Skip to main content
close search
site logo
Dive Brief

Following scrutiny, Zoom enables end-to-end encryption to all users

Published June 18, 2020 Updated Oct. 27, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Zoom
Retrieved from Zoom on April 03, 2020

UPDATE: Oct. 27, 2020: Zoom made end-to-end encryption (E2EE) available globally, for paying and free Zoom users Monday. Available as technical preview, the feature uses 256-bit AES-GCM encryption, the same encryption used by default in meetings. Zoom is accepting user feedback on the feature for 30 days. 

"When users enable E2EE for their meetings, nobody except each participant — not even Zoom’s meeting servers — has access to the encryption keys that are used to encrypt the meeting," according to the announcement

To enable E2EE, meeting hosts generates encryption keys to distribute among up to 200 participants using public key cryptography. Zoom's cloud meeting servers "become oblivious relays and never see the encryption keys," the company said. 

Dive Brief:

  • Zoom is enabling end-to-end encryption across "all tiers of users" and launched its updated E2EE design on GitHub, CEO Eric Yuan said in a company blog post. The beta add-on will become available in July.
  • Because E2EE disables some functions of the platform, including use of "traditional PSTN phone lines or SIP/H.323 hardware conference room systems," users can "toggle" the feature on and off depending on their meeting, according to Yuan. 
  • As E2EE is an optional feature, all Zoom users have the default encryption standard AES 256 GCM transport encryption. Account administrators have the ability to decide E2EE on account or group levels.

Dive Insight:

Zoom's security and privacy came under fire in March as the platform experienced widespread enterprise and consumer adoption. It began catering to two very different user bases and leaving a poor impression on potential customers, despite its competitors using similar technologies.

In the months since, Zoom agreed to implement further security guardrails with the expectation of regular code inspection, and giving hosts default access controls for privacy reasons. While Zoom absorbed most of the criticism for collecting meeting transcripts, other video platforms, including Cisco, Microsoft Teams and Google Hangouts were all noted to do some degree of transcript retention, according to an evaluation by Consumer Reports. 

In consultation with civil liberty engineers, a newly-minted CISO council, and other privacy and security advocates, Zoom enabled E2EE "as an advanced add-on feature" for paying and non-paying customers.

The snowball effect of the last several months of remote work has resulted in organizations taking more steps to vet collaboration and communication platforms — tools traditionally viewed as candylike for employees — because they were bonus tools in an office environment. 

"These are not the kinds of tools we focus a whole lot on before," said Bryan Ware, assistant director at the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) while speaking on a virtual panel last month. 

Tools that are well over a decade old were not a security priority for CISA. The agency is more engaged with teleworking vendors and products to address risks and controls. "I think we'll be looking for new solutions for mid- and long-term to enable us" to be more secure and more confidence in teleworking over time, he said. 

Eventually, Ware wants to provide organizations with documentation of CVEs and specific controls that are available (such as E2EE). The agency last issued interim guidance in April for teleworking tools.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell