Video conferencing platform Zoom will begin rolling out end-to-end encryption for users starting next week, the company said in a blog post. Zoom has seen a huge upsurge in its user base, owing to the boom in remote working due to the COVID-19 pandemic. However, Zoom’s fortunes came with doubts over the platform’s security. Further, misleading claims of having end-to-end encryption when it didn’t made the concerns over Zoom’s privacy and security more prominent. Now, end-to-end encryption is on its way to Zoom, for real this time.
The rollout next week will be a technical preview, meaning that Zoom will take feedback from customers for the next 30 days in order to make sure its encryption is intact. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions,” the company said in its blog post. Zoom’s end-to-end encryption uses AES 256-bit GCM encryption. In a normal Zoom meeting, the cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With end-to-end encryption, the meeting’s host will generate encryption keys and use public key cryptography to distribute those keys to meeting participants. Zoom servers never see the encryption keys required to decrypt the meeting contents.
“This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises,” Zoom CEO Eric Yuan said.
To enable the end-to-end encryption technical preview, Zoom users would need to enable End-to-end encryption meetings from their accounts and opt-in to end-to-end encryption on a per-meeting basis.
Next week’s rollout will be phase 1 of a four-stage process to bring end-to-end encryption to Zoom. The next phase for the rollout will include “better identity management and end-to-end encryption SSO integration.” Zoom said that the second phase is slated for 2021.
Zoom had initially announced its plans to bring end-to-end encryption to its platform in May. The company had back then also acquired Keybase, saying that it was aiming to develop the most broadly used enterprise end-to-end encryption offering. However, CEO Eric Yuan had then said that end-to-end encryption will be reserved for Zoom’s paid customers, but retracted a month later saying that all users will be provided with the highest level of security.