Metadata by TLF: Issue 9

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our reporters Kruttika Lokesh and Dhananjay Dhonchak put together handpicked stories from the world of tech law! You can find other issues here.

Zoom sued by shareholder for ‘overstating’ security claims

Zoom Video Communications Inc. was hit with a class action suit by one of its shareholders on April 7th which accused the video-conferencing app of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted. The lawsuit comes in the backdrop of huge privacy and security backlash against the company as security experts, privacy advocates and lawmakers warn that Zoom’s default settings aren’t secure enough. Each Zoom call has a randomly generated ID number between 9 and 11 digits long that’s used by participants to gain access to a meeting. Researchers have found that these meeting IDs are easy to guess and can be cracked using brute force algorithms which allows anyone to enter the meetings. This has led to the phenomenon of ‘zoombombing’ where pranksters join Zoom calls and broadcast porn or shock videos. However, concerns surrounding the company’s privacy and security policies do not end there as Zoom was forced to update its iOS app last week to remove code that sent device data to Facebook. Zoom then had to rewrite parts of its privacy policy after it was discovered that users were susceptible to their personal information being used to target ads. The most damning issue however is the company’s blatantly false claim regarding its usage of ‘end-to-end encryption’. Even though the company states on its website that it is employs E2E encryption, what is actually being used is transport encryption. In light of the numerous security lapses, companies like Google and SpaceX have banned their employees from using Zoom for meetings. It is has also been banned by the Taiwanese government over concerns that some Zoom traffic was ‘mistakenly’ routed through China.

Further Reading:

  1. Brian X. Chen, The Lesson We Are Learning From Zoom, The New York Times, (April 8, 2020).
  2. Casey Newton, What Zoom doesn’t understand about the Zoom backlash, The Verge, (April 2, 2020).
  3. Lily Hay Newman, The Zoom Privacy Backlash Is Only Getting Started, Wired, (April 1, 2020).

Governments around the world are increasingly using location data to manage the coronavirus

As the novel coronavirus spreads around the world, an increasing number of governments are relying on mobile carrier data to track information about their citizens. Mobile carriers in the European Union are sharing data with health authorities in Italy, Germany, and Austria to help monitor whether people are following instructions to maintain social distancing. Other countries are using location data from cellphones to track the pandemic in different ways, from Iran’s ‘AC 19’ app, to China’s tracking system that sends information to law enforcement officials, to Taiwan’s “electronic fence” that alerts authorities when a quarantined person moves too far away from their home. Perhaps the most aggressive use of cellphone location tracking is taking place in South Korea where the government has created a publicly available map from cellphone data that people can use to determine if they have come into contact with someone who has been infected with the novel coronavirus. However, accessing this data, even amid a global pandemic, entails complex legal and ethical issues surrounding government access to information that can reveal intimate details about citizens’ lives. There are widespread concerns over when these extreme surveillance measures will be discounted as they have the potential to transform states into authoritarian regimes.

Further Reading:

  1. Natasha Singer and Choe Sang-Hun, As Coronavirus Surveillance Escalates, Personal Privacy Plummets, The New York Times, (March 23, 2020).
  2. Pallavi Pundir, Coronavirus is Pushing Mass Surveillance in India, and It’s Going to Change Everything, Vice, (April 6, 2020).
  3. Rahul Narayan, Privacy, in the time of coronavirus, should not be compromised, Medianama, (April 2, 2020).

WhatsApp tightens message forwarding restrictions to combat coronavirus misinformation

With heightened scrutiny regarding the spread of misinformation over messaging platforms, WhatsApp on April 6, 2020 said it would place new limits on the forwarding of messages. Starting today, messages that have been identified as “highly forwarded” — sent through a chain of five or more people — can only be forwarded to a single person. The move is designed to reduce the speed with which information moves through WhatsApp, putting truth and fiction on a more even footing. It comes after bogus conspiracy theories linking 5G mobile networks with COVID-19 appeared to inspire people to set fire to cell phone masts in the U.K. The attacks resulted in the U.K. government urging social media platforms to take action to combat the spread of such false claims. WhatsApp has appeared to step up its efforts to ensure that its users can get verified information. The World Health Organization has launched a Health Alert in partnership with WhatsApp that has the potential to reach all its users and provide the latest news on coronavirus, which sets up an individual conversation which helps users have their questions answered. Similarly, the Indian government has also created a WhatsApp chatbot to combat misinformation. The Ministry of Electronics and Information Technology (MEITY) in India has urged social media platforms to “take immediate action to disable /remove such content hosted on their platforms on [a] priority basis”.

Further Reading:

  1. Casey Newton, WhatsApp puts new limits on the forwarding of viral messages, The Verge, (April 7, 2020).
  2. James Temperton, How the 5G coronavirus conspiracy theory tore through the internet, Wired, (April 7, 2020).
  3. Janosch Delcker, Zosia Wanat and Mark Scott, The coronavirus fake news pandemic sweeping WhatsApp, Politico, (March 16, 2020).

Health Ministry issues long-awaited Telemedicine Practice Guidelines

The Telemedicine Practice Guidelines of 2020 as notified by the Health Ministry are the first step towards providing for a comprehensive set of rules that make up a regulatory reference point for virtual consultations of patients. The guidelines require identity and age verification of doctors, patients and/or health workers. Consent has also found its place in the guidelines, as patients are provided with a right to stop consultations in situations where the doctor initiates a consultation upon request. Artificial Intelligence or Machine Learning may only facilitate the doctor in taking a decision, but the final prescription of medicines and consultation is not devoid of a human touch. Further, any data, records or documents related to the patient have to be handled by the doctor with due regard to data privacy laws.

Further Reading:

  1. Suman Ray, Is Telemedicine a useful tool to fight COVID-19?, Down to Earth, (2 April 2020).
  2. Tahir Ashraf Siddiqui, Issuance of Telemedicine Practice Guidelines in India: A long due piece of regulation, Live Law, (1 April 2020).
  3. Aditi Tandon, Online help for OPD Patients, The Tribune, (28 March 2020).