Live lecture in groups with limited interaction (streaming)

The KIT has centrally procured zoom licenses for live lectures in teaching. The video conferencing service Zoom was procured at KIT in the exceptional situation of the Corona crisis in order to increase the variety of possibilities for online teaching. Its use is voluntary. The provision and use of Zoom is only intended for the period of the exceptional situation in teaching.

In addition, alternatives such as Jitsi can still be used on the students' own responsibility while respecting data protection and information security (especially confidentiality).

Privacy policy for Zoom

• Data protection notice for Zoom use at KIT

  Within the scope of its possibilities, KIT endeavors to use solutions for online teaching that comply with data protection regulations. Due to the currently not realizable scaling of the existing services, the cloud-based online setting had to be used. Lecturers and students are free to decide whether they want to use a cloud-based service or not, knowing which data protection concerns exist on the one hand and how indefinitely possible alternatives to the use of the cloud-based service will be available on the other. The KIT ensures that the non-use of cloud-based services is not sanctioned (e.g., by ensuring that students are not charged for exceeding deadlines caused by non-use of cloud-based courses or exams), and thus also follows current resolutions of the Standing Conference of the Ministers of Education and Cultural Affairs of the States in the Federal Republic of Germany.
  
  KIT has taken extensive measures to raise the use of cloud-based services to a level acceptable under the circumstances by Corona. For example, the use of Zoom at KIT is based on a contract data processing agreement that has been adapted to KIT requirements. In particular, KIT has succeeded in designing the passage on the possibility of passing on personal data in conformity with data protection. In addition, attitudes and recommendations for a data-saving use and for minimizing risks from an IT security point of view were elaborated and implemented. This means that students can participate in the sessions without activating their microphone or webcam and without having to give their real name. The students are informed comprehensively about data processing by means of a data protection declaration.
   

• On the critique of Zoom

  The zoom implementation has been configured by KIT for a data-efficient use to minimize risks. For example, log-in via Facebook, feedback options to Zoom and user-related statistics are deactivated.

  Lecturers can only use the software for the use of Zoom on a voluntary basis after confirmation that they have taken note of the data protection declaration. In addition, KIT has made extensive settings that further increase the data protection level of the software compared to the standard settings.

  The use of Zoom is currently being discussed and commented on in the press. Among other things, the data protection statement provided by Zoom itself has been criticized and reports have been made about deliberate interference or weaknesses in the software. However, the provider has reacted to the hints and criticism at short notice, especially by improving the software and settings.

  Statements from Zoom

  The provider has recognised the high importance of the topic of data protection and information security for European users:

  • In the current version of the privacy policy (https://zoom.us/de-de/privacy.html) the provider distinguishes between the use of the marketing pages and the use of the service. To this end, it has removed the Facebook SDK from the IOS app.
  • The provider is striving to improve transparency and implement additional security features, in particular the security gaps in the Mac client and UNC hyperlinks have been resolved: Zoom Blogpost: A Message to Our Users (https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/)
  • The meetings are transport encrypted: Zoom Blogpost: The Facts Around Zoom Encryption for Meetings/Webinars (https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/)
  • Further adjustments were made so that, for example, users are routed via computer centres outside China: Zoom blog post : Response to Research From University of Toronto's Citizen Lab (https://blog.zoom.us/wordpress/2020/04/03/response-to-research-from-university-of-torontos-citizen-lab/)

   

  Encryption of meetings

  In a recent article, the Citizen Lab of the University of Toronto has investigated the encryption of meetings with the result that the meetings are not suitable for particularly sensitive communication, but for usually public or semi-public events such as lectures or seminars.

  Security of log-in data

  heise Security reports (in German) that a research company has discovered access data for hundreds of thousands of zoom accounts for purchase on Darknet. At least part of the login data is said to have been obtained by automated testing of login data.

  By using Shibboleth, we at KIT are on the safe side in case of a specific attack on Zoom, since passwords are never stored at Zoom.

  With regard to private zoom accounts, we could advise you to follow the press and, in accordance with our practical tips on IT security, to use complex passwords and different passwords for different user accounts in private as well.
   

• Data protection and information security for users

  We recommend our users to consider the following general aspects.

  • Always work with a current operating system with security updates installed on your PC, laptop or smartphone.

  • Make sure that your virus protection is up-to-date and that you are using official app stores.

  • Update applications / apps, especially web browsers and meeting clients, regularly.

