Zoom is now going to let users — free as well as paid — use end-to-end encryption to secure their meetings. The videoconferencing company said in a blog post on Wednesday that this would be a “technical preview” for thirty days, meaning the implementation may change after user feedback. While most traffic on the internet and on communications apps is encrypted, end-to-end encryption secures them further by making the communications inaccessible to even the companies offering the security feature, by having decryption keys available only to users.
While anyone can use end-to-end encryption, the company has introduced some friction into the process to prevent potential abuse: first, end-to-end encryption is opt-in, which means it won’t be available to users unless they turn it on from account settings. Second, users will have to provide a one-time passcode when enabling the feature, something Zoom says will prevent the automatic creation of abusive accounts.
End-to-end encrypted calls will not support dialing into calls from regular phones, something that is only possible when Zoom can decrypt calls for such meeting participants. They also don’t support cloud recordings, breakout rooms, and for some reason, reactions (such as thumbs ups or applause). As for the online participants, Zoom allows them to verify their digital code with a WhatsApp-/Signal-esque security code.
Zoom and encryption
Zoom has had a contentious history with end-to-end encryption: right at the time COVID-19 lockdowns made the service popular, it emerged that Zoom was incorrectly claiming to use end-to-end encryption — calls were only secured in transit, which meant that Zoom would be able to access calls if needed. The company apologised, and promised to offer end-to-end encryption to paying users later, and rolled out a stronger protocol for its transport encryption. After blowback on the announcement, the company said it would offer the feature to all users. Zoom acquired Keybase, a startup that focuses on end-to-end encrypted communications, to speed up its implementation of the feature.
Amidst other security gaffes, the Ministry of Home Affairs’ Cyber Coordination Centre issued an advisory calling Zoom unsafe. But the government never outright banned the service, and the Ministry of Electronics & Information Technology said in parliament that it doesn’t have any plans to do so. The Confederation of All India Traders (CAIT), a traders’ union that revels in protectionist rhetoric, said in a press release in August that they changed their mind on boycotting Zoom after its India head, Sameer Raje, reached out with “convincing evidences that Zoom is not a Chinese application but is a U.S. corporation”, and assurances that call traffic would not get routed through China.
Meanwhile, India has joined the US, UK, Japan, Australia, the United Kingdom, New Zealand and Canada in demanding backdoors into end-to-end encrypted communications on major social media and messaging platforms.
- Zoom’s India head on privacy, India plans, and end-to-end encryption
- Zoom considering legal action against JioMeet