NEW YORK – Zoom, the video conferencing provider whose business had boomed with the COVID-19 pandemic, plans to strengthen encryption on video calls made by paying clients and institutions like schools, but not for users of its popular free accounts, a company official said Friday.
The company previewed its intentions on a call with civil liberties groups and child-sex abuse fighters Thursday, and Zoom security consultant Alex Stamos confirmed the plans in an interview Friday.
Stamos said the plans were subject to change and it was not yet clear which if any nonprofits or other users, such as political dissidents, might qualify for accounts allowing for more secure vide meetings. He said a combination of technological, safety and business factors went into the plan, which drew mixed reactions from privacy advocates.
Zoom has attracted millions of free and paying customers amid the pandemic in part because users could join a meeting – something that happens 300 million times a day – without registering. But that has left more opportunities for troublemakers to slip into meetings, sometimes after pretending to be an invitee.
Electric Frontier Foundation researcher Gennie Gebhart, who was on Thursday’s call, said she hoped Zoom would change course and offer protected video more widely. But American Civil Liberties Union technology fellow Jon Callas said the strategy seemed a reasonable compromise.
Safety experts and law enforcement have warned that sexual predators and other criminals are increasingly using encrypted communications to avoid detection.
‘Those of us who are doing secure communication believe we need to do things about the real horrible stuff’, Callas said. ‘Charging money for end-to-end encryption is a way to get rid of the riff-riff’.
Zoom hired Stamos and other prominent experts after a series of security failures that led some institution to ban its use. Last week Zoom released a technical paper on its encryption plans, without saying how widely they would reach.
‘At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety’, said Stamos, a former chief security officer at Facebook.
‘The CEO is looking at different argument. The current plan is paid customers plus enterprise account where the company who they are’, he said.
Giving full encryption to every meeting would mean that Zoom’s trust and safety team would not be able to monitor what is happening or response effectively to abuse in real time, Stamos said.
An end-to-end model, which means no one but the participants and their devices can see and hear what is happening, would also have to exclude people who call in front a phone line.
From a business perspective, it is hard to earn money when offering a sophisticated and expensive encryption service for free. Facebook is planning to fully encrypt Messenger, but it earns enormous sums from its other services.
Other encrypted communication providers either charge business users or act as nonprofits, like the makers of Signal.