Technology

Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

A deal in May paid off for the company, which added the encryption upgrade globally about six months after security experts and others began clamoring for it.

By Joe Warminsky

October 27, 2020

(Getty Images)

Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word.

The company said Monday that it was officially rolling out end-to-end encryption (E2EE) for all free and paid users, and it credited the acquisition of messaging and file-sharing service Keybase as a crucial decision toward that milestone.

“This has been a highly requested feature from our customers, and we’re excited to make this a reality,” Jason Lee, Zoom’s chief information security officer, said in a statement. “Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.”

Zoom announced the upgrade a couple of weeks ago, but said it was live as of Monday for Windows, macOS and Android users. Approval for the feature on iOS was awaiting approval from Apple’s App Store, Zoom said. It’s a classic case of a tech company acquiring the resources it needed rather than developing entirely them in-house.

The upgrade was more than just a “highly requested feature,” of course. Security experts, civil liberties groups, child safety advocates and other organizations have been pressuring Zoom for much of 2020 to improve the security of the app, given the explosion in telework that came after businesses and schools closed their buildings in response to the coronavirus pandemic.

The new E2EE technology is still in a “technical preview,” Zoom said, and it encouraged users to submit feedback about it.

E2EE essentially phases out Zoom’s old method of encryption, in which the company’s cloud servers generate encryption keys and distribute them to meeting participants.

“With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents,” the company said. “Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key.”

Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

More Like This

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

House hurtles toward showdown over expiring surveillance tools

Apple rolls out quantum-resistant cryptography for iMessage

Top Stories

Iranian nationals charged with hacking U.S. companies, Treasury and State departments

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

More Scoops

Zoom executives knew about key elements of plan to censor Chinese activists

Elon Musk wants encrypted messaging for Twitter. It might not be that simple.

Flaw in popular video software Agora could have let eavesdroppers in on private calls

Zoom settles charges with FTC over deceptive security practices

Zoom to begin end-to-end encryption rollout with monthlong preview

In reversal, Zoom says all users will have access to end-to-end encryption

Zoom apologizes for disabling US accounts commemorating Tiananmen Square anniversary

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics