Where we are today

The advent of Covid has created a tectonic shift in the importance of conferencing. At its simplest level, it allows people to work together by replacing a physical space with a virtual one. This is nothing new. The existence of virtual rooms is decades old. It goes back to the original conference call and has been a mainstay of business meetings for decades. In the last 20 years, the growth of screen sharing added a second dimension to the virtual room, namely content. As an example Webex and other screen sharing services went from an interesting idea to another mainstay of business. Next came video conferencing rooms that allowed multiple sites to share audio, video and content. It was initially achieved using specialized hardware and software. Powerful DSPs or even custom silicon were needed to achieve needed compression, higher definition and sophisticated audio that virtually put people at multiple sites “in the same room”.

But something has changed hasn’t it? Conferencing has always been an option but it has not been the only option. The airliners have continued to be filled with business travelers going to highly important meetings. Confidential board meetings continued to be held in person. Design meetings where trade secrets were being discussed or indeed developed, continued to be held in secret and/or highly secured locations. What has changed is the imperative of Covid that has taken options off the table. Virtual meetings in so many cases have not become a convenience, but have become the only choice.

The advent of any sea change in behavior is bound to uncover new issues and the conferencing imperative is no exception. Suddenly all company meetings are conferencing meetings. Most include audio, video, and content. Every guest on every newscast is suddenly a Skype, Webex, or Zoom (or others) guest. Birthday parties, Sunday family get-togethers, visiting grandchildren or just wanting to say hello have driven the conferencing business to grow 10 fold or even 100 fold virtually overnight. Naturally, all the cracks/imperfections are magnified and start to show.

On top of all this, meetings that were previously considered not acceptable to hold over video suddenly become “OK”. They become “OK” because there is no other viable choice. Suddenly, therapy sessions become tele-therapy sessions, medical appointments become tele-medicine, and the airwaves are filled with folks like Michael Phelps letting folks know it can work for them.

And the cracks make the headlines. “Zoombombing” becomes a new word in the vernacular. People start asking “how do you know who is actually on the call?”. The meeting number generation algorithm gets cracked. Passwords are advertised on Facebook for “convenience”. The lack of privacy of a system that does not provide end to end encryption is revealed. The global nature of the web sends video streams through third countries that are not trusted. While no one was asking these questions before, they are front and center now. The security of conferencing becomes a competitive differentiator. Companies stop developing new features and focus on security.

The good news is that many of these issues are solvable and are being solved. New routing algorithms control where streams go. End to end encryption is being introduced and more and more sophisticated mechanisms for joining meetings are introduced to make it harder for someone to be in a meeting where they do not belong.

The final problem to be solved though is still up for debate, namely “how do you know who is actually in a call?”. If a patient is meeting with a doctor, how does the patient know the doctor is actually the doctor and how does the doctor know the patient is actually the patient. We have all heard how the opioid crisis has had patients shopping doctors for multiple scripts, or even fake patients shopping for multiple scripts so they could sell the opiate illicitly. How much worse could this be with a tele-medicine approach? Passwords can be stolen, meeting numbers can be duplicated, IDs are easier to fake on a video. Has easing the requirements to enable these appointments to move forward made things worse?

If board meetings are now tele-board meetings, how can you be sure everyone attending is who they say they are? “Sorry I don’t have enough bandwidth for video so I will do audio only?” This is a reasonable statement, but what if it is not the actual board member. How would you know?
If design meetings for stealth projects are being held as tele-design meetings, how do you know the competition is not on the line? A new tailgate may be the differentiating feature that sells a $70000 truck. What happens if your competition gets wind of this a year before it ships?

What can we do about it?

Technology marches on and when it does it enables new approaches. Does it make it possible to duplicate the physical experience with a virtual one? Might it even create a more secure environment in the virtual world.

At the root of this issue is Verified Identity. How do you know that you can trust the identity of someone in a virtual meeting room?

Passwords can be stolen, devices can be duplicated or stolen but a person is unique.  People have unique faces, unique voices, unique fingerprints and unique behaviors. People have physical IDs that have photographs on them, and the IDs can be validated. In the physical world  this has generally been easier to accomplish. You can look at a physical ID and the person holding it. You can put the ID under a blacklight to determine if it is a real ID.

In the physical world, for an identity sensitive conference, people can be gated on entry. They may have company IDs and if they are from outside the company, they have physical IDs.

In the virtual world, how is this accomplished?

For an internal enterprise meeting, some combination of behavioral biometric, facial recognition etc can be used to lower the probability of fraud by orders of magnitude. For employees, enrollment includes verifying a piece or several pieces of ID, and is simply part of the onboarding process of a new employee. For external meeting guests, physical IDs and face matching can also be accomplished as part of the gating process to allow a person into a virtual room. Much like a physical meeting, validating identity is simply part of the process of “entering” the room. Sophisticated AI applied to the IDs to detect fraud and even real time database dips make this possibly more secure than a physical meeting.

In the physical world, when a patient goes to visit their physician, a piece of photo ID is a gating factor. The physician has eliminated or at least reduced fraud by validating identity physically. The patient knows they are in a doctor’s office and can see diplomas on the wall to reassure them they are dealing with a legitimate care giver.

The virtual telemedicine appointment need not be different. Both the physician and the patient can have their identity verified when entering the meeting. It can even go one or more steps further. In real time, a physician database can be double checked for further verification. On the patient side, for the opioid example the opiate prescription monitoring database could also be checked. In fact other checks are also possible.

In any confidential meeting trust in the participants is key. Verified identity is the root of trust. The key is how to do it quickly and with a high degree of veracity….there’s a way, and we are happy to show you how. Reach out for a demo.

Michael Frendo Headshot

SVP/GM High End Security BU Juniper, EVP Engineering Polycom, VP Engineering & Advanced Product Development Cisco, Founder VoIP Forum. Executive leadership roles at: Infinera, McData, Avaya, and Nortel.