Due to the pandemic and the resulting quarantine, millions of people around the world found themselves at home and in need of digital tools to continue their work and communication. Yet, how secure are the digital tools that have become a part of our everyday life?
If you are like most of us, in those first few days of quarantine you and your organisation had to start hunting for the best tools to host your video meetings and communicate with colleagues online. You were not alone. By April of this year, Zoom's users grew to 300 million, compared to 10 million just before the pandemic began, and "Zoom" quickly became a verb we use in our everyday lives, like "Google" or "FaceTime." No doubt, it was tools like these that helped many of us adjust to our new working normal.
Not long after Zoom boomed, its security vulnerabilities began to be exposed. In April, it was revealed that the company had leaked user information, and that video meetings could be accessed by outsiders. This was followed by news that the company had misled their users to suggest that meetings were end-to-end encrypted when they were not. "Zoombombing" – the process by which outsiders could exploit a security vulnerability to break into others' meetings – became the newest word in our pandemic vocabulary. And there were other, less publicized revelations: with Zoom, bosses could monitor participants' attention during calls, and the company could use the content of its users' messages to target them with ads. Many of these issues about the platform were discovered after Boris Johnson proudly tweeted that he had chaired the "first ever digital cabinet" ... on Zoom.
But this is not just an article about Zoom's flaws. In this period of working from home, other online collaboration tools like Google Docs, Slack, and Microsoft Teams have all become part of our daily vernacular. But before our work becomes dependent on these tech tools, it is useful to examine how civil society organisations can think about which ones to choose – and how and why to choose them. As Tactical Tech's founder and Creative Director Marek Tuszynski wrote in an article about remote working tools, “There are choices out there – the real challenge is not only how to make them but also what kind of society we are supporting by making them.”
When decisions are fuelled and informed by crisis or urgency, it is tempting to choose the easiest, most convenient short-term solution. But equally, a crisis is a time to give more – not less – scrutiny to the technology choices we make, because these choices have long-term consequences: not only the risks to our own privacy and how much personal data we are willing to give up, but also the risks for the people with whom we communicate. And beyond that, we have to consider the precedent our choices may set for what we are willing to accept in the future, and those who profit from these new systems. After all, many of the tools for remote work have the same business models that have made companies like Google and Facebook so successful – the extraction and sale of our personal data. And many tech innovations that are borne of a crisis may be subject to security oversights. We have already seen that since the pandemic began, while the rest of the economy suffered, profits for the big tech companies have all risen, including YouTube, Google, and Amazon, among others. Zoom's profits, for example, have grown 167% in a single year.
At Tactical Tech we know there are no simple or ideal solutions when it comes to using technology for your organisation and in your work. There are always trade-offs between privacy and convenience, between ethics and efficacy. “The idea that there are tools that would always work for everyone, everywhere; require no extra knowledge and zero additional infrastructure; are fair and just, and protect users at all times," Tuszynski notes in his post, "is a dream that has not yet come true.”
Tactical Tech has been working to help NGOs around the world make decisions about tech for nearly 20 years. We rely on some basic principles for choosing a tech tool. Knowing that there is no one-size-fits-all solution, we aim to mitigate risks, and we recommend focusing as much on the long-term implications of your tech choices as on immediate convenience.
When deciding on a tool for you and your organisation, ask yourself, is it:
1. Open source – is the software non-proprietary and is the code available publicly so that it can be scrutinized by users?
2. Trusted – has the software been independently reviewed or audited?
3. Mature – does it have a stable, active user-based community and is it responsive to a developer community?
4. User-friendly – is it easy to use?
5. Multi-language with localisation support – can it be found in other languages or easily localised?
6. Multi-platform – can it be used on Mac, Windows, Linux, Android, etc.?
7. Documented – are its sources, installation, usage and updates available online?
For an in-depth explanation of these principles, visit Security-in-a-Box, which Tactical Tech co-developed with Frontline Defenders.
We know that making decisions for your organisation is more complicated than a single download and a quick click to agree to the terms and conditions. Rather, it requires the same consideration and investment as other major organisation-wide decisions you make. As Tuszynski writes, “If you want to support independent, secure, resilient and sustainable organisations you have to think about technology as much as you think about management or finances or human resources.” And seeing how tools or policies that are adopted in times of crisis can often resonate for decades, it is more important than ever to vet the tech tools our organisations use to communicate – as they could stick with us long after the pandemic has ended. The framework above can help guide you to find the right solutions for your needs and that fit your capacities and resources – of course, it is possible that you decide that G Suite or Zoom is the best fit for your organisation.
With this in mind, we have some alternatives we can suggest. If you are looking for something other than WhatsApp or Facebook for your phone calls and messages, try Signal or Wire, both of which provide end-to-end encrypted messaging and calls. For inter-team communications, at Tactical Tech, we use the open-source Element (formerly known as Riot) instead of Slack. For online calls and video chats, we recommend Jitsi Meet for calls with up to eight people (any more and it starts to get a bit patchy). You can use it from their servers or you can run it on your own server. If you need more functionality for big group meetings, like a whiteboard and break-out rooms, as well as external video sharing, we would recommend using BigBlueButton instead of Zoom. It is especially viable for those who can self-host, and it is great for team meetings and webinars, as it also allows external participants. While there are no real de-centralised alternatives to Google Docs, you could try using Nextcloud for sharing calendars, documents and files within your team. You would have to self-host it or find a provider that would host it for you. If your organisation would like an open-source alternative for project management, try GitLab, which can help large teams manage multiple projects, tasks and timelines. If you are looking for more recommendations, visit this article on Tactical Tech's website.
For now, we are just relying on remote working tools for their primary functions – to keep in touch and keep us working. But the longer we are working from home, the more indispensable they'll become. They will not just be temporary patches for a pandemic; instead, it is likely that they will become more ingrained in our work cultures. And the popularity of remote working tools is helping them expand into new functions: there is a new demand, for example, for employee-monitoring software that allows managers to track their workers' online activity remotely, and to give them productivity scores. Do we want technologies like these to become as normalized as Zoom is in our everyday remote working lives? This is just one more reason why, when we rely on technologies to work from home, we have to think about what kind of future we want and what we are willing to live with.