June 18, 2020

Zoom will now offer end-to-end encryption to all users

By Robert Scammell

Video conferencing firm Zoom will now offer end-to-end encryption to all users after previously suggesting it would only be available to paying customers.

In June the company said it would only offer end-to-end encryption to paid accounts partly because it wanted to give law enforcement access should they require it.

This was met by criticism from the cybersecurity community, which warned it would create two tiers of security favouring those that could afford it.

Zoom’s end-to-end encryption will roll out in beta from July. Users will have the option to toggle end-to-end encryption on and off so that people calling in with traditional phone lines can still join.

The reversal follows discussions with civil liberties organisations, its own CISO council, child safety advocates, encryption experts, government representatives and Zoom users, the company said.

Those wishing to use Zoom end-to-end encryption will need to take part in a one-time verification process, such as verifying a number via a text message. The encryption being used is AES 256 GCM, a widely used standard.

Zoom: Pandemic winner

Zoom has soared in popularity during the coronavirus pandemic as businesses have been forced to work remotely.

This surge in users brought with it greater scrutiny, with security and privacy experts raising a number of concerns. In March the Intercept revealed that Zoom had been using its own definition of end-to-end encryption, which the video firm later apologised for.

In response, Zoom has made swift changes to address problems that have come to light and is currently going through a 90-day security plan.

As part of this, it has hired a number of leading figures from the cybersecurity community.

Between February and April Zoom generated $382m in revenue, a 169% year-on-year increase. Since the start of the year Zoom’s share price is up by more than 240%.


Read more: How the coronavirus forced Zoom to grow up fast