Zoom Is Now Promising End-To-End Encryption Option For All Users, Here's Why
Ever since the coronavirus pandemic exploded earlier this year, videoconferencing service Zoom has seen its popularity soar. During its ascent, Zoom has faced a number of challenges related to privacy and security, so on May 22, the company released the draft design of its end-to-end encryption (E2EE) implementation. Zoom says that since that date it has engaged with civil liberty organizations, its CISO council, child safety advocates, encryption experts, government representatives, its users, and others to get feedback on the feature. Ultimately, Zoom says that it explored new technologies that would enable it to offer E2EE for all tiers of users, even free users.
This week, the video conferencing company released an updated E2EE design on GitHub. Zoom says it has identified a path forward that balances the right of all users to privacy and the safety of the users on its platform. That path enabled the company to offer E2EE as an advanced add-on feature for all users around the globe on free and paid versions of the platform. At the same time, it maintains the ability to fight abuse on the platform.
To enable encryption for everyone, Free/Basic users who want to use E2EE will participate in a one-time process that prompts them for additional information. Information required includes verifying a phone number via a text message. Zoom says this is a common step companies require for users to prevent the creation of abusive accounts. The company says that it's confident that implementing risk-based authentication in combination with its existing tools, like "Report a User," it will be able to prevent and fight abuse on the platform.
Zoom intends to begin an early beta of its encryption feature in July, and will continue to use AES 256 GCM transport encryption as the default encryption, which it says is one of the strongest encryption standards used today. Encryption will be an optional feature because it limits some meeting functionality, including the ability to use a traditional PSTN line or SIP/H.323 hardware conference room systems. Account administrators will be able to toggle E2EE on and off at the account and group level. E2EE for free users of Zoom is good news, as just a few weeks ago the company was saying that the encryption wasn't coming to free accounts.