Zoom is offering full end-to-end encryption for all users

With growing competition, Zoom has faced pressure to double down on data privacy and cybersecurity.
18 June 2020
  • Zoom has shot to fame as the video conferencing solution of the remote working shift
  • In the wake of ongoing privacy issues, the firm is now rolling out end-to-end encryption for all users
  • With growing competition, Zoom has faced pressure to double down on data privacy and cybersecurity

Great news for both free and paid Zoom users – the video communications company is offering full end-to-end encryption (E2EE) starting with a beta version pilot coming this July.

After releasing a draft design of how Zoom’s E2EE would look in May, the company is now set to launch the stronger encryption next month, heeding to the calls of public and government officials. The announcement comes on the heels of the acquisition of Keybase, an encryption and identity service to secure online IDs, which the videoconferencing leader called a “milestone” in its 90-Day security pledge.

E2EE makes it near impossible for third parties to decipher communications, but it will mean the end for Zoom meetings conducted via telephone lines. Zoom indicated that “E2EE will be an optional feature” and admins will be able to turn on or disable the feature to enable traditional phone lines and/or other older conference room phones to participate. 

Earlier this month, Zoom CEO Eric Yuan shared in an earnings call that Zoom wouldn’t offer free subscription users full encryption “because we also want to work together with FBI [and] with local law enforcement in case some people use Zoom for a bad purpose.”

The restriction of full encryption offered only to paid users raised concerns that groups such as activists, journalists, and nonprofits – who often have limited resources – would be left vulnerable. However, with the shadow of security-first competitors like Google Meet threatening the firm’s marketshare, showing a commitment to protecting users’ data has become a priority. 

Evan Greer, deputy director of the digital rights organization Fight for the Future, said in a comment to Wired: “Anyone who cares about public safety should be pushing for more encryption everywhere possible, not less,” Greer continued, “For the company to say they’ll only keep your calls safe and secure if you pay extra — they’re leaving the people most likely to be targeted by surveillance or online harassment vulnerable. 

“They have a chance to do something really good for human rights by implementing default end-to-end encryption to all users. But if they make it a premium paid feature, they’re setting a precedent that privacy and safety are only for those who can afford to pay for it.”

Zoom’s solution for free/basic users is for them to verify their identities to get access to a stronger level of security. In a company blog post, Yuan stated: “Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message.

“We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”

Zoom’s quick rise to fame has seem the app grow a maximum of 10 million daily users December last year to more than 300 million daily meeting participants in April, but this rapid surge in popularity also makes it one of the most targeted video conferencing tools in the current crisis. Zoom bombings were rampant as the company’s nine to 11-digit identification codes made it an easy target for hackers, who would simply punch in a random sequence of numbers and “jump” into random calls. 

The United States FBI (Federal Bureau of Investigation) even issued a warning against Zoom bombings amid reports of trolls and hackers hijacking school lessons taught via the app and sharing profane and pornographic contents. 

The series of events led to Yuan issuing a formal apology and the CEO began to hold weekly webinars to update users of the progress in fixing the company’s security shortcomings