Video chat service Zoom will finally add end-to-end encryption to calls placed by users on the free version of its service, weeks after announcing it would only be available to premium users who shelled out for the privilege.
In April, Zoom faced a shareholder lawsuit alleging that the service boasted it used true end-to-end encryption, which prevents malicious parties from intercepting the contents of a conversation unless they have access to one of the devices involved. In reality it only used less-secure transport encryption, which allowed Zoom to monitor the content of calls and who was participating in them.
This annoyed some people in high places, not the least Senators Sherrod Brown and Richard Blumenthal, who chastised the company for shoddy security practices. It didn’t help that a later report indicated that some of its encryption keys were being generated by servers in China, where they could theoretically end up in the hands of state authorities. At the same time, Zoom was surging in new users thanks to the coronavirus pandemic and had proven itself vulnerable to “Zoombombing,” in which trolls hijacked video calls and broadcast gore and sexual imagery.
Zoom announced it would implement end-to-end encryption in May, but only for users paying for its $14.99 monthly plan. Then in June, it had to clarify remarks from CEO Eric Yuan that Zoom couldn’t offer the encryption to free tier users because that might get in the way of cooperation with the police and the FBI (the company had to reassure angry users that authorities would need to present a warrant before accessing any data). Per Bloomberg, after two petitions requesting Zoom switch to the higher tier of encryption for all users gathered 70,000 signatures, the company has finally caved and will roll out the feature to all users—regardless of whether they’re paying or not.
In a blog post on Wednesday, Yuan wrote that the company had sought the advice of “civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others” while making its determination. The tradeoff is that all Zoom users seeking to use the higher level of security will now need verify their identity with a text message or another method.
“We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform,” Yuan wrote.
This is far from the only mess Zoom has gotten itself into lately. Over the past few weeks, it suspended a number of individuals and organizations for memorializing the Tiananmen Square massacre, including Hong Kong Alliance chairman Lee Cheuk-Yan and the U.S.-based Humanitarian China. Zoom later claimed it made a mistake by enforcing Chinese censorship outside the nation’s borders, but at the same time it reaffirmed its commitment to censoring users within China in accordance with local law.