Zoom to offer end-to-end encryption for all users
Facing relentless pressure from the market as well as privacy groups, Zoom Inc has announced that it would make available end-to-end encryption to both paying and non-paying users of its video conferencing service.
This is seen as a welcome 180 degree turn from the company that had earlier taken the stand of providing end-to-end encryption only to its paying customers. The non-paying customers had to make do with a watered-down encryption, generally referred to as transit encryption.
The contention of privacy and human rights advocates was that Zoom's model was essentially making privacy a premium feature available only to paying customers. It was also claimed that the paying customers had more 'traceability', and hence were less likely to use the platform for illegal activities.
Bowing to the relentless pressure on it, Zoom, which had become hugely popular all over the world during the pandemic-induced lockdown, has now announced that it plans to roll out end-to-end encryption to non-paying users (E2EE), too.
- Check out our list of the best video conferencing services of 2020
- Working from home: the mouse, monitor, keyboard and router you need
- We've built a list of the best webcams on the market
Simple process to keep tabs on users
Hitherto, free users on Zoom sign up with an email address, which does not provide enough information to verify identity.
But now that Zoom has relented, a new process will be in place for free users.
“Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message,” Zoom CEO Eric Yuan said in a post.
“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools—including our Report a User function—we can continue to prevent and fight abuse,” Yuan added.
The beta launch will happen in July, but it is not clear how the roll-out would be phased and when.
The registration process is similar to those required by end-to-end messaging services like WhatsApp. Users of each service must prove they have a valid phone number. This is expected to weed out shady and illegal operators in a large manner.
Strong encryption everywhere helps everyone. At an individual level, too end to end encryption essentially provides each user with keys that reside solely on their devices, where communications are encrypted and later decrypted (the encrypted data is usually encrypted a second time as it travels over the wire).
Technical experts say it is well-nigh difficult for anyone (be it the government or malicious hackers) to access the human-readable content. In principle, even service providers have no access to the keys that decrypt the data.
This kind of protection is the need of the hour as more and more sensitive information is transmitted over the Internet.
Yuan said that E2EE when implemented will be an optional feature.
"E2EE will be an optional feature as it limits some meeting functionality, such as the ability to include traditional PSTN phone lines or SIP/H.323 hardware conference room systems. Hosts will toggle E2EE on or off on a per-meeting basis."
Account administrators will be able to enable and disable E2EE at the account and group level.
- Here's our list of the best online collaboration tools on the market