Zoom Developing End-to-End Encryption Feature for Paying Users
Videoconferencing service Zoom says it is developing end-to-end encryption for the platform, but the feature will only be available to paying users.
Speaking to Reuters, Zoom security consultant Alex Stamos confirmed the plan, which had been based on "a combination of technological, safety and business factors."
Zoom has attracted millions of free and paying customers amid the global health crisis, with stay-at-home measures causing a surge in the number of people working remotely.
However, lax security, such as the ability for unregistered users to join meetings, has led to zoom-bombing pranks and caused alarm amongst safety experts and privacy advocates.
"Charging money for end-to-end encryption is a way to get rid of the riff-raff," Jon Callas, a technology fellow of the American Civil Liberties Union, told Reuters. Callas said it would deter spammers and other malicious users who take advantage of free services.
End-to-end encryption ensures no one but the participants and their devices can see and hear what is happening in a meeting, but it would also have to exclude people who call in to Zoom meetings from a telephone line.
Zoom is currently under investigation by regulators such as the U.S. Federal Trade Commission over previous claims about encryption that have been criticized as exaggerated or false, according to Reuters.
Privacy experts also told the news organization that with the Justice Department and some members of Congress condemning strong encryption, Zoom could draw unwanted new attention by expanding in that area.
Back in April, Zoom was accused of misleading users with claims that calls on the platform are end-to-end encrypted, when in fact videos are secured using TLS encryption, the same technology that web servers use to secure HTTPS websites.
Currently, Zoom's in-meeting text chat is the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.
Apple already uses end-to-end encryption to protect FaceTime users as call data travels between two or more devices. Even Apple can't decrypt the call and listen in to user's conversations.
Top Rated Comments
Security only for paying users is a pretty poor model.
Of course the kids use Group FaceTime not zoom except for classes, but it is funny to see the ACLU refer to teachers talking to kids as “riff-raff”.
Several of the large companies I attend meetings with used to use Zoom, and none of them do now. All of them have switched to Microsoft Teams, Cisco Webex, or something else.
I put together a security document as part of the recent work-from-home move, and literally had to tell people to avoid using my org's own video conferencing option when security was important.
So, naturally you work for free, right?