Zoom released a long-discussed update that means that meetings held on the platform can be encrypted from end to end.
Despite previously stating that its meetings used end-to-end encryption (E2EE) – and quickly moving back from those claims – Zoom announced that E2EE is now available to free and paid users worldwide, for meetings with up to 200 participants.
It will be available to users on the Zoom 5.4.0 desktop client for Mac and PC, the Zoom Android and Zoom Rooms app, with the Zoom iOS app awaiting approval from the Apple App Store. The videoconferencing company said it uses 256-bit AES-GCM encryption, with only meeting participants having access to the encryption keys.
Account administrators can activate this E2EE feature on their web panel at the account, group and user level. It can also be blocked at the account or group level. This level of encryption can be enabled and disabled by the meeting organizer, depending on the level of security and the level of functionality desired.
As part of the first phase of the launch, participants in the E2EE meeting must join from the Zoom desktop client, mobile application or zoom rooms. Over the next month, the company expects to receive feedback from users on its performance.
“We are very proud to bring Zoom’s new end-to-end encryption to Zoom users around the world today,” said Zoom CISO Jason Lee.
“This has been a highly requested feature by our customers and we are excited to make it a reality. Congratulations to our encryption team, who came from Keybase in May and developed this impressive security feature in just six months. “
Change of posture
Zoom CEO Eric Yuan said in a earnings conference call in May that the company would introduce end-to-end encryption, but only for paid users and not free account holders. This was to allow security forces to access user information “in case some people use Zoom for an incorrect purpose”.
In June, Zoom reversed its decision, saying that E2EE would be launched for all users. The company said it has been working with civil liberties organizations, governments and crypto experts to find a “way forward that balances the legitimate right of all users to the privacy and security of users”.
However, he said that free or basic Zoom users would need to share additional information to access the E2EE, such as verifying a phone number by text message, in order to “prevent and combat abuse” on the platform.
Earlier this month, Five Eyes – the intelligence-sharing group formed by the United States, the United Kingdom, Canada, Australia and New Zealand – joined representatives of the government of India and Japan to say that E2EE presents “significant challenges for public security, including highly vulnerable members of our societies as sexually exploited children. ”
They asked technology companies to create systems that would allow public security agencies to access E2EE content in a “readable and usable format”.