Was That So Hard, Zoom?

Illustration for article titled Was That So Hard, Zoom?
Photo: Hannah McKay (Pool/Getty Images)

Video chat service Zoom will finally add end-to-end encryption to calls placed by users on the free version of its service, weeks after announcing it would only be available to premium users who shelled out for the privilege.


In April, Zoom faced a shareholder lawsuit alleging that the service boasted it used true end-to-end encryption, which prevents malicious parties from intercepting the contents of a conversation unless they have access to one of the devices involved. In reality it only used less-secure transport encryption, which allowed Zoom to monitor the content of calls and who was participating in them.

This annoyed some people in high places, not the least Senators Sherrod Brown and Richard Blumenthal, who chastised the company for shoddy security practices. It didn’t help that a later report indicated that some of its encryption keys were being generated by servers in China, where they could theoretically end up in the hands of state authorities. At the same time, Zoom was surging in new users thanks to the coronavirus pandemic and had proven itself vulnerable to “Zoombombing,” in which trolls hijacked video calls and broadcast gore and sexual imagery.

Zoom announced it would implement end-to-end encryption in May, but only for users paying for its $14.99 monthly plan. Then in June, it had to clarify remarks from CEO Eric Yuan that Zoom couldn’t offer the encryption to free tier users because that might get in the way of cooperation with the police and the FBI (the company had to reassure angry users that authorities would need to present a warrant before accessing any data). Per Bloomberg, after two petitions requesting Zoom switch to the higher tier of encryption for all users gathered 70,000 signatures, the company has finally caved and will roll out the feature to all users—regardless of whether they’re paying or not.

In a blog post on Wednesday, Yuan wrote that the company had sought the advice of “civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others” while making its determination. The tradeoff is that all Zoom users seeking to use the higher level of security will now need verify their identity with a text message or another method.

“We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform,” Yuan wrote.

This is far from the only mess Zoom has gotten itself into lately. Over the past few weeks, it suspended a number of individuals and organizations for memorializing the Tiananmen Square massacre, including Hong Kong Alliance chairman Lee Cheuk-Yan and the U.S.-based Humanitarian China. Zoom later claimed it made a mistake by enforcing Chinese censorship outside the nation’s borders, but at the same time it reaffirmed its commitment to censoring users within China in accordance with local law.


"... An upperclassman who had been researching terrorist groups online." - Washington Post


I’m just counting down the days till we find out that Zoom’s ‘end to end’ encryption is not actually secure end to end. Just like their previous ‘end to end’ encryption which wasn’t actually end to end (as you mentioned).

If nothing else it’s essentially a Chinese company. It’s incorporated here, but the owner emigrated here from China in his 30s and most of their engineers are in China. China doesn’t allow secure end to end encryption because that would interfere with their inspecting every single bit for someone saying something bad about their treatment of the Uighur, since that could hurt Xi’s feelings. They’ve even admitted publicly that they help China crack down on dissidents even outside China. So the chances that Zoom has real, useful, end to end encryption are pretty close to zero.