Delhi Police Wants Zoom Call Data Of Disha Ravi, But Can Zoom Share It?

Delhi Police has written a letter to the developers of the video conferencing app, Zoom after it was discovered that it was used in a meeting between the climate activist Disha Ravi (who was recently arrested) and others surrounding the editing of the controversial toolkit which was later promoted and shared by Greta Thunberg.

Twitter: Disha Ravi

The letter has been sent in order to find out the participants of the meeting. Along with the Bengaluru based-21-year old climate activist, non-bailable warrants have been issued against Mumbai lawyer Nikita Jacob and Beed engineer Shantanu Muluk.

But can Delhi Police really get Zoom to retrieve and share data, considering Zoom is a US-based company? As it turns out, they can.

Zoom¡¯s Government Request Guide

Zoom has listed a set of terms and conditions on its website, under the ¡®Government Request Guide¡¯ section, where it has stated how an International government can apply for obtaining data of its users.

As per Zoom's guidelines, the information can only be asked through official channels, where it should also include an officially signed document or a request by email from the government, from the official email address.

Secondly, it makes sure that the request would only be considered valid legally when it has a basis in the domestic law of the requesting country and ¡°pertains to the bonafide prevention, detection, or investigation of offences.¡± It also asks for the requirement of A Mutual Legal Assistance Treaty request or a request from a country meeting the obligations under the CLOUD Act or letters rogatory to reveal the information.

Zoom can choose to reject the request

Zoom will look at the case and see if the request is valid or not and it can even choose to challenge or reject the request entirely. They also have revealed that government requests will be scrutinized on a country-by-country and case-by-case basis to maintain a balance between legal obligations and Zoom¡¯s principles.

Reuters

The guide also states the kind of cases they¡¯d entertain, ¡°Key factors we will consider include whether we have a good faith belief that the request involves child sexual exploitation material or an emergency involving danger of death or serious physical injury to any person. We will also limit our response to only the user or meeting data deemed necessary to prevent these harms.¡±

Information needed to retrieve data

Zoom has listed what kind of information it needs from the government to derive information from a particular account. This includes the user¡¯s display name, email ID or IP address. In case they want information on meeting records, they¡¯d require the meeting ID, meeting host¡¯s email address and meeting date and time.

They can also offer meeting registration URL as well as details on specific information that they want and its relationship with the investigation.

What about end-to-end encryption?

Zoom, unlike other video conferencing apps, didn¡¯t offer end to end encryption to its free users initially. In fact, it also didn¡¯t offer end-to-end encryption to its pro users. This feature is only limited to its enterprise-level clientele -- people whose identities the company can confirm.

However, late last year, it finally allowed people (for free and to enable end-to-end encryption on their calls. But this had to be manually enabled.

Reuters

Access to zoom calls

With encryption enabled, Zoom cannot have access to the communication in the meeting, it can just have access to the details of the meeting.

According to Zoom, ¡°Meeting metadata is automatically captured when a participant joins a meeting, whereas communications that occur during meetings are encrypted and cannot be accessed by Zoom.¡±