Zoom rolls out end-to-end encryption as company set to stop 'zoombombing'
The videoconferencing app, which has reported massive growth as people stay at home and work remotely during the coronavirus pandemic, has been skewered for privacy breaches as millions of new users logged on.
It was plagued by reports of private videos being hacked online and uninvited guests dropping in on calls. End-to-end encryption secures a call so only the people who start it and their invitees can access the information - essentially locking all third parties out.
Zoom will begin testing the feature with customers in July, a nod to privacy experts who had called for increased security.
Zoom faced quick backlash from users and privacy advocates earlier this month when it said it would release the new encryption features only for paid customers, noting it was partly because law enforcement might need access.
"Free users, for sure, we don't want to give that, because we also want to work together, with FBI, with local law enforcement," in case the technology is used for a bad purpose, Zoom CEO Eric Yuan said on a conference call with analysts in early June after the company announced its first-quarter financial results.
But end-to-end encryption is not without its drawbacks, and it has become a hot-button issue in the past few years between tech companies and law enforcement agencies that say it has made it harder to track down crimes taking place online.
In investigating crimes including the sharing of child pornography, the U.S. government has sought access to various encrypted messaging services. It has also asked companies such as Apple, which encrypts its iMessages, and Facebook-owned WhatsApp to build a "back door" for law enforcement. But the companies pushed back on the government's demands, pointing out that leaving conversations open to law enforcement also would make them vulnerable to hackers or other attacks.
After Zoom made its own declaration on wanting to help law enforcement, privacy organizations including the Electronic Frontier Foundation and Mozilla Foundation called on the company to reconsider.
"But the idea that compromising on encryption will give special access to U.S. officials is a fallacy," the EFF and Mozilla wrote in a letter to Zoom. "Any mechanism that law enforcement uses to access Zoom users' data will be vulnerable to oppressive regimes and other bad actors."
The digital advocacy group Fight for the Future also collected 70,000 signatures to try to persuade Zoom to expand the technology to free users.
Yuan backpedaled in a blog post Wednesday, writing that the company had consulted with child-safety experts and civil liberties groups about the technology. Free users of Zoom will have to provide more personal details, including a phone number, to use the service, an extra piece of identification that Zoom said will keep calls safer.
"We are confident that by implementing risk-based authentication, in combination with our current mix of tools - including our Report a User function - we can continue to prevent and fight abuse," Yuan wrote.
Encryption will be an add-on feature that users can toggle on and off. It will not work for people dialing in from phone numbers, so many people might choose to keep it off during less sensitive calls.The Washington Post