The Zoom videoconferencing platform confirmed the implementation of end-to-end encryption in the company’s videoconferences, but only for subscribing users. Those who do not pay to use the service will be entitled only to the basic security mechanisms offered, which involve encrypting messages with a few layers of protection.
The company’s CEO, Eric S. Yuan, had already stated that this would happen sooner or later, but the executive’s speech generated controversy: he cited that the objective was “to work together with the FBI and the local police forces in the case of some people use Zoom for bad purposes “. This has led many users to accuse the company of collaborating with the authorities and even spying on conversations.
To fix the situation, the company’s security consultant, Alex Stamos, went to Twitter to better explain the platform’s choices. According to him, Zoom will not record conversations or spy on content, but wants to ensure as much as possible that the service is not used for crimes.
Everything has a reason
Stamos explains that end-to-end encryption should not be a protection against cases of abuse, hate speech, exposure of adult content to children and other illegal behaviors – and keep the balance between protecting all users and trying to reduce these events is one of the great challenges of the platform. This balance, which is difficult to achieve, is also the result of debates held by the company with activists, academics and authorities, but without the intention of “bowing to the law”, as many critics have understood with the CEO’s statements.
Some facts on Zoom's current plans for E2E encryption, which are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.
The E2E design is available here:https://t.co/beLdeAwMSM
— Alex Stamos (@alexstamos) June 3, 2020
“The current decision by Zoom management is to offer end-to-end encryption to corporate customers and not limited service (…) A key point: organizations with a business plan that are not paying, like schools, will also have end-to-end encryption. Will this eliminate abuse? No, but as most cases come from non-subscribers with false identities, this will create friction and reduce damage, “he explains.