- Zoom does not provide end-to-end encryption of video calls to free users
- The news was announced by CEO of the company
- Zoom Explains Why Free Users Are Not Getting End-to-End Encryption on Video Calls
Eric Yuan who is the Chief Executive Officer (CEO) at Zoom recently sparked a controversy when he said that Zoom may not offer the robust end-to-end encryption (E2EE) security on free calls to ensure that the company can work with the law enforcement.
On Tuesday, during a conference, Yuan suggested that the E2EE security could be provided to the premium customers of Zoom instead of the millions of free users using the application and platform. When these comments surfaced, several users on Twitter criticized the company and the CEO for compromising the basic security offered by its rivals like Google Duo, WhatsApp and Apple’s FaceTime.
Stepping up, to pacify the situation, the company’s Security Consultant, Alex Stamos, took it to Twitter and tried to explain why the company has taken such a huge step of excluding people from E2EE security.
In a series of tweets, Stamos explained that Zoom’s decision of offering E2EE security only to the premium users saying that Zoom is facing a “difficult balancing act” of trying to improve its privacy at the same time also “reducing the human impact of the abuse of its product.”
Stamos was referring to the “hate speech, exposure to children, and other illegal behaviors” which have impacted the company in recent times. He further added that “Self-service users” or the non-premium users more often than not, make use of fake identities to disrupt the platform which such abuse. The executive cleared that the E2EE was also provided to enterprises such as schools and other educational institutions which are not paying the company any premium.
Some facts on Zoom's current plans for E2E encryption, which are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.— Alex Stamos (@alexstamos) June 3, 2020
The E2E design is available here:https://t.co/beLdeAwMSM
The Twitter post read, “Will this eliminate all abuse? No, but since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm,”.
Zoom’s security consultant also claims that the company does not proactively monitor content in the meetings and would not in the future, however, he did contradict his statement when he said that Zoom’s Trust and Safety team could enter any zoom call “if they have a strong belief that the meeting is abusive.”
He said, “All users (free and paid) have their meeting content encrypted using a per-meeting AES256 key. Content is encrypted by the sending client and decrypted by receiving clients or by Zoom’s connector servers to bridge into the PSTN network and other services,”.
On Tuesday, during the conference call, Eric Yuan, Founder and CEO of Zoom, said, “Free users, for sure, we don’t want to give that because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for the bad purpose.”
We are seeing some misunderstandings on Twitter today around our encryption. We want to provide these facts. pic.twitter.com/iJVtqAXq57— Zoom (@zoom_us) June 3, 2020