As promised when the company acquired Keybase, Zoom released its draft cryptographic design for end-to-end encrypted video communications on May 22 for public review. The release of the white paper was announced by Max Krohn, the co-founder of Keybase, a key directory that maps social media identities to encryption keys and offers end-to-end encrypted chat (Keybase Chat) and cloud storage system (Keybase Filesystem).

It is not clear when this public consultation, with feedback from Zoom clients, cryptography experts, and civil society, will end. A version of Zoom’s meeting encryption protocol is set for release on May 30, but it is not clear if this will be the end-to-end encryption protocol. We have reached out to the company for more information.

All of this is a part of Zoom’s 90-day plan (announced on April 1) to improve its security after it had numerous lapses, Zoombombing the most notable amongst them. Under the 90 day plan, it first announced a six month feature update freeze, following which it created a Chief Information Security Officers Council (CISO Council) with CISOs from HSBC, NTT Data, etc. A subset of this council, with security experts from Netflix, VMware and Uber, will personally advise Zoom CEO Eric S. It had also hired cybersecurity expert and Facebook’s former chief security officer Alex Stamos of Stanford University as an external advisor.

What is end-to-end encryption?

It is a way of encrypting your communications so that except for the sender and the receiver(s), nobody will be able to access your communication. For instance, WhatsApp, which uses the Signal protocol to implement its  end-to-end encryption, facilitates messaging/calling over WhatsApp through its servers, but since all communication is encrypted end-to-end, WhatsApp itself cannot listen to the content of the messages/calls.

However, the points of vulnerability in end-to-end encryption actually exist outside of it and include the end points, that is, the devices. If someone gets access to your device, either physically, or through vulnerabilities in the operating system and the app client. It is using a vulnerability in WhatsApp, the app itself, that the NSO Group was able to plant its spyware, Pegasus, on victims’ devices. That compromised the end points — the phones — but not end-to-end encryption, that is, no one was able to eavesdrop on the communication itself.This is why, when Citizen lab got in touch with the victims, they advised them to change their devices to get rid of the spyware.

How will it work?

Right now, Zoom generates a per-client/per-stream encryption key that is distributed by the Zoom infrastructure. These are used to encrypt audio, video and chat streams sent to other clients through Zoom’s infrastructure. Under the new design, all such keys will be generated and distributed between individual authorised meeting participants using Zoom app (on phone, computer, tablet). No keys or unencrypted meeting contents will be provided to Zoom servers.

Could a secret key be shared with Zoom?

According to the white paper, secret key material and unencrypted meeting contents could be shared with Zoom in specific cases where it is explicitly authorised by a meeting host, for instance, to report abuse.

What is the meeting leader?

Under the proposed model, one authorised Zoom client will be the meeting “leader” who will be present in the meeting at all times, and will be responsible for generating the shared meeting key, authorising new meeting participants, kicking out unwanted participants, and distributing keys. When this model is first implemented, it will default to the host, and if the host leaves, to the co-host. At a later stage of deployment, Zoom will relax this default.

Why does my Zoom call display ‘encrypted’ right now?

This ‘encrypted’ on Zoom calls right not does not mean that the communication is end-to-end encrypted. As the Intercept explained, Zoom right now offers transport encryption, that is, connection between the Zoom app on a user’s device and Zoom’s server is encrypted, but Zoom itself can access the unencrypted video and audio content of Zoom meetings. “So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company,” according to the Intercept.

In its new white paper, Zoom acknowledges that:

“This current design provides confidentiality and authenticity for all Zoom data streams, but it does not provide ‘true’ end-to-end encryption. … In the current implementation, a passive adversary who can monitor Zoom’s server infrastructure and who has access to the memory of the relevant Zoom servers may be able to defeat encryption.” [emphasis ours]

What cannot be encrypted end-to-end via the current proposal?

  • Dial-in phones and SIP/H.323 devices, and other legacy protocols and devices.
  • Zoom meetings done though web browsers. Instead, Zoom intends to participate in creation of browsers that can support end-to-end encryption
  • Zoom’s webinars which currently support up to 50,000 participants. Encryption for this will be “adapted from the current proposal once it is stable”.
  • Zoom Chat which requires a different solution that supports asynchronous chat where users can store messages.

What features would go away?

  • Join Before Host (but this will be re-enabled at later stages of deployment)
  • Cloud Recording, etc.