April 6, 2020

Interoperability is the solution to the Zoom fiasco

When the pandemic started and the stay at home orders were given, videoconferencing tools became one of the first items in anyone's crash course in digitisation. Beyond a narrow group of remote workers and tech savvy people, most users have never participated in a Meetup, or a Zoom teleconference.

In two weeks, Zoom became a household name. The platform responded by providing free accounts that allowed calls of unlimited time, upped from the previous 40 minute limit. In the last week, I have personally experienced a meeting with friends, my daughter's classroom and several work meetings on Zoom. Others have been organising parties, concerts or government meetings (like those that Boris Johnson organised).

In the last few days Zoom turned out to be utterly rotten. Faulty design choices make "Zoom Bombing" possible. Vice reports that Zoom has been sharing user data with Facebook, without prior consent. And researchers at Citizen Lab have disclosed that Zoom uses non-standard security and sends security data to servers in China.

While most commentators have been focusing on privacy implementations, for me the case is interesting from the perspective of provision of public goods. At the time of the pandemic, tools for remote communication became a core piece of not just infrastructure - they become our society. We need tools like Zoom to run governments, attempt to emulate cultural experiences, or to keep connection with close ones, across distance. Teleconference tools become our restaurants, opera halls, workshop rooms and conference venues.  Their security and quality of service becomes a matter of societal resilience.

Of course, there are other teleconferencing options than Zoom, but the list is surprisingly short. Cisco's Webex is a less popular alternative. And teleconferencing functions are baked into multiple remote collaboration suites like Google Suite, Microsoft Teams, Slack, Facebook Workplace, and so on. There are also multiple commercial teleconferencing solutions, usually suited for large-scale use. Zoom, with its easy setup and ability to scale up by a factor of 20 in response to the crisis without becoming unreliable had an architecture well suited for popular take-up. And one that clearly sacrificed security and privacy for this purpose.

What lesson can we learn from this fiasco, at a time when users scramble to find the next, best solution? On a personal call last evening, we tested Jit.si, the only open source solution available on the market. But we moved back to Zoom, due to low quality of the call. Together with my friends - who include a therapeutist, cultural studies scholar, architect and a government employee - we rumbled for a moment about the need to be responsible and to protect our privacy. But there was no other, easy option.

During the pandemic, challenges become more pronounced. All the faults and harms, and the hard choices related to them that we make, are thrown into sharp relief. This applies in general to our digital environment, and is highlighted by specific issues, like the Zoom security challenge. So now is also the time to pivot away from faulty solutions, and establish more resilient, sustainable and sovereign approaches.

In our vision, we connect together the need for sovereignty and for core public infrastructure. Paul Keller wrote recently on our blog  that

At the start of the 2020s, Europe lacks a substantial stake in the two core elements of the current computing paradigm: the mobile devices that we use to access digital services and the hyper scale cloud infrastructures that power these services.

The Zoom fiasco is a case in point of this. And therefore Europe should consider a quick push to support public teleconferencing solutions. It is not acceptable that a European head of state holds cabinet meetings via a US-owned private service that runs part of its infrastructure from China. The teleconferencing space, with its relatively simple service, provides also a great testbed for decentralised solutions. These ensure that users are not locked into specific solutions that are very hard to abandon once the “winner takes it all" dynamics amplified by the current crisis have driven everyone into the arms of the same service.

Finally, a time of crisis and resource constraints is a good moment to fall back on open source solutions. These are designed to be resilient. But the open source ethic, in its pure form, throws the weight and responsibility of running a service onto the user - imagining that everyone is a hacker. And therefore public institutions should step in, and take on the role of supporting sustainable and fair infrastructure for its citizens.

The new European Data Strategy builds an argument that while today's data is held by a small number of Big Tech companies, there are emergent applications where they are not yet dominant and where Europe could lead. Remote teleconferencing is exactly such space - where a mix of infrastructural approaches, open source solutions and data sharing principles could create in a sustainable way a crucial layer for remote societies.