Zoom, video teleconferencing platform has made
a u-turn, to offer end-to-end encryption
Chief executive officer, Eric Yuan, had in an earnings call said the company does not plan to offer end-to-end encryption to free users as it wants to work with the law enforcement if someone uses its platform for illegal activities
But in a new announcement, the tech platform says it will provide end-to-end encryption (E2EE) to all its users, free and paid. The company said it will do so to to avoid abuse of its platform.
The move is a turn from what the company had said during its earnings call recently. Chief executive officer (CEO), Eric Yuan, had said the company does not plan to offer E2EE to free users as it wants to work with the law enforcement if someone uses its platform for illegal activities. The company faced criticism from both users and experts for the same.
According to Zoom, users on its free/basic plan who want E2EE access will have to participate in a one-time process that will ask for additional pieces of information. This includes verifying the user’s phone number through a text message. The company will also be implementing risk-based authentication “in combination with the current mix of tools” that includes a function to report users.
The early beta of its E2EE feature will begin next month, though Zoom didn’t announce the exact date for this right now. All users will continue getting access to the AES 256 GCM transport encryption by default on the platform, irrespective of whether they use E2EE or not. The primary difference with E2EE is that it stops man-in-the-middle (MITM) attacks, where a hacker places themselves between the user and the server, allowing them to eavesdrop on conversations. It also means Zoom itself cannot listen to conversations on its platform.
Further, Zoom says E2EE limits some meeting functionalities so it will remain an optional feature. Hosts will be able to toggle the feature on and off and account administrators in enterprises will also have the ability to enable and disable E2EE at the group account level. The statement concludes