Zoom announced that end-to-end encryption (E2EE) will be
available to all users, free and premium, marking a shift in strategy at the US
company.
One of the more controversial measures announced by Zoom
a few weeks ago was related to their end-to-end encryption (E2EE) option and
the company’s decision to only offer the feature to paying customers. The main
reason pertained to security, as the implementation of E2EE would make it
difficult to identify Zoom bombers and other similar infractions.
Their decision wasn’t received with open arms, and the
company continued to look for a solution, helped by civil liberties
organizations, child safety advocates, encryption experts, and others. Finally,
it looks like a resolution was reached, allowing them to offer E2EE to all
tiers of users.
“Free/Basic users seeking access to E2EE will
participate in a one-time process that will prompt the user for additional
pieces of information, such as verifying a phone number via a text
message,” said Eric
S. Yuan, Zoom’s CEO.
“Many leading companies perform similar steps on
account creation to reduce the mass creation of abusive accounts. We are
confident that by implementing risk-based authentication, in combination with
our current mix of tools — including our Report a User function — we can
continue to prevent and fight abuse,” he continued.
It will take a while until this feature is available for
everyone. Testing for E2EE will start in July 2020, in a Beta version. Until
E2EE becomes the norm, the others users will have to settle for the existing AES
256 GCM transport encryption.
Moreover, it will be up to hosts to toggle E2EE for each
meeting. Zoom says that this encryption technology limits some of the app’s
functionalities, such as the inclusion of traditional PSTN phone lines or
SIP/H.323 hardware conference room systems.