Skip to main content

Zoom prepares to roll out end-to-end encryption in 4 phases

Zoom launches end-to-end encryption
Zoom launches end-to-end encryption

Zoom has confirmed that it will begin rolling out end-to-end encryption (E2EE) next week, starting with a technical preview to glean feedback from users for the first 30 days, which will be followed by an additional three phases ahead of its full launch.

The announcement came as part of its annual Zoomtopia event today, where it also launched a new integrated platform for classes and events and its new Zapps platform to bring third-party apps directly into video calls.

Encryption

E2EE has been a long time coming for Zoom, with the video communications giant creating significant controversy earlier this year when it revealed plans to make E2EE available only to those on a paid plan. Privacy advocates and civil rights groups argued that basic security functionality shouldn’t be a premium feature, forcing Zoom to backtrack and promise the functionality to all users. The purpose of Zoom’s original plan was to negate nefarious use of its service and deter bad actors from mass-creating abusive accounts. As part of its updated plan, Zoom said that free users seeking E2EE will instead have to go through a one-time verification process, which may involve having to provide their mobile phone number.

With E2EE, Zoom builds on its existing GCM encryption, except rather than Zoom’s servers managing the encryption key process, the meeting host generates the encryption keys and uses public key cryptography to distribute the keys to each participant. In other words, Zoom has no knowledge or access to the keys needed to decrypt video chat content — the decryption keys are generated and stored locally on users’ machines.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

A little green shield log in the top-left tells users that the call is protected by E2EE, and all participants will be able to see the meeting host’s security code and check it against the code on their screen.

Above: Zoom: End-to-end-encryption is rolling out soon

To start using E2EE next week, hosts must activate E2EE in their account settings and then opt-in to it for each meeting that they are on — all participants must enable E2EE in their own Zoom app to join a call. During phase 1, certain functionality and features will be disabled for E2EE calls, such as breakout rooms, cloud recording, polling, live transcription, one-to-one chats, and reactions.

Zoom hasn’t given a concrete timeframe for the next three E2EE phases, but it did say that phase 2 is “tentatively roadmapped for 2021” for which it plans to introduce “better identity management” and E2EE SSO (single sign-on) integration.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.