Zoom to roll out end-to-end encryption for video conferences next week
Zoom on Wednesday announced its plans to begin Phase 1 of rolling out end-to-end encryption (E2EE) to users starting next week. The popular video conferencing platform previously rolled the feature out in beta.
In a blog post, Zoom said the initial rollout of E2EE will be a technical preview, which means users will be asked to provide feedback for the first 30 days. When the feature is available, hosts will be able to enable E2EE at the account, group, and user level; the feature can be locked at the account or group level, Zoom said. If E2EE is enabled, all participants must have the setting enabled to join a meeting that’s encrypted.
Zoom users on free and paid plans will be able to host up to 200 participants in an E2EE meeting when the feature is available. Previously, the company said only enterprise users would get access to E2EE, but the platform quickly extended that offer to free users after backlash to the decision.
“To be clear, Zoom’s E2EE use the same powerful GCM encryption you get now in a Zoom meeting,” Zoom said. “The only difference is where those encryption keys live.”
Before, Zoom’s cloud service would generate encryption keys and distribute them to participants. With E2EE enabled, the meeting’s host generates encryption keys and uses cryptography to distribute these keys to the other meeting participants.
In a FAQ, Zoom said that once E2EE is enabled, users will lose some regular features, including cloud recording, live transcription, and the ability to join before host. A green shield logo will appear in the upper left corner of the meeting screen once E2EE is enabled.
There’s no question Zoom is enjoying its best year ever thanks to the COVID-19 pandemic. Many users and companies now rely on the platform to communicate, but that popularity has come with intense scrutiny. Zoom has been criticized for its security practices, prompting the company to introduce these stronger encryption features.
Zoom said free/basic users who want to enable E2EE are required to participate in a “one-time verification process that will prompt the users for additional pieces of information, such as verifying a phone number via text message.” The extra precaution is to prevent the mass creation of abusive accounts.
Next week’s technical preview is Phase 1 of a four-stage process for Zoom’s E2EE rollout. The company said it plans to roll out Phase 2 in 2021, and will include better identity management and E2EE SSO integration.