If you’re not familiar with Bruce Schneier, he’s one of the world’s foremost authorities on public key encryption. In fact, he quite literally wrote the book on it!
A while back he wrote a blog article outlining his many concerns about Zoom and their privacy/security failings: https://www.schneier.com/blog/archives/2020/04/security_and_…
More recently (and more importantly, in my opinion) he wrote a new article re-visiting Zoom and updating his readers on the progress Zoom has made in addressing the issues outlined in the previous article:
For me, the important part of the latter article wasn’t the article itself, but rather, the first comment on the article and Bruce’s response to it:
@Bruce - whilst I normally agree with most of your Op-eds, I’m genuinely curious as to how you can reconcile using (or recommending) Zoom considering their multiple, egregious breaches of privacy and mis-selling of encryption to their users?
I thought your previous article, in which you appeared diametrically opposed to Zoom, summed up a great many reasons not to use Zoom.
“I thought your previous article, in which you appeared diametrically opposed to Zoom, summed up a great many reasons not to use Zoom.”
And yet I never stopped using it.
Basically, all security is trade-offs. I had to use Zoom for my class, because that’s what Harvard had as its standard and it works well in a classroom setting. I started using it for personal video calls, because that’s what everyone else had. I continue to use it because I like the features, and they are trying to improve their security and privacy.
Putting it another way: I used to use the telephone system a lot more, and their security and privacy is even worse. Again, it’s all a trade-off.
I wouldn’t run a UK Cabinet meeting over Zoom, though.
So, here we have the world’s foremost authority on public key encryption and one of the world’s leading authorities on security in general stating “everything has trade-offs, even security” and “In most cases, security is a hinderance to convenience and productivity that doesn’t warrant that trade-off!”
Being in the networking/infrastructure (and thereby also deeply involved in security of those things), I have long maintained that “Security is inversely proportional to productivity!”. And here, we have Bruce saying essentially the same thing.
Note: He is not at all saying that security does not matter. But rather, “it’s good enough for most of the things most of the people who use it want to use it for.”
This is important. Especially from an investment perspective. Many people will hear Zoom is insecure and think it’ll be hacked frequently or all sorts of privacies will be breached. Not true for the vast majority of Zoom calls. No one is going to hack my company zoom sessions where me and my team are discussing the work we need to do this week, or my weekly family zoom call with cousins from Alaska. They probably won’t even bother with my company meeting over Zoom. But they might try to hack the British Parliament calls, or Pentagon calls, etc. Or a bank. But of the millions of people using it for everyday business, no one cares, and it’s “good enough”.
And, most people don’t really care about security anyway, because they have no idea what that really means, or how a security breach could affect them should it happen. People seldom, if at all, think about these things until it’s too late. And Bruce is telling us that Zoom is already good enough to the point where we no longer have to worry about it for the vast majority of use cases.
Paul - Who would rather have a dollar/minute he spent on Zoom calls these days than the too few Zoom shares he currently owns