In reversal, Zoom says all users will have access to end-to-end encryption
Zoom has decided it will be able to offer end-to-end encryption to both free and paid users after all, reversing a recent decision that would have limited the feature to paid users, company founder Eric S. Yuan announced Wednesday.
“Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users,” Yuan writes in a company blog.
In order to gain access to end-to-end encryption, users will have to provide additional information, such as verifying their cell phone number through a text message, Yuan said.
Yuan previously said that the earlier decision was rooted in the idea that Zoom should be able to share information with law enforcement agencies about free users committing crimes, but privacy and security experts questioned whether the company was favoring those needs over providing a secure product for people and organizations who are unable to afford paid accounts.
Earlier this month, tens of thousands of people signed onto an open letter from the Mozilla organization and the Electronic Frontier Foundation urging Zoom to backpedal and expand the scope of its end-to-end encryption plans.
“Tools like Zoom can be critical to help protesters organize and communicate their message widely. Activists should be able to plan and conduct protest-related activities without fear that these meetings, and the information they include, may be subject to interception,” the letter stated. “Unfortunately, recent actions from law enforcement — and a long history of discriminatory policing — have legitimized such fears, making end-to-end encryption all the more critical.”
Zoom has been working on several security fixes ever since its user base soared amid teleworking during the coronavirus pandemic and Yuan acknowledged the company was falling short on security. It released an updated guide to its end-to-end encryption plans on GitHub on Wednesday and says it will have a beta version next month.
The company’s control over the use of its platform recently came under heightened scrutiny after it suspended user accounts discussing the anniversary of the Tiananmen Square massacre in China. The company had deferred to requests from the Chinese government to block those accounts.
Zoom has since said it will not allow requests from Beijing to impact users outside of mainland China. However, Zoom says it will continue working with Chinese law enforcement to block China-based accounts.
