Zoom has taken over the world, and has become an integral part of our work from home lives. However, the platform has often faced scrutiny about its lackluster security practices, and especially, the lack of end to end encryption. That could finally change, as Zoom has announced the rollout of end-to-end encryption on the platform starting next week in a phased manner.
In a blog post Zoom said, “We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days. Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”
The company explains that the E2EE will use the same GCM encryption that is found in the current Zoom Meetings and the only difference is where the encryption keys live. The new E2EE uses public-key cryptography, which will enable the host’s or participants’ machines to generate a key rather than the Zoom servers doing it. When the meeting data is relayed on to the platform’s servers, it won’t be able to decipher it as it does not have the necessary key description.
E2EE can be enabled by the host at the account, host or user level and it can be locked at the account or group level. Zoom requires all participants to enable the E2EE setting to make use of the added security layer. Since it’s the first phase of the rollout, meeting participants can only join from Zoom desktop client, mobile app, or Zoom Rooms.
But there is a drawback in the Phase 1 rollout of the E2EE. When participants enable the E2EE setting, Zoom will automatically disable features during a meeting such as joining before the host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.
Earlier in May this year, Zoom had acquired the encryption-tech company Keybase to address the problems of security on its platform. With support from Keybase, Zoom had announced it will provide end-to-end encryption to all of its paid users. However, people protested this proposed action as they pointed out that the platform caters to a lot of free meetings as well which need E2EE too. Zoom was quick in reversing its decision and announced E2EE will be available to both free and paid users joining from Zoom’s desktop client or mobile app, or from a Zoom Room.
The company says to verify if the meeting is running on E2EE, participants can look for a green shield logo with a padlock in the middle in the upper left corner of the meeting window. Participants can also view the meeting host’s security code and the host can read it out loud to verify with other participants.
Eric S. Yuan, CEO of the company, said, “End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world. This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.”
Zoom confirmed that it will roll out better identity management and E2EE SSO integration as part of Phase 2 of the plan, which will come around in 2021.