Under pressures from privacy and human rights advocates, video-conferencing service Zoom says it will make end-to-end encryption available to both paying and free-plan users on its service.
Previously, the company said it would only provide its end-to-end encryption to paying customers and a less-robust and complete form of encryption, transit encryption, to non-paying customers.[Tweet “Under pressures from privacy and human rights advocates, video-conferencing service Zoom says it will make end-to-end encryption available to both paying and free-plan users on its service.”]
Zoom initially said that the two-tier offering would allow law enforcement to regulate illicit content coming from users who don’t have accounts and, hence, are harder to track. Paying users, by contrast, had more traceability and, hence, were less likely to use the platform for illegal purposes.
Critics in the corner of privacy and human rights circles claimed that these plans by Zoom threatened to make privacy “premium feature” instead of something available by default. The critics called on Zoom to provide the same protections for all users.
It looks like Zoom has done just that, announcing a new plan to extend end-to-end encryption, or E2EE, to non-paying users.
“To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message,” Zoom CEO, Eric Yuan writes in a blog post.
“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools—including our Report a User function—we can continue to prevent and fight abuse.”
Ars Technica reports that the registration process is similar to those required by end-to-end messaging services Signal and WhatsApp. Users of each service must prove they have control of a valid phone number. When combined with Zoom measures designed to detect illicit behaviour, Yuan says the registration will allow his company to offer End-to-End encryption to all users and at the same time enforce safety on its platform.
Yuan says that once End-to-End encryption is implemented, it will be an option that can be turned on because it limits some meeting functionality, such as the ability to connect by traditional phone lines or SIP/H.323 hardware.