All data is encrypted – not just the live video call. The Video Call Service stores service provider information and passwords securely on Amazon RDS (Relational Database Service). Passwords are transmitted using TLS (Transport Layer Security) but are never stored.
During a live video call, all exchanged data is also encrypted. This applies to the audio and video data, and also to all other data shared in the call. The Video Call Service uses state-of-the-art security mechanisms for all connections and particularly for its WebRTC implementation. Connections between browser and Application Server, Signalling Server, or STUN/TURN are all TLS-encrypted and authenticated, with strong cryptography and proper certificate checks. Security for WebRTC communication is enhanced by having the Signalling Server facilitate the cryptographic setup for browser-to-browser communication: browsers securely establish a shared key for every data channel. The TLS protection for STUN/ TURN negotiation ensures that no re-routing of video call communication can take place, either.
As befits a distributed system, all components of the Video Call Service ecosystem are hardened against attacks.
- The Video Call Service is compliant with government privacy policies in Australia.
- The Video Call infrastructure and service conform with the Australian Privacy Act 1988, the Australian Privacy Principles (section 8) relating to data sovereignty and, wherever practicable, the Australian Government Information Security Manual (ISM).
- Because of the peer-to-peer nature of the Video Call connections, data shared in actual calls between participants is only ever available in decrypted form only to the participating endpoints of the call. All other intermediaries that forward the call can only see encrypted data. This applies to audio /video data as well as all information exchanged in the session such as chat messages, documents that are being shared. By default, video calls do not store any of the shared data from calls.
- Patients enter online Waiting Areas via a trusted service provider website and wait in their own private video room. It does not matter if a Service Provider is running late consulting with another patient, as there is no chance of patients running into each other. The video created room is deleted after the consultation.
- Patients can be seen by any Service Provider or Clinic Administrator authorised to access the clinic. Authorisation is defined by a unique login and assigned roles in the platform. Clinic Administrators are responsible for assigning this access to their staff.
- By default, the Video Call Service does not retain patient identifiable information which means patients do not leave a digital footprint on the platform.
Once Australian data or management moves offshore, it is no longer tightly controlled and is subject to the laws of a foreign country or the practices of a foreign corporation. Allowing foreign companies to access and control Australian’s data will not protect the existing rights of Australians to have their privacy and data adequately protected. Sensitive data about Australian citizens must therefore be stored on an ASD (Australian Signals Directorate) certified cloud that can guarantee information is not accessible by foreign governments and their allies.
The Video Call Service has therefore taken a strict approach to hosting only within the AWS (Amazon Web Services) cloud, which has been certified by the ASD’s IRAP (Information Security Registered Assessors Program) which provides assurance that AWS has in place the applicable controls required by the ISM (Australian Government Information Security Manual). As part of that, the Video Call Service can confirm that:
- Personal health data is used solely within the Australian legal jurisdiction.
- The confinement of all data storage is restricted to onshore data centres.
- Security protocols and systems are kept in Australia and within ASD requirements.
- Commonwealth primacy in all aspects of operation and access to the cloud system.
The Video Call Service is scalable in an almost unlimited fashion. This is due to the fact that it has been built in the AWS Cloud and that it is using WebRTC peer-to-peer calls as the basis of service delivery. Specifically, this means that:
- Peer-to-peer calls are set up between health service providers and clients directly, from browser to browser. This avoids the use of an intermediary video server and allows an unlimited number of parallel calls.
- Sometimes, peer-to-peer calls get stuck on corporate firewalls. For this purpose, relay servers (STUN/TURN) are in place to forward audio, video and data streams to their recipients outside the corporate boundary. While relay servers can handle a substantial load before being saturated, it is important deploy them in a scalable fashion. The Video Call Service has been deployed on AWS Cloud, so that relay servers are monitored and if a higher load is discovered, additional relay servers are spawned that will transparently take over additional relay work. This is called “load balancing”.
- Signalling servers are involved in setting up video calls, so particular attention has also been given to deploying a scalable signalling infrastructure. Load testing has been undertaken on the Video Call signalling servers and they have been found to be able to support many thousands of parallel calls. In addition, a network of signalling servers has been deployed in different AWS locations to allow lower latency between the endpoints of a video call and the signalling server by picking the closest signalling server to provide call signalling.
- The Web application itself is software that is distributed into the Web browsers from an application server. As a large number of users start using the Video Call Service, the Web application servers may also become very busy. The Video Call Service has therefore also implemented load balancing for the application servers.