Zoom to provide end-to-end encryption to both free, paid users
Video conferencing platform Zoom has said it will be providing end-to-end encryption to all users, reversing its earlier decision to offer the privacy feature only to paid users.
The announcement came after digital right group criticised Zoom for its plan to deprive free users of the benefits of end-to-end encryption.
The decision to exclude free users was based on fear of misuse of the platform by bad actors, according to Zoom.
In a blog post on Wednesday, Zoom CEO Eric Yuan said that the company has now identified a path forward that balances the legitimate right of all users to privacy and the safety of users on its platform.
“This will enable us to offer E2EE (end-to-end encryption) as an advanced add-on feature for all of our users around the globe — free and paid — while maintaining the ability to prevent and fight abuse on our platform,” Yuan said.
Free/Basic users seeking access to end-to-end encryption will have to participate in a one-time process that will prompt them for additional pieces of information, such as verifying a phone number via a text message.
“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts,” Yuan said.
“We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”
Zoom said it plans to roll out early beta of the end-to-end encryption feature from next month.
It will be an optional feature as it limits some meeting functionality.
Zoom said since releasing the draft design of the platform’s end-to-end encryption on May 22, it has engaged with civil liberties organisations, child safety advocates, encryption experts, government representatives, its own users, and others to gather their feedback on this feature.
Zoom was earlier sued by one of its shareholders who alleged in the complaint that the platform failed to disclose some vulnerabilities and that the services did not provide end-to-end encryption.