Chief executive officer of Zoom, Eric Yuan, had said in an earnings call that Zoom will not want to offer end-to-end encryption to free users as it wants to tie up with the law enforcement because people could be possibly misusing the platform for illegal activities.
Zoom has now decidedly changed their policy and has announced that it shall provide end-to-end encryption for all users be it paid or unpaid.
Eric Yuan has made it very clear in their earnings call as to why they would not provide end-to-end encryption, solely because the platform does not want to get abused. Zoom has faced considerable backlash for the same announcement too. Users were unhappy with the differential treatment meted out towards free users.
Now that Zoom has agreed on changing the encryption policies, there are certain steps which have been incorporated by Zoom for the users on free/basic plan who want E2EE access.
These users now will need to participate in a one-time process that will ask for certain additional information to be filled in.
This additional information now includes verification of the user’s phone number through a text message, which is a very basic identification step these days. The company has also started to implement risk-based authentication “in combination with the current mix of tools” that will help to report users better.
Zoom still hasn’t mentioned anything on when this feature will be put to use. However, it is reported that the beta version of end-to-end encryption will be put to test from July itself.
All users shall still be getting access to the AES 256 GCM transport encryption which is present by default on Zoom and it is irrespective of whether they use E2EE or not. There is a basic difference with E2E encryption is that it prevents man-in-the-middle (MITM) attacks, where a hacker tries to snoop between the user and the server, which means that they are listening to the ongoing conversation on the platform.
E2E encryption also means that the platform itself will not be able to have any access to the conversations between two parties on the app.
Zoom has also said that E2E encryption has the option of this particular function that this feature could be switched on and off. Account administrators and enterprises could also enable and disable the encryption for a particular group account.
Zoom’s popularity has gone up during the pandemic as video calling for personal reasons and official purposes have risen, along with which there were many such reports that said that the platform was not secured. Hopefully, Zoom’s much-needed privacy update will limit these security concerns.