Untangling Zoom's Security Issues, Contact Tracing & End to End Encryption with Kenneth White
Security Voices - A podcast by Security Voices
Categorie:
The misinformation spread during the COVID-19 pandemic has made what happened with the 2016 U.S. elections look like the “good old days.” Epidemiologists are on center stage trying to explain complex topics to billions of people concerned for their lives-- and sometimes politicians are aiming to do the same. The multiplier effect is how hopelessly entangled challenging technical issues like end to end encryption and contact tracing via bluetooth on mobile phones are now also being publicly debated.
The most natural reaction? Confusion. Kenn White is here to help.
During our 60 minute conversation with Kenn, Jack and Dave go past the headlines trumpeting Zoom’s security issues in an attempt to lay bare the real issues with their recent missteps. Their initially misleading claims around end to end (E2E) encryption is our primary focus, but before diving deep into Zoom, Kenn explains exactly how hard it is to make it work by describing his 2 year journey to deliver E2E encryption at MongoDB. We pull apart the remaining concerns and Zoom’s impressive response to provide our take on just how worried you should be, from Johnson Elementary School to the defense industrial base.
Kenn has a unique perspective on the idea to use contact tracing via Bluetooth to identify who infected people have been in proximity to in order to slow the spread of a disease. Having spent 10+ years supporting clinical trials, he explains why using our mobile phones to make contact tracing during the COVID-19 pandemic is unlikely to be successful in the near future.
We hope this conversation with Kenn brings you clarity and calm at a time when both are in short supply.
Note: We spend the first ~15 minutes talking about coping strategies during the pandemic. If you’d like to jump straight to the content focused on E2E encryption it begins right around the 15 minute mark.
About Kenn
Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC. He tweets about security, privacy, cryptography, and biscuits: @kennwhite.