Following Zoom’s unprecedented rise in our current at-home climate, a number of issues surrounding security and privacy have been raised against the cloud meeting service. As reported by Bloomberg, Zoom’s CEO explained some of the reasoning behind certain security decisions for the company’s free service tier. The video conferencing service came under fire some months ago for making misleading claims about the level of encryption available for its meetings. Though Zoom advertised ‘end-to-end encryption’ (or E2EE), the company was revealed to be using its own unique definition of the term—meetings are encrypted between Zoom’s servers, not individual clients, meaning that the company could theoretically access any meeting it chooses. Though Zoom has stated that such monitoring won’t ever happen, it’s also reportedly working on increased security and planning to bring E2EE to all paying customers in the near future. Yes, that excludes all free customers, and the company has explained that this is in order to cooperate more easily with law enforcement and authorities.
“Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” CEO Eric Yuan is quoted as saying. In the past, Zoom has been exploited in a wide range of ways, from harmless-but-disruptive ‘Zoombombing’ to truly nefarious purposes like hate speech, child abuse, and other illegal activities.
Right now, Zoom’s employees can enter meetings as a failsafe backdoor to crack down on abuse of its platform, but this would be impossible with an E2E encrypted connection. That’s why the company is limiting the availability of the enhanced security standard in an effort to prevent misuse.
So this creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product.
— Alex Stamos (@alexstamos) June 3, 2020
Zoom’s security consultant Alex Stamos also tweeted about the situation, explaining that the implementation of E2EE requires a “difficult balancing act”. Keeping E2EE demarcated to paid users more likely to actually require it will inevitably help, but Zoom has also stated its commitment to providing more comprehensive solutions in the future.
Evidently, the widespread need for a video conferencing solution and the multifaceted complexity of securing internet connections both complicate the process of working towards a more convenient, safe, and secure cloud. But hopefully, Zoom’s latest efforts will be able to keep up with the needs of its ever-growing user base.