Zoom Rolls Out End-to-End Encryption
End-to-end encryption is being offered to better secure the platform after it experienced security issues.
Zoom is rolling out its end-to-end encryption offering as a technical preview for 30 days as the company seeks feedback from its users, the company announced during its two-day virtual Zoomtopia event.
The enhanced encryption for both free and paid users comes after Zoom in May announced plans to build an end-to-end encryption (E2EE) model into the popular videoconferencing platform to increase meeting and distance learning security. In a press release, the company says this initial roll out is the first of four phases in releasing the E2EE model.
Zoom earlier this year took 90 days to address security concerns with the platform after reports of hijackers easily joining calls as usage skyrocketed in the early days of the COVID-19 lockdown. The company added new security features, like better meeting controls, stronger password protections and enhanced encryption.
According to the company, its E2EE uses the same GCM encryption currently offered to Zoom users, but where those encryptions live has changed. Zoom’s cloud typically generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With this new offering, the meeting’s host generates encryption keys and uses public key cryptography to distribute keys to the other meeting participants.
That turns Zoom’s servers into oblivious relays that never see the encryption keys required to decrypt meeting content, according to the company.
All participants must have the setting enabled to join a call that is end-to-end encrypted. Hosts can enable the setting at the account, group and user level, and can be locked at the account or group level, according to the company.
In the first phase, all participants must join from the Zoom desktop client, mobile app or Zoom Rooms.
“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” said Zoom CEO Eric S. Yuan in a statement. “This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.”
At least in this version, enabling E2EE will disable some features, like joining before the host, cloud recording, streaming, live transcription, breakout rooms, polling, 1:1 private chat and meeting reactions.
The company is planning to roll out better identity management and E2EE SSO integration as part of the second phase, which is tentatively scheduled for 2021.
This article originally ran in CS sister publication MyTechDecisions.com and has been edited. Zachary Comeau is TD’s web editor.