Zoom takes U-turn, announces to also give end-to-end encryption to free users
Zoom has announced it will be implementing the end-to-end encryption for video meetings on the platform to all users. In a Wednesday announcement, the US-based company took a U-turn and said the E2E encryption will be available for everyone, including the free-tier users whom Zoom previously omitted. The trials of the latest encryption protocol will begin rolling out as beta to users starting in July. However, there will be certain measures that Zoom needs free users to follow to avoid the misuse of the platform.
Per Zoom's blog post, the free/basic users will need to verify themselves by providing "additional pieces of information" through a one-time process of verifying their account with a phone number. Previously, Zoom had said it could not provide its free/basic users with the end-to-end encryption because it could lead to misuse and would make it difficult for law-enforcing agencies, such as FBI, to obtain data from the video calls. Currently, Zoom offers 256-bit GCM encryption on its video meetings, which itself is secure from hacking but the data being exchanged can be read.
During the migration process to E2E encryption protocols, which will likely begin next month, Zoom users on both paid and free subscriptions will be covered by the GCM encryption. The end-to-end encryption, however, will be optional for users, Zoom said in the post. Since E2E encryption will encrypt the data on meetings, Zoom features such as the traditional PSTN phone lines or SIP/H.323 hardware conference rooms will not work. This is why the hosts will have a toggle to turn E2EE on or off depending on the functionality required for a certain meeting. The account administrators will have the privilege to turn E2EE on or off on both account and group level.
End-to-end encryption on Zoom will disallow law enforcement agencies and governments to snoop on the data being exchanged via video meetings on the platform. The recent example of censorship on Zoom was when China urged the company to suspend accounts of three users engaged in the pro-democratic demonstrations to commemorate the Tiananmen Square crackdown of 1989. Of the three accounts, Zoom cancelled one account on the basis of knowledge that it would participate in a pro-democratic protest, shared by Beijing.
Besides, Zoom video meetings have been a soft target of hackers and other malicious actors to inject the feed with questionable content. There is a huge series of cases of zoom-bombing, pointed out by multiple regulators worldwide. "We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse," said Zoom.