allow it to remove or block participants based on their location in response to requests from local authorities claiming that certain activity on the platform is prohibited based on their country’s laws.

All international businesses, including Zoom, must ensure that all their users can enjoy the rights and freedoms afforded to them under international law,” wrote Joey Doyle, a director of Lawyers’ Rights Watch Canada and an author of the letter, in the organization’s press release. “This is particularly important in this present world where most communication takes place over online platforms such as Zoom.”

Zoom has an international law obligation to respect the rights to freedom of expression, association and assembly, the right to access information and the right to privacy, said Lawyers’ Rights Watch Canada, citing the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights as legal bases. The group also called attention to the U.N. Declaration on Human Rights Defenders, which recognizes the right of such defenders to advance the protection of human rights and fundamental freedoms.

Joshua Lam, another director of Lawyers’ Rights Watch Canada, and executive director Catherine Morris co-authored the letter, addressed to Eric S. Yuan, Zoom’s founder and chief executive officer, and Lynn Haaland, the company’s chief compliance and ethics officer.

See also: https://humanrightsdefenders.blog/2020/07/21/frontlines-guide-to-secure-group-chat-and-conferencing-tools/

https://www.canadianlawyermag.com/practice-areas/privacy-and-data/lawyers-rights-watch-canada-urges-zoom-to-abide-by-international-human-rights-obligations/331904

Frontline’s Guide to Secure Group Chat and Conferencing Tools

July 21, 2020

With teams increasingly working remotely during COVID-19, we are all facing questions regarding the security of our communication with one another: Which communication platform or tool is best to use? Which is the most secure for holding sensitive internal meetings? Which will have adequate features for online training sessions or remote courses without compromising the privacy and security of participants?

Front Line Defenders presents this simple overview which may help you choose the right tool for your specific needs.

FLD Secure Group Chat Flowchart

Download PDF of the flow chart

Note:

  • With end-to-end encryption (e2ee), your message gets encrypted before it leaves your device and only gets decrypted when it reaches the intended recipient’s device. Using e2ee is important if you plan to transmit sensitive communication, such as during internal team or partners meetings.
  • With encryption to-server, your message gets encrypted before it leaves your device, but is being decrypted on the server, processed, and encrypted again before being sent to recipient(s). Having encryption to-server is OK if you fully trust the server.

Why Zoom or other platforms/tools are not listed here: There are many platforms which can be used for group communication. In this guide we focused on those we think will deliver good user experiences and offer the best privacy and security features. Of course none of the platforms can offer 100% privacy or security as in all communications, there is a margin of risk. We have not included tools such as Zoom, Skype, Telegram etc. in this guide, as we believe that the margin of risk incurred whilst using them is too wide, and therefore Front Line Defenders does not feel comfortable recommending them.

Surveillance and behaviour: Some companies like Facebook, Google, Apple and others regularly collect, analyse and monetize information about users and their online activities. Most, if not all, of us are already profiled by these companies to some extent. If the communication is encrypted to-server owners of the platform may store this communication. Even with end-to-end encryption, communication practices such as location, time, whom you connect with, how often, etc. may still be stored. If you are uncomfortable with this data being collected, stored and shared, we recommended refraining from using services by those companies.

The level of protection of your call depends not only on which platform you choose, but also on the physical security of the space you and others on the call are in and the digital protection of the devices you and others use for the call.

See also:

Caution: Use of encryption is illegal in some countries. You should understand and consider the law in your country before deciding on using any of the tools mentioned in this guide.

Criteria for selecting the tools or platforms

Before selecting any communication platform, app or program it is always strongly recommended that you research it first. Below we list some important questions to consider:

  • Is the platform mature enough? How long has it been running for? Is it still being actively developed? Does it have a large community of active developers? How many active users does it have?
  • Does the platform provide encryption? Is it end-to-end encrypted or just to-server encrypted?
  • In which jurisdiction is the owner of the platform and where are servers located? Does this pose a potential challenge for your or your partners?
  • Does the platform allow for self-hosting?
  • Is the platform open source? Does it provide source code to anyone to inspect?
  • Was the platform independently audited? When was the last audit? What do experts say about the platform?
  • What is the history of the development and ownership of the platform? Have there been any security challenges? How have the owners and developers reacted to those challenges?
  • How do you connect with others? Do you need to provide phone number, email or nickname? Do you need to install a dedicated app/program? What will this app/program have access to on your device? Is it your address book, location, mic, camera, etc.?
  • What is stored on the server? What does the platform’s owner have access to?
  • Does the platform have features needed for the specific task/s you require?
  • Is the platform affordable? This needs to include potential subscription fees, learning and implementing, and possible IT support needed, hosting costs, etc.

