If you’re a free Zoom user, and waiting for the company to roll out end-to-end encryption for better protection of your calls, you’re out of luck. Free calls won’t be encrypted, and law enforcement will be able to access your information in case of ‘misuse’ of the platform.
Zoom CEO Eric Yuan today said that the video conferencing app’s upcoming end-to-end encryption feature will be available to only paid users. After announcing the company’s financial results for Q1 2020, Yuan said the firm wants to keep this feature away from free users to work with law enforcement in case of the app’s misuse:
Free users, for sure, we don’t want to give that [end-to-end encryption]. Because we also want to work it together with FBI and local law enforcement, in case some people use Zoom for bad purpose.
In the past, platforms with end-to-end encryption, such as WhatsApp, have faced heavy scrutiny in many countries because they were unable to trace the origins of problematic and misleading messages. Zoom likey wants to avoid being in such a position, and wants to comply with local laws to keep operating across the globe.
Alex Stamos, working as a security consultant with Zoom, said it wants to catch repeat offenders for hate speech or child exploitative content by not offering end-to-end encryption to free users.
This is a hard balance. Zoom has been actively seeking input from civil liberties groups, academics, child safety advocates and law enforcement. Zoom hopes to find a common ground between these equities that does the most good for the most people.— Alex Stamos (@alexstamos) June 3, 2020
Will this eliminate all abuse? No, but since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm.— Alex Stamos (@alexstamos) June 3, 2020
The current decision by Zoom's management is to offer E2EE to the business and enterprise tiers and not to the limited, self-service free tier.— Alex Stamos (@alexstamos) June 3, 2020
A key point: organizations that are on a business plan but are not paying due to a Zoom offer (like schools) will also have E2EE.
Lots of companies are facing this balancing act, but as a paid enterprise product that has to offer E2EE as an option due to legitimate product needs, Zoom has a slightly different calculus.— Alex Stamos (@alexstamos) June 3, 2020
So this creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product.— Alex Stamos (@alexstamos) June 3, 2020
So we have to design the system to securely allow hosts to opt-into an E2E meeting and to carefully communicate the current security guarantees to hosts and attendees. We are looking at ways to upgrade to E2E once a meeting has started, but there will be no downgrades.— Alex Stamos (@alexstamos) June 3, 2020
Zoom's E2EE implementation will need to be opt-in for the foreseeable future. A large portion of Zoom's meetings use features that are fundamentally incompatible with E2EE (PSTN phones, H323/SIP room systems, cloud recordings, cloud transcription, streaming to YouTube, etc).— Alex Stamos (@alexstamos) June 3, 2020
As you see from the E2E design, there is a big focus on authenticating both the people and the devices involved in E2E meetings. If properly implemented, this would prevent Zoom's employees from entering a meeting, even visibly. There will not be a backdoor to allow this.— Alex Stamos (@alexstamos) June 3, 2020
In March, The Intercept published a report stating that the company doesn’t use end-to-end encryption, despite claiming that on its website and security white paper. Later, Zoom apologized and issued a clarification to specify it didn’t provide the feature at that time.
Last month, the company acquired Keybase.io, an encryption-based identity service, to build its end-to-end encryption offering. Yuan said today that the company got a lot of feedback from users on encryption, and it’s working out on executing it. However, he didn’t specify a release date for the feature.
According to the Q1 2020 results, the company grew 169% year-on-year in terms of revenue. Zoom has more than 300 million daily participants attending meetings through the platform.