video conference

By Remi Oudinot
– Senior Communications Manager – SICPA

 

It may well be one of the lasting benefits of the dramatic times we are living in: Social distancing measures are accelerating the transition to digital, something many institutions were viewing with suspicion only a few weeks ago.

Most multinational companies had already deployed video conferencing solutions, more or less fit for purpose, but generally falling under the framework of their IT security and data confidentiality policies. They simply extended the service to their local employees, forced to work from home. These were proven solutions that their senior staff already used when working with transcontinental teams.

It has proved less obvious for other companies and institutions, local SMEs and universities who had to adopt solutions in a hurry without really having had time to seriously evaluate. The situation is the subject of wide, especially for universities, where work and studies may find themselves disseminated in an uncontrolled environment.

Some IT specialists have expressed concern that a very popular application, in its free-of-charge form, is being used for university online courses. Its mobile version, based on a Facebook development kit, shared the personal data of users, students or professors with the social network, which was notoriously unscrupulous about the data collected. It seems that the flaw has since been resolved but the alert was serious.

Perhaps even more delicate, another free videoconferencing application has been highlighted by Belgian journalists as having privacy flaws. Indeed, the general terms of use state that the publisher is “free to use the content of all communications made through its services, including any idea, invention, concept or technique”. Just one step away from the notion that certain exchanges, between certain important users could be exploited freely..… It seems with such doubts, that it is better to avoid talking about strategic plans, scientific discoveries or start-up concepts via such a tool!

Many newcomers providing such software are offering free access, hoping to swell their user base quickly during this difficult period, thus strengthening their credibility with investors the day the pandemic and its very legitimate concerns are behind us. As the well-known IT/web adage goes, if the product is offered to you for free, the product is you (and your data…).

Even among those for whom funding doesn’t seem to be an issue, the industry leaders, the situation is less than clear. Some parties, sometimes, take some liberties with our data. For example, Microsoft recognized that its consumer solution Skype needed to rely on occasional listening to conversations by employees to enhance its “artificial”, or not-so-artificial AI tool.

The urgency and the exceptional nature of the situation we are currently living through may force us to use the only tools made available in the short term, but this does not necessarily determine which tools to use in the future. If SMEs and universities take an impressive step forward towards digitization, we will need, after the crisis, to take a step back to validate the tools that will really be worthy of our trust.

To do this, we need to draw up a checklist to validate the best practice advice for using such tools:

  • Read (really!) the privacy policy proposed by the application: avoid those who grant themselves the right to resell behavioural data, the configuration of the machine on which they run, the list of correspondents, etc.
  • Be aware of the privileges granted (access to the camera, microphone, screen sharing, etc.) and the way in which streams are shared (audio, video, conversations): are they encrypted end-to-end? If so, they are invisible, even to the publisher’s servers.
  • These precautions are also valid for subcontractors involved, for example, in the connection process. One example is the Facebook login button. Easy, fast, seemingly harmless, but fraught with consequences.
  • A cardinal point, whatever the choice of the tool: it is necessary to train and raise awareness among users.. We have seen screenshots circulating on social networks that expose confidential key information in clear text (meeting ID, password posted on the wall behind users, etc.).
  • And beyond the technical considerations, once the choice has been made, don’t forget privacy and the rights of the people who will appear in the field of vision. Some editors such as Microsoft mention it when a Teams session is saved, but not all do so!

Paying attention to these points should allow the use of video conferencing in a clear and controlled in-house framework, but it is also important to check that the solutions proposed or imposed by third parties (customers, subcontractors, partners) also meet the standard and do not nullify these efforts. In some cases, it will be necessary to use diplomacy to redirect the interlocutors towards a more reliable solution, without exposing their naivety. This is the price to be paid for imposing on the market the solutions that are not the easiest or the most hype, but the most worthy of our trust.