Law in the Internet Society

Security and Privacy Concerns regarding Zoom Court Trial

-- By KraiAran - 19 Oct 2021


According to the statistic provided by TrustRadius? , “Zoom” dominated 50 percent of the video conferencing software market in 2021, and has already surpassed 350 million daily meeting participants. These numbers are expected to grow so long as the COVID-19 pandemic is still threatening our community. Across the world, courts in every country are struggling to continue their judicial operation amidst the pandemic by relying on remote technology and limiting in-person proceedings. Not surprisingly, Zoom became one of the most widely used remote technology software in several jurisdictions, but some expressed concerns over the security issue because of its bad reputation in risking users’ rights and privacy. The question then arises ‘how can the court manage to build safer remote judicial proceedings?’ This essay seeks to identify some possible dangers posed by the application of Zoom in the virtual court trial, with a focus on a trial level, and will propose some possible solutions to address the data security concerns.

The Application of Zoom Court Trial

The outbreak of the COVID-19 pandemic causes difficulties to the judicial operation around the world for over 2 years. In addition to social distancing and taking the same precautions as the rest of the world, courts in almost every jurisdiction have no choice but to suspend in-person trials and conduct the online trials through the video conferencing platform, which allowed them to remain in session while reducing the danger to the public health. In this sense, the courts had to decide which video conferencing software that they will rely on. As could be expected, Zoom seems to be the best choice at first glance as it gained a reputation during the beginning of the lockdown. In practice, there are some jurisdictions that chose to rely on Zoom as their mainstream software, for example, the State Court of Texas and the Court of Justice of Thailand.

As to the State Court of Texas, in response to COVID-19, the Supreme Court of Texas currently issued the Forty-Third Emergency Order Regarding The COVID-19 State of Disaster, effective on October 1st, 2021, requiring that the court may continue to use reasonable efforts to conduct proceedings remotely. Furthermore, in order to facilitate court activities, the Office of Court Administration provides judges the ability to stream and host court proceedings via Zoom and also recommends people involved in the court proceedings to learn how to successfully participate in the Zoom court trial.

Turning to Thailand, the Office of the Judiciary of Thailand announced the Notification on Criteria, Methods and Conditions Relating to the Electronic Court Procedures, allowing the courts to continue the virtual trial through Zoom application because Thai people were familiar with and enjoyed using Zoom to work, hang out with friends, or even host a wedding ceremony during the lockdown, and, most importantly, Zoom application itself is free, easy to use, and does not require a login to access a meeting. These qualifications, combined with the fact that Zoom is well-known and widely used among Thai people, make it easier for courts to increase public access particularly among those living in the rural areas. In short, while many jurisdictions across the world, for example, state courts in Texas and trial courts in Thailand, rely on Zoom in conducting virtual court trials, these courts, in rush to manage the fallout of the pandemic, overlooked the evidence showing that Zoom court trials are connected to a potential violation of personal data and privacy.

Concerns Over the Data Security

Even though Zoom gained trust from every corner of the world during the dark time of the pandemic, people are currently realizing that Zoom might actually come with the cost of giving up their personal data. Over the past couple of years, Zoom has been involved in multiple unsavory reputations and lawsuits as follows.

1. Zoom-bombing Zoom-bombing became an unprecedented threat when Zoom’s users started to grow. Due to its feature that does not require passwords to join the meeting, random people can access the Zoom meeting that is not their own business. This could be dangerous if some people drop into the Zoom court trial, and record all confidential information in the case without prior permission from the judge.

2. Zoom phishing scam Zoom phishing begins with an email or notification sent individually to the victims saying, for example, ‘your Zoom account has been suspended,’ ‘you missed a meeting,’ ‘Zoom has undergone a server upgrade,’ which cause panic to the victims. By clicking the malicious link provided, the victims’ Zoom credentials or identity would be stolen.

3. False end-to-end encryption claim Zoom formerly claimed that their software is end-to-end encryption (E2EE? ), which is a technical method to keep communication between users from one end to another confidential from third parties, but it has been later discovered that their software is not end-to-end encryption as they claimed. This false end-to-end encryption caused Zoom to pay more than $80 million to settle the class-action lawsuit, in which the victims sued them for making a false statement and sharing user data to Facebook and Google without the consent of users.

The aforementioned lists are examples of Zoom’s security flaws. Many of them have now been addressed, but some commentators believe that there are still many vulnerabilities waiting to be discovered. Therefore, the courts must be aware of these dangers and take some further steps to protect people’s personal data and privacy.

Lessons Going Forward

While the question ‘whether the courts will continue to rely on Zoom for the remote proceedings in the coming years?’ remains unclear, and some jurisdictions are planning to resume some in-person proceedings, the virtual court trial is considered to be coming anyway. Therefore, the courts must learn some lessons and take the following steps to improve the protection of people’s personal data and privacy. First, if courts decide to continue their remote proceedings through the Zoom platform, they must set a password for every single remote trial, and only allow signed-in users to participate in the Zoom court trial for the purpose of authentication. Second, Eric Yuan, Zoom’s CEO, admitted that the company moved too fast when the COVID-19 crisis unfold, which implied that the company needs more work to secure users’ privacy. Thus, courts might need to look for more secure video conferencing platforms such as Jitsi Meet, Google Meet, or Microsoft Teams. Finally, while much excellent video-conferencing software exists in the market, they are rarely completely secured. In the long run, courts might need to build their own video-conferencing software, which is completely under the control of the judiciary, to ensure that the user’s personal data and privacy will not be deprived by any profit-oriented company.

This draft makes some specific points about the drawbacks of using one third-party service, Zoom, to conduct remote trial proceedings in one small country, Thailand. These entirely concern well-known security issues with that service, which was ill-adapted (and in some respects not adaptable) to all the uses to which it was suddenly put during global lockdown at the start of the first phase of the present pandemic.

The best route to improvement is to reach for bigger ideas about remote trials than "Zoom security sucks, use Teams." Issues of due process are surely more various and significant than security against public disruption, whether in the real courtroom or through "Zoom bombing," for example. Both confrontation issues, such as those discussed in Maryland v. Craig, 497 U.S. 836, and related cases over the past four decades, and right to public trial concerns should surely have analytical priority over matters of courtroom administration. Strengthening the legal discussion should be accompanied by more technical learning. How should remote communication software and associated technologies work in order to facilitate public processes in which all citizens must be able to participate on an equal basis? What good is mere mention of other platform offerings from the cloud giants without a discussion of the functional components required by "Equal Justice Under Law." We cannot really discuss the politics at all without an effort to diversify across societies. Thailand is a small nation whose value as an exemplar of democratic government and the rule of law is presently low because it's being governed by a military junta while its head of state has recently been warned (again) by the German government not to conduct state business from his overgrown garage in Bavaria. Discussion of how a mature and sizeable technocratic autocracy with no commitment to democracy, equal rights or the rule of law uses telecommunications software to conduct secret and politically-determined trials and to give advantages in civil litigation is easily available in this school, where Professor Ben Liebman has amassed much valuable data; China is a better example of what despotism will really do than the two-bit efforts of the Thai oligarchy to hitch its wagon to the (Chinese state infiltrated) Zoom. The school's Lawyering in the Digital Age clinic has assisted the New York State courts in real implementation of remote hearings attempting to equalize access citizens' rights to access and participation in households that do not have computers. These are just two examples of what can be found here to support your learning.

Bringing in more diverse learning from a bigger world is what doing an LLM here more generally achieves. In this instance, it will produce an immensely improved draft.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r2 - 29 Nov 2021 - 12:01:31 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM