Data Security Failure of Video Conferencing Apps: A Threat Towards Cyber Security

By Varunendra Pandey, 3rd Year B.A.LLB (Hons.), Amity Law School Delhi

The novel coronavirus has rained havoc upon the entire human fraternity and has compelled us to resort to alternative measures to continue with our daily activities including our occupations but, are we ready? The question is very pertinent at this point of time where most of us, are conducting our business virtually unknown to the gravity of data we are risking during the mindful interactions. On the scale of one to ten how much protected are we? And what protection do the cyber laws have to offer to the data at risk? Let’s find out.

WHAT IS CYBER SECURITY?

Cybersecurity in a general sense is concerned with the protection of cyberspace and the creation of a safe virtual space, free from cyber- threats. The notion of cyber threats is rather vague and mainly revolves around the malicious use of Information and Communication Technology as a target or as a tool creating threats to cyberspace of the general public. Fundamentally the notion of cyber-security has three-fold meanings;
Activities and measures are taken to assure that cyberspace free from any kind of cyber threat that might affect the hardware and the software of the system and severely damaging or leaking the data stored in such a system creating a potential threat to national security.The quantum of protection that these measures and activities offer. The field associated with the implementation of these activities and measures against the hostile environment created by the malevolent actors, ensuring the restoration of cyberthreat free cyberspace is the significant element of cyber-security. Cyber-security is just not about data security and data privacy but much more than that, although closely related to the two buzzwords.

IS CYBER SECURITY EFFICIENT IN INDIA?

Cyberspace comprises of the IT networks of the country computer systems and all the fixed-mobile networks connected to the global internet. A country’s cyberspace is just not its own but global cyberspace, the virtual outreach of internet this platform is borderless and this is what makes it unique it is inseparable by geographical boundaries such as land, water, and sea. Lately, it has been seen that the governments are working on providing their citizens or ‘netizens’ access to faster internets by enhancing their bandwidths and are intensively investing in ICT (Information communication technology) projects.
The visionary advancements by the government are highly appreciated by the users, but the question of which we should seek answers from the government is whether the data we provide normally to banking services or for availing other e-services are those data safe enough? Or is it out on the internet for anyone to use it against us?
Inadequate set of legislations currently govern Indian cybersecurity which are vague in nature and often fails miserably addressing issues related to cyber threats. The authorities constituted regulate compliance and enforce penalties for noncompliance under the Information Technology Act 2000 and Information Technology Amendment Act 2008 which has been inactive for years till 2017.

However, the jurisprudence of cyber laws in India is unclear. In 2013 Government came up with much anticipated national cybersecurity policy, the Act was visionary and had global outreach but lost its grip after the failure on the part of the government to frame any rigorous laws ensuring enough sanction against any cyber threat.
The government constituted a 10-member committee on the reports of cyberthreat and for recommendations on policy drafting. The committee submitted an extensive report along with Personal Data Protection Bill 2018. The Government introduced a Personal data protection bill in 2019 in Lok Sabha and is currently under a joint parliamentary committee subject to changes.

VIDEO CONFERENCING: A NEW TOOL TO CYBER THREAT?


The ongoing pandemic has led all of us to scrutinize our virtual skills and most of the population from the past two months have been practically dwelling up in their systems as work from home has become the new normal in these extraordinary times. However, not going out in public shall save us from COVID-19, but what about the data that’s roaming out, they’re on countless servers without abiding any social distancing norms, are they safe? Recently Ministry of Home Affairs released the order stating the data security breaches that the ZOOM video conferencing app may cause. Ever since then there have been reports of various video conferencing apps causing such violations and breaching into user’s data.
ZOOM video conferencing app has gone out of the way and has claimed that it does not sells the user data further and most of the data that are furnished by the user are just business-related. ZOOM app records all the activities that are carried upon the platform such as calls, chats, recordings, media, whiteboards and other information. Zoom has come forward to state that it has a separate site for the marketing purpose and has nothing to do with the user’s personal data. The privacy policy of the ZOOM app states that it is free from any kind of fraudulent intervention and has assured its user of complete transparency and with no further breach.
Recently a PIL filed in the Apex Court brings forth the grave risks to user’s data furnished at the ZOOM platform. The petitioner in the plea seeks a total ban on the Zoom software owing to its non-observance of the regulatory framework under the Information technology Act 2000 (procedures and safeguards for interception monitoring and decryption of information rules 2009) also the chats on this platform lacks end to end encryption.
Plea further states that the app hunts down the individual privacy of the user and uses it. According to the plea, the app is very much prone to hacking and cyber breaches. The app fails to stop a third person entering the unknown calls and create a nuisance and make pornographic representations, this entire process in technical terms is known as Zoombombing.

Its highly deplorable how the Zoom software app without the consent of their user has utilized their personal details for promotional benefit. Risking data that worth’s more than money, zoom app is a clear example that how videoconferencing apps are risking the data of millions of its users on their fingertips and tearing apart the trust with which the users entrust them.

DISCLAIMER : All rights reserved to LegallyLayman and Lexstructor

2 thoughts on “Data Security Failure of Video Conferencing Apps: A Threat Towards Cyber Security

Add yours

  1. I found such a great content to read , ponder and add to my knowledge. With some healthy input would like to add more as – Ironically, some instances putting forward the three glaring issues highlighted . First, contrary to what the NPCIL may claim, air-gapped systems are not invulnerable. Stuxnet crossed an air gap, crippled Iran’s nuclear centrifuges and even spread across the world to computers in India’s critical infrastructure facilities. It is also not enough to suggest that some systems are less important or critical than others — a distributed and closed network is only as strong as its weakest link. Second, with the Indian military announcing that it will modernise its nuclear forces, which may include the incorporation of Artificial Intelligence and other cybercapabilities, the apparent absence of robust cybersecurity capability is a serious cause for concern. If it cannot secure even the outer layer of networks linking its nuclear plants, what hope does the government have of inducting advanced technologies into managing their security?
    Third, the surveillance of Indian citizens through WhatsApp spyware in the lead-up to the general elections highlights once again the government’s disregard for cybersecurity. out to a weakening of India’s cybersovereignty: the government comes across as incapable of protecting its most critical installations and, by rendering digital platforms susceptible to spyware, limiting its own agency to prosecute and investigate cybercrime These incidents also fly in the face of the country’s claims to being a responsible power as a member of export control regimes such as the Wassenaar Arrangement. The possibility of such misuse of intrusion technologies is a frequent argument deployed by advanced economies to keep developing countries out of elite clubs.
    If the Indian state plans to leverage offensive and defensive cybercapabilities, which are of course its right as a sovereign power, it needs to get serious about cybersecurity, both for its own narrow, political interests as well as those of its citizenry. There cannot be piecemeal, horses-for-courses approach: “security by obscurity” for India’s nuclear power plants, and cutting-edge malware reserved for spying on citizens. The security of a billion hand-held devices are of equal strategic value to the country’s nuclear assets. Only in this case, the government has been found wanting on the security of both.

    Liked by 1 person

    1. Thank you so much for the feedback mam. Your inputs are extremely Accurate. Its wonderful to see people not only thinking about thier data but other tactical manipulation that could lead personal data public, posing a potential threat.

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: