fbpx

Zoom now plans to offer end-to-end encryption to free users, not just paying customers

Zoom announced on Wednesday that it plans to offer end-to-end encryption on its platform for all users, free and paid — a revision to its May announcement that the privacy-boosting technology would only be available to paying customers.

The company said in a blog post that after talking to civil liberties organizations, child safety advocates, and encryption experts, it decided that it could offer this extra layer of privacy while also fighting bad actors using the videoconferencing tool to nefarious ends. End-to-end encryption will be available in beta in July, the company says.

“We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse,” Zoom wrote in the blog post.

This is important because Zoom CEO Eric Yuan said earlier in June that it originally made the decision not to offer this kind of encryption to free users because “we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose.”

Yuan’s comments were highly criticized by civil rights groups, information security experts and others. Critics like those at the Mozilla Foundation, sent a letter to Zoom saying its plan would create a two-tiered system of security — privileging those who could afford to pay for Zoom, while leaving low-income users on the free tier exposed.

Free users who wish to opt-in to end-to-end encryption have to go through a one-time process that may include verifying a phone number via a text message, the company says. For those who don’t opt-in, they’ll still use Zoom’s current default level of encryption — called AES 256 GCM. The reason it’s opt-in, the company says, is because enabling end-to-end encryption will make users unable to dial into Zoom calls via phone, among other features.

Hosts can turn on end-to-end to encryption on a per-meeting basis. For business users, the IT department who runs the company’s account can turn the feature on and off for certain accounts or groups.

Zoom has faced issues of ‘Zoombombing’, where trolls or bad actors enter Zoom meetings and share disturbing material and harass participants, and has gotten a lot of backlash for not preventing these incidents early on.

Zoom’s plan to add end-to-end encryption to its platform is part of its 90-day plan to address the numerous privacy and security issues its faced while its user base swelled due to the coronavirus pandemic. One of those issues was its lack of end-to-end encryption, despite misleading marketing materials that said otherwise.

In order to build end-to-end encryption, Zoom acquired startup Keybase in early May. Keybase founder Max Krohn is now Zoom’s head of new head of security engineering. Zoom also updated the level of encryption on its platform in April.

Source: BusinessInsider