The document then proceeds to give more detailed information related to each tool/service listed in this guide

Signal – https://signal.org/

Delta Chat – https://delta.chat/

Wire – https://wire.com/

Jitsi Meet – https://jitsi.org/jitsi-meet/

BigBlueButton – https://bigbluebutton.org/

Whereby – https://whereby.com

Blue Jeans – https://www.bluejeans.com/

GoToMeeting – https://www.gotomeeting.com/

Facetime / iMessage –https://www.apple.com/ios/facetime

Google Meet – https://meet.google.com/

Duo – https://duo.google.com/

WhatsApp – https://www.whatsapp.com/

Video calls, webinar or online training recommendations

Video calls recommendations: In the current situation you will undoubtedly find yourself organizing or participating in many more video calls than before. It may not be obvious to everyone how to do it securely and without exposing yourself and your data to too much risk:

  • Assume that when you connect to talk your camera and microphone may be turned on by default. Consider covering your camera with a sticker (making sure it doesn’t leave any sticky residue on the camera lens) and only remove it when you use the camera.
  • You may not want to give away too much information on your house, family pictures, notes on the walls or boards, etc. Be mindful of the background, who and what is also in the frame aside from yourself? Test before the call by, for example, opening meet.jit.si and click on GO button to get to a random empty room with your camera switched on to see what is in the picture. Consider clearing your background of clutter.
  • Also be mindful who can be heard in the background. Maybe close the door and windows, or alert those sharing your space about your meeting.
  • Video call services may collect information on your location and activity, consider using a VPN (see Physical, emotional and digital protection while using home as office in times of COVID-19 guide).
  • It is best to position your face so your eyes are more or less at the upper third of the picture without cutting off your head. Unless you do not want to reveal your face, do not sit with your back to a light or a window. Daylight or a lamp from the front is the best. Stay within the camera frame. You may want to look into the lens from time to time to make “eye contact” with others. If you are using your cellphone, rest it against a steady object (e.g. a pile of books) so that the video picture remains stable.
  • You may want to mute your microphone to prevent others hearing you typing notes or any background noise as it can be very distracting to others on the call.
  • If the internet connection is slow you may want to switch off your camera, pause other programs, mute the microphone and ask others to do same. You may also want to try sitting closer to the router, or connecting your computer directly to the router with an ethernet cable. If you share internet connection with others, you may ask them to reduce extensive use of internet for the duration of your call.
  • It it very tempting to multitask especially during group calls. But you may very soon realise that you are lost in the meeting and others may realize this.
  • If this is a new situation for you or you are using a new calling tool, you may want to give yourself a few extra minutes to learn and test it prior to the scheduled meeting to get familiar with options like turning on/off the camera and the microphone, etc.
  • If possible, prepare and test a backup communication plan in case you will have trouble connecting with others. For example, adding them to a Signal group so you can still text chat or troubleshoot problems on the call. Sometimes it helps to have an alternate browser installed on your computer or app on the phone to try connecting with those.

If you would like to organise a webinar or online training, you can use tools outlined above in the group communication. Some of best practices include:

  • Make sure that you know who is connected. If this is needed check the identities of all people participating by asking them to speak. Do not assume you know who is connected only by reading assigned names.
  • Agree on ground-rules, like keeping cameras on/off, keeping microphone on/off when one is not speaking, flagging when participants would like to speak, who will be chairing the meeting, who will take notes – where and how will those notes be written and then distributed, is it ok to take screenshots of a video call, is it ok to record the call, etc.
  • Agree on clear agendas and time schedules. If your webinar is longer than one hour, it is probably best to divide it into clear one-hour sessions separated by some time agreed with participants, so they have time to have a short break. Plan for the possibility that not all participants will return after a break. Have alternative methods to reach out to them to remind them to return, like Signal/Wire/DeltaChat contacts for them.
  • It is easiest to use a meeting service that participants connect to using a browser without a need to register or install a special program, one that also gives the webinar organiser the ability to mute microphones and close cameras of participants.
  • Prior to the call, check with all participants whether they have particular needs, such as if they are deaf or hard of hearing, if they are visually impaired or blind, or any other conditions which would affect their participation in the call. With this in mind, ensure that the selected platform will accommodate these needs and to be sure, test the platform beforehand. Simple measures can also improve inclusion and participation in your calls, such as turning on cameras when possible, as it can allow for lip-reading.
  • Encourage all participants to speak slowly and to avoid jargon where possible, as the working language of the call is most likely not everyone’s mother tongue language. Naturally, there will be moments of silences and pauses, embrace them. They can help to support understanding and can be helpful for participants who are hard of hearing, interpreters and will also aid assistive technology to pick up words correctly.

https://www.frontlinedefenders.org/en/resource-publication/guide-secure-group-chat-and-conferencing-tools