Zoom has confirmed that it will begin rolling out end-to-end encryption (E2EE) next week, starting with a technical preview to glean feedback from users for the first 30 days, which will be followed by an additional three phases ahead of its full launch.
The announcement came as part of its annual Zoomtopia event today, where it also launched a new integrated platform for classes and events and its new Zapps platform to bring third-party apps directly into video calls.
Encryption
E2EE has been a long time coming for Zoom, with the video communications giant creating significant controversy earlier this year when it revealed plans to make E2EE available only to those on a paid plan. Privacy advocates and civil rights groups argued that basic security functionality shouldn’t be a premium feature, forcing Zoom to backtrack and promise the functionality to all users. The purpose of Zoom’s original plan was to negate nefarious use of its service and deter bad actors from mass-creating abusive accounts. As part of its updated plan, Zoom said that free users seeking E2EE will instead have to go through a one-time verification process, which may involve having to provide their mobile phone number.
With E2EE, Zoom builds on its existing GCM encryption, except rather than Zoom’s servers managing the encryption key process, the meeting host generates the encryption keys and uses public key cryptography to distribute the keys to each participant. In other words, Zoom has no knowledge or access to the keys needed to decrypt video chat content — the decryption keys are generated and stored locally on users’ machines.
A little green shield log in the top-left tells users that the call is protected by E2EE, and all participants will be able to see the meeting host’s security code and check it against the code on their screen.
To start using E2EE next week, hosts must activate E2EE in their account settings and then opt-in to it for each meeting that they are on — all participants must enable E2EE in their own Zoom app to join a call. During phase 1, certain functionality and features will be disabled for E2EE calls, such as breakout rooms, cloud recording, polling, live transcription, one-to-one chats, and reactions.
Zoom hasn’t given a concrete timeframe for the next three E2EE phases, but it did say that phase 2 is “tentatively roadmapped for 2021” for which it plans to introduce “better identity management” and E2EE SSO (single sign-on) integration.