Zoom has confirmed it won’t be offering end-to-end encryption on free accounts. Last week, the company’s security consultant Alex Stamos revealed that plans for tightened security on paying accounts were in the pipeline — today Zoom CEO Eric Yuan has confirmed it. Predictably, the move has stirred a lot of controversy, namely because Yuan has given the impression that in doing so, Zoom wants to keep authorities sweet.
In the company’s latest financial results announcement, Yuan said, “Free users, for sure, we don’t want to give that [end-to-end encryption]. Because we also want to work it together with FBI and local law enforcement, in case some people use Zoom for bad purpose.” Some have subsequently accused Zoom of “kowtowing to the police.”
However, Stamos asserted that Yuan’s statement was not clear (and also gave a tongue-in-cheek nod to his relationship with his former CEO Mark Zuckerberg), and then took to Twitter to explain in more detail why Zoom has made this decision. According to Stamos, Zoom faces a “difficult balancing act” trying to improve privacy guarantees while “reducing the human impact of the abuse of its product.” Here, he’s referring to hate speech, exposure to children and other illegal behaviors which have blighted Zoom in recent times. Those involved in this type of activity will mostly use a free account with throwaway email addresses – a lower level of encryption will allow Zoom, with the assistance of law enforcement, to take action on repeat offenders.
Some facts on Zoom’s current plans for E2E encryption, which are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.
The E2E design is available here:https://t.co/beLdeAwMSM
— Alex Stamos (@alexstamos) June 3, 2020
Concluding, Stamos notes, “Will this eliminate all abuse? No, but since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm.” He also reiterated that Zoom does not proactively monitor content in meetings and “will not in the future.” Nor does it, or will it, record meetings silently.
The company has faced a raft of challenges in recent times, largely catalyzed by its increased uptake due to the coronavirus crisis. And now, as the platform is increasingly being used by nefarious individuals for illegal activities, Zoom — like all other tech companies — must strike a balance between security for its trusted users, and mechanisms for weeding out the bad actors. Zoom hasn’t yet given a release date for the new encryption feature.