Zoom to Implement End-to-End Encryption for All Users, Not Just Paid

Zoom announced that end-to-end encryption (E2EE) will be available to all users, free and premium, marking a shift in strategy at the US company.

One of the more controversial measures announced by Zoom a few weeks ago was related to their end-to-end encryption (E2EE) option and the company’s decision to only offer the feature to paying customers. The main reason pertained to security, as the implementation of E2EE would make it difficult to identify Zoom bombers and other similar infractions.

Their decision wasn’t received with open arms, and the company continued to look for a solution, helped by civil liberties organizations, child safety advocates, encryption experts, and others. Finally, it looks like a resolution was reached, allowing them to offer E2EE to all tiers of users.

“Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message,” said Eric S. Yuan, Zoom’s CEO.

“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse,” he continued.

It will take a while until this feature is available for everyone. Testing for E2EE will start in July 2020, in a Beta version. Until E2EE becomes the norm, the others users will have to settle for the existing AES 256 GCM transport encryption.

Moreover, it will be up to hosts to toggle E2EE for each meeting. Zoom says that this encryption technology limits some of the app’s functionalities, such as the inclusion of traditional PSTN phone lines or SIP/H.323 hardware conference room systems.