In 2020 many people, and rightly so, are concerned about their privacy. Unfortunately no one told Zoom this and it looks like their end-to-end encryption will only be included for paid users with them working together with the FBI and local law enforcement on free user accounts…….
Last week it was reported that Zoom would be adding stronger encryption to video calls but for paid users only. This of course was not confirmed — but it is now with Zoom CEO Eric Yuan outlining the company’s position.
Together with their security consultant Alex Stamos Zoom wants to stop abuse and prevent harm from people who “use Zoom for bad purpose[s]”. They want to “work together with FBI and local law enforcement” according to the CEO. Mr Stamos cleared this up, albeit ever so slightly, by saying Zoom wanted to improve privacy while “reducing the human impact of the abuse of its product.”
The other safety issue is related to hosts creating meetings that are meant to facilitate really horrible abuse. These hosts mostly come in from VPNs, using throwaway email addresses, create self-service orgs and host a handful of meetings before creating a new identity.
— Alex Stamos (@alexstamos) June 3, 2020
While that seems great that they are only allowing law enforcement access to free accounts (/s) there is a point of distinction that organisations that are on business plans but aren’t paying such as schools, will have access to the end-to-end encryption — this seems fairly important to me.
The plan is to be able to limit the harm but is unlikely to be able to eliminate the abuse to start with. Apparently a vast majority of the harm comes from self-service users with fake identities this new encryption will “create friction and reduce harm”.
Some facts on Zoom's current plans for E2E encryption, which are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.
The E2E design is available here:https://t.co/beLdeAwMSM
— Alex Stamos (@alexstamos) June 3, 2020
On the surface it seems great but am I the only one sceptical that law enforcement won’t use this for evil — let’s face it, with what we are seeing going on in the US, and have for a while now, their law enforcement is far from squeaky-clean. Zoom have endured a fair amount of criticism of their new policy of co-operating with law enforcement and in this environment it wouldn’t surprise us to see them alter their plans.
The end-to-end encryption is not available as of yet and no date for its roll out has been mentioned. Let’s hope that by the time they do release it they can see the value in releasing it for all, not just the paid users.