  • Watch out for fraudulent messages, especially check links to registration or download pages

  • Use the possible settings for camera / microphone use on your own system.

  • Do not pass on meeting links or meeting IDs uncontrolled, e.g. by screenshot

  • Names of participants or contributions in the meeting chat should be kept anonymous, meetings are a public space.
     

• Privacy-friendly settings for Zoom by KIT

  In addition, KIT has made extensive settings that further increase the data protection level of the software compared to the standard settings. Locked settings cannot be changed by lecturers; deactivated or activated settings can be changed by lecturers as required.

  • Automatic start of the camera and release of the own audio are blocked when joining a meeting, i.e. participants have to switch on their own audio as well as the camera itself.
  • Automatic answering of calls is blocked, since KIT uses zoom only for lectures.
  • Recording is only possible for teachers in the cloud. These recordings include screen sharing as well as audio and image of speakers. The chat history is not recorded. Recording is only done if the teachers themselves want it and start actively. No participants will be recorded for the usage scenarios shown above, as they are muted during recording. They are only made available afterwards using KIT's own systems. Recordings are automatically deleted in the Zoom Cloud after 30 days.
  • Attention tracking is blocked.
  • Machine counting of participants in Zoom Rooms is blocked.
  • Access to other contact data within KIT by zoom is blocked. 

   

• Additional presets for a Zoom meeting

  • General information about "zoombombing" or against the takeover of a zoom meeting: Meetings were not prepared for the publication of the links. If sharing one's own screen for participants was enabled by default, it was easy for third parties to join the meeting via link and share any content (often of an offensive or even illegal nature) via screen sharing and thus disturb the meeting. This is better protected by default settings, especially a random password is created for each meeting room. Lecturers usually provide this link to a closed group of people via ILIAS. Lecturers should update the link regularly if necessary, e.g. by changing the meeting password, in order to limit the risk of distribution.

  • The waiting room for meeting rooms is activated in the default settings.
    All participants must first be admitted to the room by the moderator. Unwanted or disruptive participants can be removed from the meeting room by the moderator and prevented from re-entering.

  • Student screen sharing is disabled by default.

  • You cannot create a meeting without a password. This is locked.

  • File transfers in chat are locked and cannot be made.

Information about Zoom

With the help of zoom, video conferences and virtual meetings with up to 300 participants (including screen sharing and chatting) can be held for an unlimited time. Zoom offers uncomplicated use and high stability even with many participants and is therefore suitable for various teaching scenarios. We recommend Zoom for use in the following two live teaching scenarios:

• Information on license distribution (page only visible in the KIT network)

• Online lectures (with little interaction)

  When using Zoom for online lectures, specific settings are made by the SCC to comply with the DS-GVO.

  • Participation via PC/laptop with microphone (and optional webcam), smartphone or telephone
  • Access for lecturers after activation via my.scc.kit.edu
  • Access for students via link invitation/meeting ID and password by lecturers in ILIAS course

  Students can participate with an alias of their choice so that they do not have to reveal their name to Zoom.
  Note: You can record your lectures via zoom. In addition to your presentation (with webcam video if necessary), all videos and audio contributions by students will be recorded. Please pay attention to the following aspects:

  • No questions during the lecture! Point out to your students that there will be a question and answer session at the end of the lecture which will not be recorded. In the chat, questions can be asked anonymously even during the lecture.
  • No participation with audio and/or video by students during the lecture part! This setting can be made centrally by you as a lecturer before recording begins. (see the instructions)
  • Attention: During a recording no end-to-end encryption takes place.
  • Provisioning of the recording: The recording itself takes place in the cloud. The direct provision of recordings via the cloud is deactivated and only possible by download and later upload with OpenCast in the ILIAS of KIT.
     

• Instructions: Hold a lecture with Zoom (in German)

• Online seminars (with high interaction)

  For the use of Zoom in online seminars in which you want to interact or discuss with the students, specific settings are made by the SCC to comply with the DS-GVO.

  • Participation via PC/laptop with microphone (and optional webcam), smartphone or telephone
  • Access for lecturers after activation via my.scc.kit.edu
  • Access for students via link invitation/meeting ID and password by lecturers in ILIAS course
  • Presentation of the students' user data and participation with video/audio on a voluntary basis to enable personal exchange and individual interaction

   

  Note: Online seminars via zoom may not be recorded for reasons of student data protection. Anyone who records people without their consent is liable to prosecution.
   

   

• Instructions: Hold a seminar with Zoom (in German)

• Notes on using Zoom for students