Daniel Rainey

Zoom, Take 2

The Zoom question is complicated, particularly because of the negative press the platform is getting.

 
To begin, remember the rule that one can never absolutely guarantee privacy online.  Having said that, I think Zoom is still relatively low risk.  The negative news has been about a few specific issues related to the platform. 

First, that the platform is subject to Zoombombing – having unauthorized users break into meetings to eavesdrop or inject objectionable content.  I dealt with this a bit in an earlier blog post, but to recap, the interruption of Zoom meetings that fit under this category have been, to my knowledge, either due to compromised linkage software that allows users in a company’s internal system to connect to Zoom (where the linking software is the hackable weakness), or due to careless handling of URL login’s and passwords.  I am not aware at this point of any hacks of Zoom meetings conducted using Zoom apps on both ends.

 
A second bit of bad news is that Zoom used its platform to gather information about users.  My response to this is that most, if not all, online platforms do this.  Due to the negative publicity, Zoom has disabled the function that allowed users who paid for Zoom’s marketing service to access user LinkedIn data, but the fact remains that just about any online service has the ability, and the inclination, to gather user data.  That’s just part of the business they are in. 

The other bad news has been that Zoom was not totally up front about the “end-to-end” encryption they use.  For reasons I won’t go into, true end-to-end encryption with multiple users is damned hard to do.  If they are to be believed, FaceTime does it, but most platforms don’t.  According to some tech investigators, Zoom encrypts video, audio, and text for meetings held with all users on the Zoom platform – the encryption is from the user to Zoom’s servers, and from Zoom’s servers back to the user, but not between Zoom servers in the cloud.  This allows Zoom to view/hear meeting content on its own servers, but makes hacking the stream from user to user very difficult.  There may have been one, but I do not know of a case of hacking that has broken the encryption in transit, nor do I know of a case of hacking involving Zoom’s cloud servers.  Again, the Zoombombing and data problems of which I am aware have been due to either connecting software or bad user behavior.  As an aside, the way Zoom handles encryption means that they could comply with court orders to reveal information stored on their servers, and that info is not encrypted (except for text in the chat room, which is apparently really encrypted end-to-end in the classic sense).

So, should you still use Zoom?  I’d say the answer is a slightly qualified “yes.”  If you are dealing with info that would truly ruin you if it were compromised, and if you had a way to send that information in offline ways, or in self-encrypted formats, I’d not use any online platform.  But most info does not fall into that category – if may be sensitive or proprietary, but the question of whether to deal with it online is a risk/damage assessment that would make using a reasonably secure platform ok.  Zoom is a reasonably secure platform, in my opinion.  Apparently, some of the organizations that have blocked the use of Zoom have suggested that employees share information by email (perhaps the most vulnerable online platform that exists) or by phone (making the simple act of hacking mobile systems a risk).  I still think WebEx, as a web video platform. is slightly more secure, but it is not as user friendly – if you set Zoom up well, use it with all participants on the Zoom platform (not calling in by phone or joining from another platform) using computer audio, and you are smart about how to handle URL login information and passwords I think you can use it responsibly and ethically with parties. 

Zoombombing

There has been a lot of talk in the past few days about “zoombombing” – having an interloper interrupt a Zoom session with racist, sexist, or pornographic material.

Since Zoom and other video platforms are bearing the brunt of the load for letting us interact with each other at a distance, this can be a real problem, particulalrly for teachers and students using the platform to conduct education remotely. First, let me suggest that this is not a problem with Zoom’s security per se – the streams are encrypted in both directions, and Zoom has not, to my knowledge, had a significant problem with hackers except for instances where some linking software has hooked Zoom into other platforms (most noteably, Cisco). So, zoombombing is apparently a classic example of the thing that causes most security problems online – user behavior.

The basic problem seems to be that log in URL’s and passwords are being shared in a way that makes them vulnerable to hacking and stealing (or are inappropriately given to bad actors by legitimate attendees). So, the first line of defense is to protect the URL’s and passwords. Doing so can be a bit onerous, but in situations where the information you are dealing with is sensitive, it’s worth the effort. So, some of the options are to use a URL and a password, but not to send the URL and password together, or to send one via email and supply the other by phone, or to use encryption devices to pass log on information to participants.

If you are a host, there are some settings you can change that will help you either block or expel bombers if they get into your session:

1) Disable “Join Before Host” so people can’t cause trouble before you arrive;

2) Enable “Co-Host” so you can assign others to help moderate;

3) Disable “File Transfer” so there’s no digital virus sharing;

4) Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in.

ABC’s of ODR Video

The ABC’s of ODR session that Larry Bridgesmith and I did yesterday is available at this link: ABCs

ODR Fundamentals Web Session

On Thursday, March 19, at 11am US Eastern time, Larry Bridgesmith and I will discuss the ABC’s of using technology as part of a dispute resolution practice – a particularly apt topic given the current enforced isolation. To attend, go to the URL or one of the phone numbers below.

Join Zoom Meeting

https://zoom.us/j/191224088

Dial in:
+1 312 626 6799 US

Find your local number:

https://zoom.us/u/abdZKCgAjF

ODR Skills Training

I’ll soon post the English announcement for an onine interview with me and a Q&A session regarding the ODR skills class Ana and I will begin in April. For those who speak Portuguese, Ana will be online on St. Patrick’s day to talk about ODR and about the skills class.

