Zoom Announces Technical Preview of End-to-End Encryption

Video conferencing platform Zoom next week will start rolling out end-to-end encryption (E2EE) in technical preview.

The company revealed plans to provide users with end-to-end encryption in May, and announced in June that it would make the feature available to all users, although it was initially planning on leaving free users out.

Now, the company has reinforced the fact that both free and paid users will be offered encryption, and that they will be able to host E2EE meetings with up to 200 participants, thus benefiting from increased privacy and security.

“We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” the company said earlier this week.

This, Zoom says, is only the first phase of its four-phase rollout plan, which is aimed at providing robust protections “to help prevent the interception of decryption keys that could be used to monitor meeting content.”

With E2EE, Zoom says, users will take advantage of the same encryption already available in Zoom meetings, with the main difference being where the encryption keys are stored. Typically, these keys are generated in Zoom cloud and distributed to meeting participants, but with Zoom E2EE, the keys are generated and distributed by the meeting’s host.

With these keys being distributed using public key cryptography, Zoom’s servers never see the encryption keys that are used to decrypt the meeting contents.

Zoom users will need to enable encrypted meetings at the account level and also opt-in to the new feature on a per-meeting basis.

The company also explains that enabling E2EE disables certain features in Zoom, such as 1:1 private chat, Breakout Rooms, cloud recording, join before host, live transcription, streaming, polling, and meeting reactions.

When end-to-end encryption is enabled, participants in a Zoom meeting will see a green shield logo with a padlock in the middle in the upper left corner of the screen. The symbol is similar to that of the GCM encryption, but features a lock instead of a checkmark.

“Participants will also see the meeting leader’s security code that they can use to verify the secure connection. The host can read this code out loud, and all participants can check that their clients display the same code,” Zoom says.

Phase two of the E2EE rollout is planned for 2021 and will include better identity management and E2EE SSO integration.

“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world. This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises,” said Zoom CEO Eric S. Yuan.

Related: Zoom Rolls Out 2FA Support for All Accounts

Related: Zoom Will Offer End-to-End Encryption to Free Users

Related: Zoom Acquires Keybase to Bring End-to-End Encryption to Video Platform

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *