Zoom could finally add end-to-end encyption - but for real this time

Daniel Fowler
May 9, 2020

The company, which has faced backlash for failing to disclose that its service was not fully end-to-end encrypted said it planned to develop tools that will give more controls to meeting hosts and allow users to securely join a meeting and submit them to external review.

One of the earliest revelations was that Zoom didn't provide actual end-to-end encryption, which was a prime motivator for the company's move to freeze feature updates for 90 days.

Zoom's security push is part of a 90-day plan that has included hiring former Facebook security chief Alex Stamos and other known industry figures while launching new versions of its software with better encryption.

Zoom Video Communications pushed forward on Thursday in its effort to revamp its security, striking a deal with the NY attorney general's office to protect users' privacy and purchased secure messaging startup Keybase.

The firm has acquired secure messaging and file-sharing service Keybase, brought in to help Zoom build end-to-end encryption capable of scaling to the level made necessary by the platform's recent surge in popularity.

New Zealand Reveals Plans For Rugby And Netball Return
New Zealand , with a population of five million, has recorded 1,489 coronavirus cases and 21 deaths. For now, all matches will be played in closed stadiums under Alert Level Two.

Keybase will help the videoconferencing platform implement end-to-end encryption that is created to safeguard user data and privacy and bolster its current security measures after the company incorrectly claimed its service used full encryption. The news for the acquisition was shared via a blog post from Yuan. Zoom's shareholders have since sued the company over allegations of fraud regarding this discrepancy.

James, the NY attorney general, said her office and Zoom "have worked cooperatively and quickly to implement more stringent and robust protections for consumers, schools, and businesses". Prior to the acquisition, Keybase raised just under $11m in funding.

Yuan said that the company's goal is now to provide "the most privacy possible" for every use case, while balancing the needs of users and preventing harmful behaviour on the platform.

Currently, Zoom meeting content is encrypted from the client end (i.e., you) to the server end (i.e., Zoom). Reports suggest end-to-end encryption will be a luxury only meant for paying customers or someone who spends at least $14.99 per month.

"An ephemeral per-meeting symmetric key will be generated by the meeting host", Yuan said. "This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees", the company said in today's announcement. While Zoom hasn't said so, it shouldn't be too hard for the company to provide separate security standards for separate customer bases. The company maps people's online identities to encryption keys, and can be used to verify the identity of a person who holds a certain account.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER