Protecting your security and confidentiality in your PEP sessions
In light of COVID-19, many businesses and individuals are turning to web conferencing systems to connect online. As an organisation, we are committed to protecting your privacy and confidentiality whilst using the Zoom web conferencing software.
This guide outlines the settings and procedures we use to ensure that PEP virtual spaces remain as safe and confidential as possible. It has been developed through reference to the Australian Government’s ‘Stay Smart Online’ Guidelines, and Zoom security recommendations.
Security built into Zoom
Zoom uses a combination of Transport TCP and UDP which is the same level of encryption used by a ‘https’ web protocol for a secure website. Additionally, we have enabled encryption for 3rd Party Endpoints (H323/SIP), a VoIP protocol which prevents calls being intercepted.
However, you should be aware that Zoom does NOT currently support end-to-end encryption (E2E). As such, you should be aware Zoom may have the capability to access all recorded sessions and that it is possible for Zoom sessions to be subpoenaed. While Zoom denies that they have ever built a mechanism to do this, we nevertheless advise you to be aware of this when participating in any Zoom session, whether with PEP or otherwise.
Zoom is not based in Australia, and as such, this may pose a security risk. Without explicitly naming any product, the Australian Cyber Security Centre warns, ‘The use of offshore web conferencing solutions introduces additional business and security risks. For example, laws in other countries may change without notice and foreign-owned service providers that operate in Australia may still be subject to the laws of a foreign country.’
Whilst other tools (e.g. Skype Private or Facebook Messenger with the ‘Private Conversation’ setting) have enhanced E2E security, Zoom offers superior learning facilitation support and connectivity and telepresence that is unmatched by competitors. Therefore, we have made the decision to still use Zoom, whilst advising clients of this security shortcoming.
Our security practices relating to web conferencing
We’ve used the following recommended Zoom protocols to secure the learning space.