Zoom won't encrypt meetings for free users
'We want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose' says CEO Eric Yuan
Zoom will be rolling out end-to-end encryption for its popular video meetings software, but only for paying users. Calls between users of the free client will not be protected by encryption, said CEO Eric Yuan, because "we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose."
Yuan made this remark, as reported by during a conference call to announce Zoom's financial figures.
The company has grown rapidly since lockdown has been imposed around the world, and in the three months to April 30 revenues surged by 169 per cent to $328.2 million. Earlier, Yuan revealed that Zoom's user base had grown from 10 million daily meeting participants in December 2019 to 300 million in March 2020, causing the firm to move its operations to Oracle's cloud.
Yuan cited security and support among the factors that led to the choice of Oracle, the announcement of which came after a string of bad headlines about 'Zoombombing', privacy problems and data being routed through China. An earlier claim by Yuan, who seems to have a habit of shooting himself in the foot, that the service was end-to-end encrypted was also found to be false. These issues led to warnings by the MoD and others not to use the app for sensitive calls or government business.
See also: Working from home, keeping connected: 17 video conferencing and collaboration tools to consider
Last month Zoom acquired security firm Keybase as part of its "90-day plan to further strengthen the security of our video communications platform", and to "help us build end-to-end encryption that can reach current Zoom scalability".
However, the company is using encryption as a paid-for add-on rather than as a default setting, a stance that is in contrast to Apple's long-term refusal to help law enforcement agencies decrypt its devices. However, in January Apple ditched plans for end-to-end encryption to enable iPhone users to secure their iCloud backups following complaints from the FBI.
Edit: Zoom responded with the following statement:
"Zoom's AES 256 GCM encryption is turned on for all Zoom users - free and paid. Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where anyone can enter meetings without being visible to others. None of this will change. Zoom's end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity. The current decision by Zoom's management is to offer end-to-end encryption to business and enterprise tiers. We are determining the best path forward for providing end-to-end encryption to our Pro users.
Zoom has engaged with child safety advocates, civil liberties organizations, encryption experts, and law enforcement to incorporate their feedback into our plan. Finding the perfect balance is challenging. We always strive to do the right thing."