The techniques of this disclosure provide low-latency, access-controlled, secure bidirectional data channels for remotely controlling devices over a network, e.g., kiosk devices. The techniques of this disclosure enable remote users to communicate with and control a kiosk device, e.g., a video-conferencing system. Remote users can issue remote procedure calls (RPCs) to kiosk devices. Kiosk devices can provide state notifications to remote users. Communication between remote users and kiosk devices is governed by access control mechanisms. For example, access control policies can be deployed that restrict the RPCs a remote user sends to a kiosk device, and the state notifications that a remote user receives. Further, multiple independent channels can be established between pairs of remote users and kiosk devices, and a channel-specific access control policy can be provided.