The COVID-19 situation has seen a lot of new users to UC products. Whilst “civilian” users often rate products on consumer features e.g. how many video users you can see, is it free, how easy is it to use. Those in enterprise as ever continue to need to evaluate the overall quality of the vendors development process (bug history/track record, testing regime, stability) but also the fundamental security and data compliance architectures.
For those with high value IP/government data, there are usually audit requirements which scrutiny of the geographical routing of data, what data is stored and who can access it. With a rush to online learning many higher education schools/universities rushed to certain low cost offerings and are now experience complications – whilst it’s probably fine for a lecturer in medieval poetry or business marketing to teach students and have a staff meeting on some systems, for Tier1 universities involved in government and industrial research many simply will not meet the auditing and regulatory requirements of such collaborations. Many (particularly free/cheap ones) systems route data via other countries with varying degrees of encryption and collect data about meetings. Such data may be available internally to the companies that make them and in turn those companies can be compelled to make available to government agencies where they operate. With increasing tension within mega-industries and national governments arising for resources due diligence and audit for those in finance, healthcare, research and government often means ensuring the need to proactively protect strategic information. In many cases the geography passed through is the USA, generally regarded a friendly power, however with PPE supply conflicts between many countries, tension over state intervention in the airline/aerospace sectors and the lucrative dash in virology research for a vaccine many are having to scrutinise their data control rigorously.
Likewise some countries don’t like the idea of their data passing through a foreign country accessible to that government and as such block use of the control plane and in webinar scenarios invitees from universities countries such as China may be unable to register and attend. Likewise products that insist on calendar access to put webinars in diaries are often blocked by corporate networks or savvy individuals and as such your invites may be forgotten.
It is usually very hard for consumers to access decent comparisons or information on the data control in these applications. Infosec experts do rather well providing this information that there is little in-depth community data available and enterprises who invest in specialist knowledge to evaluate the products they have no vested interest in sharing.
A large number of users are appearing with fairly high data security/protection needs – local solicitors, family doctors’ practices, K12/high schools and what’s probably ok for your dad to use to play online bingo with his mates from the pub really isn’t going to cut it.
EUC guru Bas van Kaam, produced a very useful consumer overview cheatsheet fairly recently which is a must read. Arising from some discussions around this though I was directed by Brian Timp to the most amazing consumer guide to data security on these products which is a must read in my opinion for sophisticated users to evaluate if the various solutions on the market…. There is however one tiny issue – it is in Dutch (a language that acquired all the vowels Poland and Hungary didn’t want!) and published as a .pdf (as ever a PIA proprietary Adobe format to translate to other formats or process through a language translator) with a massive table and complicated footnotes.
The source – the guide is written and hosted by the Dutch Data Protection Agency – “Autoriteit Persoonsgegevens” (https://autoriteitpersoonsgegevens.nl) – their remit is covered (in English, here and here). Wikipedia’s overview of organisation shows that the nearest equivalent in the UK is probably the Information Commissioner’s Office (ICO) however the UK organisation is far more focused on data regulation and how the individual can seek redress. The Dutch organisation’s model of providing high-quality data to citizens, to aid better choices, seems to offer practical advice at a level needed for commercial/organisational compliance.
This document could not have been designed to be harder to turn into English, despite numerous attempts I pretty much failed! As of 2nd June 2020 the current version of the review is available in .pdf format, here.
However, I eventually figured a way to get enough out (with a lot of help from Rene Bigler) that I can read the overview. You can do this from the original source too:
- Put the .pdf through google translate
- Print off the original Dutch .pdf, this will at least mean everything is in the right place
It is worth knowing that United States of America (USA) translates as Verenigde Staten van Amerika (VS) in the table – even translating this from 2->3 chars threw the formatting in translators off.
I had partial success with Adobe Acrobat converting the document to word .doc format but there were some issues. Opening the .pdf in Microsoft word result in a worse .doc that using Adobe with many chunks of the table mis-formatted. Once in word, DeepL proved a good Dutch->English translator. Google translate although it accepts simple pdf docs, only managed some bits of the table and even then not very well.
The Quick Dirty Solution for English Speakers
In the end I _manually_ spent several hours reconstructing the Dutch document – shown here. Disclaimer: this is done as a best effort and may contain errors; all the evaluation was performed and is credited to the Dutch Data Protection Agency. I really dislike republishing original source data and would normally post a link to the original with instructions on how to convert yourself. The information is as per the Dutch original on a fixed date (May 2nd 2020, published 2nd June 2020) and as such may well be out of date in the future. I’ve included my hacked translation below.
Comparing data privacy alongside user features and user reviews
- Products covered by Bas van Kaam’s cheatsheet: Teams (Microsoft), Google Hangouts, Amazon Chime, WebEx, Zoom, GoToMeeting, Slack
- Products covered by the Dutch AP: Discord, FaceTime, Hangouts (Google), Hangouts Meets (Google), Jitsi, Messenger (Facebook), Signal, Skype, Talk (Nextcloud), Teams (Microsoft), Whatsapp, WebEx, Zoom; [note: GoToMeeting/GoToWebinar a popular enterprise option is not included]
- Other products in this space: Bluejeans
Other sites you may want to look at if evaluating UC products include:
- sourceforge.net – a good product tick sheet where you can easily compare different products, the differences where products have gaps relative to others can be very good for focusing the mind on your own use cases
Video Call Privacy Choices – as hacked into English
Original source: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/keuzehulp_privacy_videobellen_versie_2.pdf
My Translation (suggest you open in a new window) – still a few broken footnote links to manually fix up. http://virtually-visual.com/DataPrivacyDutch1VideoCalls.htm
I also have various versions in doc/pdf if needed.
Image courtesy of @papuan at Upsplash @papuan at Upsplash
whereby.com is curiously missing from both lists.It’s free up to 4 participants, requires no browser plugins and is supposed to be very privacy focused.