Zoom backtracks, says end-to-end encryption will be able to all users
Zoom on Wednesday backtracked on an earlier decision and said it would provide end-to-end encryption for all users -- even ones on the free tier.
Credit: Zoom
After a series of privacy and security blunders, Zoom promised strong encryption and protections for users. But initially, end-to-end encryption was only planned for paid users in an effort to combat abuse.
After consulting with encryption experts, civil liberties groups, child safety advocates and government officials, however, Zoom announced that all users of its video conferencing tool will be able to enable end-to-end encryption.
The backtrack follows a pair of letters that were penned to the company by digital rights groups, such as the Mozilla Foundation, and tens of thousands of concerned users.
"Since releasing the draft design of Zoom's end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature," Zoom CEO Eric Yuan said.
Originally, Zoom says it nixed encryption for free users to comply with law enforcement and curb the creation of abusive accounts. Now, however, the company said it will explore "new technologies" to enable it for everyone. Free users, for example, will need to verify themselves by inputting a phone number in the signup process. Zoom says that'll keep bad actors from creating multiple accounts.
The video conferencing company also released an updated end-to-end encryption design on Github.
Zoom has had a number of privacy and security gaffes in the wake of its boom in popularity due to coronavirus, including a phenomenon known as "Zoombombing" and several security vulnerabilities. The company also caught flack for making misleading statements about its encryption offerings.
End-to-end encryption on Zoom will launch as an optional feature in early beta in July.
Credit: Zoom
After a series of privacy and security blunders, Zoom promised strong encryption and protections for users. But initially, end-to-end encryption was only planned for paid users in an effort to combat abuse.
After consulting with encryption experts, civil liberties groups, child safety advocates and government officials, however, Zoom announced that all users of its video conferencing tool will be able to enable end-to-end encryption.
The backtrack follows a pair of letters that were penned to the company by digital rights groups, such as the Mozilla Foundation, and tens of thousands of concerned users.
"Since releasing the draft design of Zoom's end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature," Zoom CEO Eric Yuan said.
Originally, Zoom says it nixed encryption for free users to comply with law enforcement and curb the creation of abusive accounts. Now, however, the company said it will explore "new technologies" to enable it for everyone. Free users, for example, will need to verify themselves by inputting a phone number in the signup process. Zoom says that'll keep bad actors from creating multiple accounts.
The video conferencing company also released an updated end-to-end encryption design on Github.
Zoom has had a number of privacy and security gaffes in the wake of its boom in popularity due to coronavirus, including a phenomenon known as "Zoombombing" and several security vulnerabilities. The company also caught flack for making misleading statements about its encryption offerings.
End-to-end encryption on Zoom will launch as an optional feature in early beta in July.
Comments
I applaud Zoom’s disruption of the market, but I would love Apple’s designers to have something better available for more than just Classroom. Zoom’s main contribution is that they’ve mainstreamed the class/group/webinar market, and that’s not going away going forward. Apple, Slack, Microsoft, Cisco, Go2Meeting and the rest need to up their game on community and business group classes/meetings software and not just rest on their “group chat” laurels.
Both of the following are for government use of Zoom. I don't know if they have been or are using the government version of Zoom which might already have some kind of E2EE.
https://blog.zoom.us/wordpress/2019/05/07/zoom-achieves-fedramp-moderate-authorization/ Dated May 7, 2019. FedRAMP must be the (stupid) self-approved risk management program, which means each government installation can use a risk management program to see if they will accept the risk for any problems. It used to be a separate agency did the approval and accepted the risk. Now it's accepted by whomever is in charge of the system. Of course this means they can do whatever they want to do and hope nothing bad happens.
https://www.stripes.com/news/us/zoom-for-official-use-is-no-longer-an-option-for-dod-personnel-report-says-1.625973 Dated April 14, 2020
There might be never articles, these popped up first. When I was working for a government contractor I used to worry about these things but it looks like notbody is really worried anymore.
I have no idea how the heck Zoom is still in business in USA, working with the gov and schools etc.
Everyone wants to crap on this company, but they have been quick to improve this product in the court of public opinion. I've never seen anything quite like their openness to changing course so quickly. My wife uses it for her business and loves the product, but despises teleconferencing and cannot wait to have her children back in her studio. She is a paying customer though she tried it out for free initially.