Zoom has revealed its potential plan to boost the encryption of video calls made by its paying customers including businesses and schools.
The video conferencing provider discussed its plans to offer improved encryption for premium users during a recent call with civil liberties groups and organizations fighting sexual abuse.
In an interview with Reuters, security consultant at Zoom, Alex Stamos said the plan is subject to change and that at this time, it is still not clear whether nonprofits or other users that need additional security such as political dissidents may qualify for access to the company's premium accounts.
During the pandemic, Zoom has attracted millions of free and paying customers as its video conferencing software allows users to join a meeting without VPNOnlineFreeing first. However, this has also led to users of the service having their meetings disrupted through a practice known as ‘Zoom-bombing' where hackers and pranksters join public and private meetings they have not been invited to.
While businesses, schools and non-profit organizations can benefit greatly from the additional security that encryption brings, safety experts and law enforcement agencies have warned that sexual predators and other criminals are increasingly employing encrypted communications to help avoid being detected online. This could be one of the reasons why Zoom is planning to limit encryption to its paid users.
The company recently released a whitepaper titled “E2E Encryption for Zoom Meetings” in which it laid out its encryption plans. These plans have not yet been finalized according to the whitepaper that explains that Zoom is has begun “a process of consultation with multiple stakeholders, including clients, cryptography experts, and civil society” on the matter of encryption.
Following a series of security failures earlier this year that led some organizations to ban Zoom, the company hired Alex Stamos and other experts to help. Stamos provided further details to Reuters regarding how Zoom is improving its security, saying:
“At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety. The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are.”
If Zoom were to add full encryption to every meeting on its service, the company's trust and safety team would be unable to add itself as a participant which would make tackling abuse in real time far more difficult. At the same time, users who call into Zoom meetings from their telephones would be unable to do so if the company adopts an end-to-end model.