SAN FRANCISCO (REUTERS) – Video conferencing provider Zoom plans to strengthen encryption of video calls hosted by paying clients and institutions such as schools, but not by users of its free consumer accounts, a company official said on Friday (May 29).
The company, whose business has boomed with the coronavirus pandemic, discussed the move on a call with civil liberties groups and child-sex abuse fighters on Thursday (May 28), and Zoom security consultant Alex Stamos confirmed it on Friday.
In an interview, Stamos said the plan was subject to change and it was not yet clear which, if any, nonprofits or other users, such as political dissidents, might qualify for accounts allowing more secure video meetings.
He added that a combination of technological, safety and business factors went into the plan, which drew mixed reactions from privacy advocates.
Zoom has attracted millions of free and paying customers amid the pandemic, in part because users could join a meeting – something that now happens 300 million times a day – without registering.
But that has allowed opportunities for troublemakers to slip into meetings, sometimes after pretending to be invitees.
Gennie Gebhart, a researcher with the Electronic Frontier Foundation who was on Thursday's call, said she hoped Zoom would change course and offer protected video more widely.
But Jon Callas, a technology fellow of the American Civil Liberties Union, said the strategy seemed a reasonable compromise.
Safety experts and law enforcement have warned that sexual predators and other criminals are increasingly using encrypted communications to avoid detection.
"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," said Callas, who previously sold paid encryption services.
"Charging money for end-to-end encryption is a way to get rid of the riff-raff," including spammers and other malicious users who take advantage of free services.
Zoom hired Stamos and other experts after a series of security failures led some institutions to ban its use. Last week Zoom released a technical paper on its encryption plans, without saying how widely they would reach.
"At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety," said Stamos, a former chief security officer at Facebook.
"The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are."
Full encryption for every meeting would leave Zoom's trust and safety team unable to add itself as a participant in gatherings to tackle abuse in real time, Stamos aRead More – Source