wordpress blog stats
Connect with us

Hi, what are you looking for?

Zoom to offer end-to-end encryption to all users from July

Zoom

Zoom will offer end-to-end encryption to all its users, paid and free, around the globe as an advanced add-on, the company announced on June 17. The company will introduce an early beta version of end-to-end encryption in July 2020. The company has released the second version of its white paper on end-to-end encryption for public feedback. Zoom had released the first white paper for consultation on May 22.

This announcement comes a fortnight after CEO Eric Yuan faced significant flack for saying that end-to-end encryption would only be available for Business and Enterprise users during Zoom’s earnings call. He had then said that the security feature would not be available to free users “[b]ecause we also want to work it together, see if this with FBI, with local law enforcement, in case some people they use Zoom for the better purpose”. Even then, it was not clear if Pro users, that is users on the cheapest paid plan, would be offered end-to-end encryption.

How will this work?

End-to-end encryption will be an optional feature. The default will be the “enhanced encryption” via AES 256 GCM encryption that Zoom started offering from May 30, that is, communication will be encrypted from sending client to Zoom server and from Zoom server to the receiving client; thus, Zoom will have access to the content of communication. If end-to-end encryption is enabled, the decryption will only happen on the device of the receiving client, thus making the communication opaque to Zoom servers. Thus, if communication is end-to-end encrypted, even if Zoom’s servers are hacked, the hacker would not have access to the content of such communication.

Once a meeting starts, users cannot toggle between end-to-end and enhanced encryption.

Why is end-to-end encryption optional?

As it limits some functionality such as the ability to dial in using traditional PSTN phone lines or SIP/H.323 hardware conference room systems, Zoom said. For dialing in using phones or SIP/H.323 devices, Zoom can only offer enhanced encryption where communication is decrypted at a Zoom server and re-encrypted before being sent to the receiver, the white paper explained.

Advertisement. Scroll to continue reading.

Caveats

  • End-to-end encryption is not available for dial-in phones, SIP/H.323 devices, web browsers, Zoom webinars, and Zoom chat. “Join Before Host”, cloud recording and some other features will not be available.
  • While paid users will be authenticated by virtue of having made a payment, free users will have to participate in a one-time process that authenticates them. This could include verifying a phone number via a text message.
  • Account administrators can enable and disable end-to-end encryption at the account and group level.
  • In certain specific cases, such as to report abuse, secret keys and unencrypted meeting content will be provided to Zoom servers if authorised by the meeting host.

Unanswered questions

  • Will users get a notification if their account is switched from E2E to default AES 256 GCM encryption? Do users have to enable E2E for every conversation, or can they choose to enable it for every conversation as the default?
  • Does the meeting host decide whether a Zoom conversation is end-to-end encrypted, or does the administrator of the Zoom plan decide whether or not this feature should be made available to every user on the plan? Does this mean that if a company purchases a Pro, Business or an Enterprise plan, the administrator(s), as decided by the Zoom account owner, can decide which hosts and users have the end-to-end encryption feature? Or does it mean that the administrator, not the host, can decide which meetings will be end-to-end encrypted?
  • Since a meeting host can share secret keys with the Zoom servers to report abuse, does this mean that the meeting host has access to the keys, or that the keys have a lower level of encryption that can be decrypted for reporting purposes?
  • How can users other than the meeting host report abuse?
  • Since end-to-end encryption will be available to “all” Zoom users “around the globe”, does it include Chinese users whose data can only be routed through servers located in China and where Zoom no longer provides free accounts because of “regulatory requirements”? Could the Chinese government still order account takedowns?

We have reached out to the company with these questions.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