Pressure from privacy group The Electronic Frontier Foundation (EFF) and Mozilla has led to Zoom offering end-to-end encryption to all its users, not just paying customers.
The decision to offer end-to-end encryption to all customers is a U-turn for Zoom. Previously, and after capitalising on the huge surge in numbers of new Zoom customers due to the pandemic, it was reported that Zoom had not wanted to offer end-to-end encryption to free users because it wanted to co-operate with U.S. law enforcement agencies e.g. the FBI and local law enforcement. Zoom’s position appears to have been based on an assumption that free-end-to-end encryption could lead to Zoom being used for illicit purposes by some users. This is reminiscent of reports that WhatsApp was used in the UK by those responsible for the London Bridge terror attack, perhaps because the end-to-end encryption would hide their communications from the authorities.
The EFF and Mozilla
The U-turn by Zoom, in this case, appears to have been influenced by pressure from the EFF and Mozilla.
The EFF, for example, is claiming a victory after 20,000 people signed on the EFF and Mozilla’s open letter to Zoom. The EFF argues that “best-practice privacy and security features should not be restricted to users who can afford to pay a premium.”
The EFF also makes the point that with the pandemic forcing many more organisations onto Zoom than perhaps the platform was designed for, those who cannot afford enterprise subscriptions are often the ones who need strong security and privacy protections the most.
The EFF also points out that end-to-end-encryption on the platform could help those working towards social justice, for example, those organising in “the Black-led movement against police violence”.
Must Part With Some Personal Details
Users cannot, however, expect to sign-up to a free end-to-end-encrypted Zoom without parting with some personal details. It appears that in order for Zoom to feel comfortable with what it sees as its balancing act of offering the services that people want with fighting abuse and its duty to co-operate with law enforcement agencies, Free/Basic users seeking access to Zoom’s E2EE must go through a “one-time process” of parting with additional pieces of information, such as verifying a phone number via a text message. Zoom also points out that it has a “Report a User function”.
What Does This Mean For Your Business?
For those smaller businesses and organisations using Zoom, perhaps since the beginning of the pandemic, it is good news that they now have access to strong security and privacy protection for free.
For other competing platforms, such as Slack and Microsoft Teams, the pressure is now on to follow suit in order to compete.
There is, however, a hope that the phone numbers given to Zoom for authentication in order to sign-up to the end-to-end encryption will not be disclosed to other parties and that they are used purely for authentication.