PeaceTones in Zambia

IBO’s work in Zambia represents the inaugural effort to marry the PeaceTones project, which has been ongoing for several years, with IBO’s digital identity project: The Invisibles. Beginning in February, IBO will, with a number of partners, plan and conduct an exchange with students from Austin, Texas, and Zambia to create music and video for the next PeaceTones album – The World United in Song. The result will be not just music and video: IBO will help the Zambian students create a digital wallet with basic digital identification elements and a certificate of accomplishment to document the skills they learn working with the IBO project. For more information about IBO, PeaceTones, and The World United in Song, go to: https://peacetones.org/

Tis the Season . . .

Starting in early January I’ll be doing my regular stints at McGeorge Law School out in Sacramento, and online with Dominican’s Dispute Resolution program. In both cases I’ll be teaching ODR (online dispute resolution) classes – for McGeorge focused on the courts and access to justice, and for Dominican focused on mediation and dispute resolution online skills.

CyberWeek 2019

NCTDR will sponsor CyberWeek 2019, a free, online conference running from Monday, November 18, through Friday, November 22. On Friday, at 11am, Eastern US time, Jeff Aresty and I will host a session on Business Models for Fairness and Freedom, and at noon Eastern US time, Ana Goncalves and I will host a discussion about the Singapore Convention on Mediation. CyberWeek registration, schedules, links, etc., can be found at http://odr.info/cyberweek2019/

Singapore Convention Notes

The following note will probably appear soon on the Mediate.com home page.

As Alberto Elisavetsky and Maria Victoria Marun noted in a November 4, 2019, posting in Mediate.com, on August 6, 2019, the Singapore Convention on Mediation was announced.  The Singapore Convention parallels the New York Convention for Arbitration by legitimizing mediation as a dispute resolution method for international commercial transactions.

Alberto and Maria Victoria make the argument that there is a need for interdisciplinary training and practice for mediators who work in international venues – a sentiment I heartily endorse.  And , the Singapore Convention , on its surface, seems to address the twin barriers to the use of mediation in international agreements:  uncertainty about the process, and enforceability.  But we shouldn’t get too carried away with assumptions about how revolutionary the Convention will be just yet.

There are problems with the Convention’s approach to uncertainty and enforceability.

The text of the Convention addresses both issues in Article 5, addressing the enforceability of mediation settlements by referring to the application of “mediation standards.”  The immediate problem is that the Convention does not define any standards.

The lack of standards for mediation across cultures and national borders has led to a kaleidoscopic landscape of mediation styles and norms, which in turn creates the uncertainty mentioned above. Unlike legal or arbitral proceedings, mediation practice can vary greatly based on nationality, legal setting, culture, or mediator preference.  As Manon Schonewille and Jeremy Lack argue:

It is difficult to extract any clear standards of processes for mediation when two parties come from different jurisdictions, especially when the expectations, styles and approaches to mediation vary greatly from country to country.[1]

Both expectation and enforcement rely on these undefined standards.  The Convention addresses enforceability by declaring that mediation agreements can be set aside by judges in the event that

.  .  .  there was a serious breach by the mediator of standards applicable to the mediator or the mediation without which breach that party would not have entered into the settlement agreement.[2]

So, we would look for a serious breach of mediator standards as a reason for setting aside a mediation settlement, but the question remains, “a serious breach of what standards?”

It is possible that guidance from sources outside the Convention can be helpful, but again we should not get our hopes up prematurely.

For example, the UN rules on conciliation are not helpful.  The rules state that:

The conciliator may conduct the conciliation proceedings in such a manner as he [or, we would hope, she] considers appropriate .  .  .  .[3]

Further guidance from the UN rules states that:

The conciliator will be guided by principles of objectivity, fairness and justice, giving consideration to, among other things, the rights and obligations of the parties, the usages of the trade concerned and the circumstances surrounding the dispute, including any previous business practices between the parties.[4]

Objectivity, fairness, and justice are all concepts that can be interpreted radically differently depending upon the cultural and legal venue from which one views them.

So, is the Singapore Convention useless?  Of course not, but it is flawed.  Ana, Francois, and I have begun work on a proposal to produce an addendum to the Convention that would begin to address both process expectations and enforceability. 

As they say, “watch this space.”

[1] Mediation in the European Union and Abroad: 60 States Divided by a Common Word? Chapter 2 by Manon Schonewille1 and Jeremy Lack  in: The Variegated Landscape of Mediation.  A Comparative Study of Mediation Regulation and Practices in Europe and the World, Manon Schonewille and Dr Fred Schonewille (eds.), 2014 The Hague: Eleven International Publishing.

[2] United Nations Convention on International Settlement Agreements Resulting from Mediation, Article 5 (e).

[3] UNCITRAL Conciliation Rules, Article 7 (3).

[4] UNCITRAL Conciliation Rules, Article 7 (2).

First ODR Book in Spanish

At the ODR Forum I got my comp copy of the first online dispute resolution book published originally in Spanish, written/edited by my colleague, Alberto Elisavetsky. He kindly included a brief statement about the future from me as part of an “ask the experts” section.