Zoom has updated its promise for end-to-end encryption (E2EE) by saying free users as well as paid will get the feature when it arrives in a July beta. Previously, the company was only working to build encryption for its video service into its enterprise paid product.
End-to-end encryption on communications services ensures the data between the two participants cannot be read by any other party, including the service provider, if intercepted. Given Zoom’s incredible popularity since its boom in users during the coronavirus pandemic, it’s not great that the service currently does not offer end-to-end encryption.
In a blog post CEO Eric Yuan said that users would have to provide identifying information such as phone number verification via text in order to receive E2EE as an add-on. The company hopes verifying users will help to stop unlawful activities being performed on its service, saying:
“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”
Zoom has had to perform some PR gymnastics to appease the backlash it received when Yuan said he didn’t want to give free users E2EE because they might be using Zoom for unlawful activities and he wanted to ensure Zoom could give the data to law enforcement. Yikes.
Popular services iMessage and WhatsApp have E2EE as a default, but Facebook Messenger does not. It’s a contentious subject championed by security circles but often left out by messaging services who provide a backdoor to law enforcement or use the (hopefully anonymised) data themselves.
All said, Zoom has rightly received criticism for the recent flip-flopping of its messaging and contradictory statements and the way it has slowly reacted to its almighty surge in usage.