Back to list All Articles Archives Search RSS Terug naar lijst Alle artikelen Archieven Zoek RSS

"Do you accept privacy problems just because it works well?"

"Do you accept privacy problems just because it works well?"

Working with Zoom

MAASTRICHT. To Zoom has almost become synonymous to video calling. Maastricht University has recently taken out a licence for professional use of the video and meeting app. No worries, the institute said, with the necessary precautionary measures using it is safe. But is that the case? It is true that Zoom is a user-friendly app – that is why it is so popular – but it is regularly in the news because of privacy and security problems.

The Dutch Ministry of Defence is the umpteenth organisation to ban Zoom. Employees may not install the video app on their work telephone or laptop and the ministry advises them not to use the programme privately either. There are too many doubts about security, a spokesperson from the ministry said in de Volkskrant last Friday. Leiden University has not been an advocate for some time. ‘Don’t use Zoom, your privacy cannot be guaranteed,’ the university states on its website. Outside the Netherlands, in Taiwan for example, the application has been prohibited for government services. In the United States, a large number of schools and businesses do not allow its use either. And the FBI has also forbidden its employees to use the programme.

Zoom is a nightmare.” That is the heading of an article that Gijs van Dijck, professor of Private Law at the Maastricht Faculty of Law, forwarded by e-mail. “This piece sums up quite well why Zoom is so problematic, but why we use it anyway,” he writes. It was published on One Zero, an online medium about technology and science.
Van Dijck, also a researcher at the Maastricht Law and Tech Lab (research into artificial intelligence in the legal domain, in which legal experts and knowledge engineers work together) uses Zoom as little as possible. “What I have seen about the programme, doesn’t inspire confidence.” He and his colleagues from the Lab are more aware –more so than the average layman – of Zoom’s privacy issues and alleged security leaks. Information that they find, for example on blogs by cyber security experts and in articles on tech websites, is shared with each other. “Even then, it is difficult to find out exactly how things are,” says Van Dijck. But it worries him. “If you have installed Zoom on a MacBook, for example, and you want to remove the programme from your computer, you will find that this is not easy. Zoom hides tenaciously inside your PC. In that sense it behaves like malware.” 

Highly restricted version
Then we come to the question why the UM has chosen to purchase a licence for Zoom. “It is not a simple thing to arrange tutorial groups for the number of participants we deal with and to ensure that it all works smoothly. That was easiest with Zoom,” says interim spokesperson Fons Elbersen. “The way in which the programme is installed and set up at the UM, is such that we believe it meets the security and privacy requirements. It is important that people use this ‘restricted’ version and follow the instructions.”
The UM has signed a data protection agreement with Zoom for the licenced version, so that its use is in agreement with the European Union’s General Data Protection Regulation, states the manual for UM employees on the UM website. In addition, adaptations have been made to ensure that its use complies with the European GDPR requirements. It is impossible, for example, to record conversations.

Beautiful sweater
Van Dijck compares the use of Zoom to “buying a beautiful sweater that has been made by twelve-year-old children in India. Do you say: ‘What the heck, do it, I don’t care.’ Or do you buy a less beautiful sweater because of the story behind it? It is the same with Zoom. Do you accept privacy or security problems because it works so well? That is an assessment you have to make. Things will most likely go alright, but if things go wrong and there is a data leak in which information is disclosed, then the consequences are huge.”

A few days after the interview, he forwards us an e-mail from colleagues throughout the country who are sounding the alarm about “hasty” decisions with regard to the use of Zoom at Dutch universities and universities of applied sciences. They believe that public institutions should choose tools that reflect their public values, such as privacy protection. Van Dijck agrees: “Let’s work together as universities and universities of applied sciences. It would be better to combine means and invest in a platform that is safe and that we can all use, rather than hastily purchasing licences for a platform that we may have to abandon later on because there are serious disadvantages to it.”

This is not just about security. Van Dijck feels that it is important that educational institutes ask themselves why they choose certain technology. “How can we use it in education, why is it interesting, what can we do with it? I think it has been insufficiently explained why Zoom was chosen. Its use for educational purposes is very limited in our own faculty. Most colleagues use Blackboard Collaborate Ultra. It is wisdom after the fact, but I think it is a shame that an X amount has been paid for Zoom when it is subsequently used mainly for hosting meetings, annual appraisals and assessment interviews.”

As happened with the latest University Council meeting on Wednesday 8 April. It was Raoul Winkens, the UM’s data protection official, who had a problem with it. He was going to give the annual update on the policy surrounding the protection of personal information. Just before it was Winkens’ turn, the council clerk was informed that Winkens wouldn’t be joining the meeting because he did not want to install software and did not want to create a Zoom account.
“No, it wasn’t because of the security,” he said later when asked. “The version bought by the UM is safe to use.” But he abhors the fact that there is a deviation from the university’s own policy. “The UM has decided that Zoom is used for education. And the University Council meeting is not education. Moreover, I would have had to download it immediately or create an account, and I didn’t want to do that.”

Responding to what Van Dijck and colleagues throughout the country were saying about choosing the right tools as a public institution, Winkens says: "I agree. Except, normally you wouldn’t make a decision within a few days and you don’t need to digitalise within a weekend. People sometimes forget how slowly the UM works and how quickly decisions must be made during times of crisis."

Sjoerd Stoffels, consultant education technology at the Faculty of Arts and Social Sciences, has no trouble with Zoom (“as long as it is used in a professional way”). He also understands the UM’s choice: “There are not a lot of players in the field of video conferencing tools that meet all requirements. It is not just security that is a plus. Applicability within education is also important, as well as user-friendliness and compatibility with existing IT environments.” He is, however, critical of the way in which the app was introduced at the university. The actual launching of Zoom came as “a surprise” to many, he says. A launch in which he missed vital information about the use of the app. “The result was anxiety among students and staff. This was of course exacerbated by the bad news about Zoom in the media.” Questions about security and privacy surfaced. On a central level, it was quiet for a long time about these issues. That could have been done better.”
In the meantime, an online education taskforce has been set up which has been arised by EDlab, with mostly people from that network, says Stoffels. “But why is the expertise from the faculties not taken into consideration here, why isn’t there more transparency and better communication?” He decided to write a blog for his colleagues and students of Arts and Social Sciences, giving tips on how to use Zoom safely.

Whether Zoom will continue to be the app for education at the UM, is unclear. According to spokesperson Elbersen, the university is working on “a more sustainable, integrated setup of systems”. This includes considering the introduction of Microsoft Teams. Winkens states that the UM has been dealing with Teams for a time, “it is a bigger project. But implementing Teams for all education requires a lot of effort.”  

Finally, Stoffels refers to the 'Privacy decision aid' (Keuzehulp) published by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) for video calling apps. "If you study it and examine the criteria, then there is only one application that meets all security and privacy conditions. However, that application is not suitable for use within larger organizations for the time being. Zoom still works in that ‘decision aid’ not even worse than Microsoft Teams. "



There are currently no comments.Er zijn geen reacties.

Post a Comment

Laat een reactie achter

Door een reactie te plaatsen gaat u akkoord met de verwerking van de ingevulde gegevens door Observant.
Voor meer informatie: Privacyverklaring
By responding, you agree to send the entered data to Observant.
For more info: Privacy statement

Name (required)

Email (required)