Zoom plans encryption upgrade just for paid users
Video conferencing tool Zoom is planning to improve its security with stronger encryption, but only for paying customers and not those using the free version of the service.
Zoom has become a prominent player in the video conferencing industry in recent months, driven by a surge of clients prompted by the coronavirus pandemic. Its use for work-from-home purposes, as well as for education and by families and friends, has led to increased scrutiny of the app, including its security.
An advisor to the companyadvised to Reuters on Friday that it would be working to strengthen the encryption of video calls made on its service, but it wouldn't be available to all users. Under current plans, free users would be stuck with existing encryption and security features, while enhanced offerings will be provided to paid clients and institutions.
Zoom security consultant Alex Stamos advised the plan was still subject to change, but that the limitation of availability was the current course of action. He also confirmed the company has been in talks with to civil liberties groups and organizations fighting child-sex abuse, to determine what kinds of non-profit groups and specific types of user should also qualify for the increased protections.
Views on the proposal were mixed for organizations Zoom contacted. While Electronic Frontier Foundation researcher Gennie Gebhart told the company she hoped it would make protected video more widespread, American Civil Liberties Union technology fellow Jon Callas suggested it was a reasonable compromise.
"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," according to Callas. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."
Zoom's system allows people to join in meetings for free, without having to register their details with the company beforehand. While this helped raise Zoom's usage, the free and relatively anonymous nature also means there's fewer checks on people infiltrating meetings they aren't meant to attend, as well as attracting criminal elements.
A Zoom spokesperson told AppleInsider "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."
The discussion of encryption enhancements for paid users follows almost a month after the release of Zoom version 5.0, which added AES 256-bit GCM encryption, which will be available to all users on May 30 regardless of their license, and fixed a number of privacy and security issues. Zoom's problems, including "Zoombombing," has led to measures including public warnings from the FBI and a ban on teacher's use of the tool by the New York City Department of Education.
Zoom has, since May 6, become an approved platform for the NYC DOE.