Zoom makes end-to-end encryption globally available for all users

27 Oct 2020

Image: © PixieMe/Stock.adobe.com

Zoom has launched a long-discussed update that means meetings held on the platform can be end-to-end encrypted.

Despite previously stating its meetings used end-to-end encryption (E2EE)– and quickly walking back on those claims – Zoom has announced E2EE is now available to both free and paid users globally, for meetings with up to 200 participants.

It will be available to users on the Zoom desktop client version 5.4.0 for Mac and PC, the Zoom Android app and Zoom Rooms, with the Zoom iOS app pending Apple App Store approval. The video conferencing company said that it uses 256-bit AES-GCM encryption, with only the meeting participants having access to encryption keys.

Account admins can enable this E2EE feature in their web dashboard at the account, group and user level. It can also be locked at the account or group level. This level of encryption can be toggled on and off by the meeting host, depending on the level of security and level of functionality they would like.

As part of the first phase of the launch, E2EE meeting participants must join from the Zoom desktop client, mobile app or Zoom Rooms. Over the next month, the company is looking to receive feedback from users on its performance.

“We’re very proud to bring Zoom’s new end-to-end encryption to Zoom users globally today,” said Zoom CISO Jason Lee.

“This has been a highly requested feature from our customers, and we’re excited to make this a reality. Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.”

Changing stance

Zoom CEO Eric Yuan said on an earnings call in May that the company would introduce end-to-end encryption, but only for paid users and not for free account holders. This was to allow law enforcement to access user information “in case some people use Zoom for a bad purpose”.

In June, Zoom reversed its decision, saying E2EE would be rolled out to all users. The company said it had been working with civil liberties organisations, governments and encryption experts to find a “path forward that balances the legitimate right of all users to privacy and the safety of users”.

It did, however, say that free or basic Zoom users would need to share additional information to access E2EE, such as verifying a phone number via a text message, in order to “prevent and fight abuse” on the platform.

Earlier this month, Five Eyes – the intelligence sharing group comprising the US, UK, Canada, Australia and New Zealand – was joined by government representatives from India and Japan to say that E2EE poses “significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children”.

They called for tech companies to build systems that would allow law enforcement agencies to access E2EE content in a “readable and usable format”.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com