Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, the company says it has engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, its own users and others to gather their feedback on this feature. The company also says it has explored new technologies to enable the offering of E2EE to all tiers of users.
Zoom released an updated E2EE design on GitHub Thursday — that it says balances the legitimate right of all users to privacy and the safety of users on its platform. This will enable Zoom to offer E2EE as an advanced add-on feature for all of its users around the globe — free and paid — while maintaining the ability to prevent and fight abuse on its platform.
To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via text message. Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. Zoom says its company is confident that — by implementing risk-based authentication, combined with its current mix of tools, including its Report a User function — it can continue to prevent and fight abuse.
Zoom plans to begin the early beta of the E2EE feature in July 2020.
All Zoom users will continue to use AES 256 GCM transport encryption as the default encryption, one of the most robust encryption standards in use today.
E2EE will be an optional feature as it limits some meeting functionality, including traditional PSTN phone lines or SIP/H.323 hardware conference room systems. Hosts can toggle E2EE on or off on a per-meeting basis.
Account administrators can enable and disable E2EE at the account and group level.
Here’s a deeper look at what Zoom is doing, via NBC News: https://www.nbcnews.com/tech/security/zoom-will-give-end-end-encryption-option-all-users-n1231318