FOURTH PORTAL
GATEWAY TO THE FOURTH INDUSTRIAL REVOLUTION
Decoupling our identities from our data and actions could safeguard our secrets
IEEE Spectrum
27 Dec 2023
Three classes of new technology developed in the last few years now make decoupling practical in many more applications.
Imagine you’re on a Zoom call. Your device and those of your colleagues are sending video to Zoom’s servers. By default, this is encrypted when sent to Zoom, but Zoom can decrypt it. That means Zoom’s servers see the video and hear the audio, and then forward it to others on the call. Zoom also knows who’s talking to whom, and when.
Meetings that were once held in a private conference room are now happening in the cloud, and third parties like Zoom see it all: who, what, when, where. There’s no reason a videoconferencing company has to learn such sensitive information about every organization it provides services to. But that’s the way it works today, and we’ve all become used to it.
There are multiple threats to the security of that Zoom call. A Zoom employee could go rogue and snoop on calls. Zoom could spy on calls of other companies or harvest and sell user data to data brokers. It could use your personal data to train its AI models. And even if Zoom and all its employees are completely trustworthy, the risk of Zoom getting breached is omnipresent. Whatever Zoom can do with your data in motion, a hacker can do to that same data in a breach. Decoupling data in motion could address those threats.
Videoconferencing doesn’t need access to unencrypted video to push bits between your device and others. A properly decoupled video service could secure the who, what, where, and when of your data in motion, beginning with the “what”—the raw content of the call. True end-to-end encryption of video and audio would keep that content private to authorized participants in a call and nobody else. (Zoom does currently offer this option, but using it disables many other features.)
For more: