ARE VIDEO CONFERENCING PLATFORMS REALLY SAFE?

09 Apr ARE VIDEO CONFERENCING PLATFORMS REALLY SAFE?

Video conferencing platforms have been gaining popularity since measures of social isolation have been adopted in most countries around the world as an attempt to contain the COVID-19 pandemic. Whether to assist remote work, for entertainment or to organize religious events, classes, seminars, the videoconference tools have been widely adopted.

But have the users ever wondered if their personal data and privacy are safe while using these platforms that capture their faces and record their voices in private conversations?

This week, in Brazil, the National Sanitary Surveillance Agency (“ANVISA”) decided to forbid the use of the videoconference platform “ZOOM” on their computers. The measure was based on a recommendation from the agency’s IT area that identified vulnerabilities in the “ZOOM MEETING” application that, when exploited by hackers, allows unauthorized access to cameras and microphones, making it possible to hijack users’ credentials and information exchanged in meetings.

The agency’s decision is not alone. During the last weeks, with the increase in the use of this platform, several cases have been reported in the USA in which video conferences were accessed by unidentified individuals who, for example, interrupted a class, swore at the teacher and then exposed the teacher’s home address to all participants.

In another case, a class was interrupted when an individual was able to access the transmission without authorization and displayed his swastika tattoos.

The events were publicly reported by the FBI, which recommended the adoption of some precautions when using these types of platforms.

The leakage of personal data accessed and transmitted through these technological platforms is also subject of concern after news websites reported that e-mails and photos of thousands of “ZOOM” users may have been leaked and that the platform is not secured by end-to-end encryption, which – as in Whatsapp conversations – protects data during the exchange of information and assures that only the participants in a certain conversation have access to its content, preventing third parties from accessing private conversations.

Technological video conferencing platforms, such as Zoom, Skype, Google Hangouts, Microsoft Teams among many others, are undoubtedly been extremely important to ensure quick and instant communications and to allow, in certain manner, the proximity between colleagues, family members or friends in this difficult time we are currently going through.

However, it is essential for the security of the users’ personal information and of the companies’ entire network systems that there is a commitment to data protection from the companies that provide this kind of service.

Before adopting a video conferencing platform, for private or professional purposes, the user must ask himself if the company that offers the service, often freely, is committed with:

(i)         The privacy of data and personal information accessed, shared and transmitted by their platform. A good measure to prevent abuses is check-out the platform’s Terms and Conditions of Use and its Privacy Policy to understand:

(a)        what type of personal data and information is collected and processed by the platform and for what purposes;

(b)       for how long and in what manner are the personal data and information stored by the platform; and

(c)        who are the platform’s partners that enable its operation and for it to perform the activities offered.

(ii)        The platform’s information security and adopts security measures – such as end-to-end encryption – to protect the system from hacker invasions which lead to the leakage of user’s information or disorders such as those mentioned hereinabove.

On April 8, 2020, the Minister of Justice and the National Public Safety (“MJSP”), through the National Consumer Agency (“Senacon”) opened an investigation on ZOOM to clarify the apps practices related to the sharing of their user’s data with Facebook.

The investigation seeks to understand if ZOOM notifies Facebook when the user opens the application, as well as the details created by the application to direct adds to its users.

The company has ten (10) days to respond the notification. If it does not provide a response, the MJSP may open an administrative proceeding, that may eventually lead to sanctions or fines.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from KGV Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener, Granja & Vieira Advogados.