Zoom might be one of the most popular pieces of software in the world at the moment, thanks to the need for video calls growing drastically around the world. Zooms rapid growth though has not been without issues as a vast number of security issues have shown just how unsecure the platform really is. Zoom has spent considerable effort addressing some of these concerns, but there is one big security issue that hasn’t been resolved just yet, at least on its free accounts, that of end-to-end encryption.
End-to-end encryption is important as it means that the call is completely secure and that the conversation can’t be intercepted or “hacked” in any way. It is that very reason though that the company is not enabling this end-to-end encryption as Zoom CEO Eric Yuan revealed in a meeting with investors this week, as FBI and local law-enforcement agencies in the US still want the ability to tap into accounts where they believe Zoom is being used for a bad purpose.
The need for encryption has seen law-enforcement authorities (mostly in the US) and tech companies lock heads before as the likes of Facebook, Microsoft and Google have previously been asked to remove elements of their encryption to make it easier for the government to intercept messages, something which many of them have refused to do. It is really is something which is sad, especially in this day and age when encryption should almost be a default security requirement before you can even launch a tool like this. Even though I do see some of the positive benefits of keeping certain mechanisms like this open, as zoom also details in an official statement:
Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where participants can enter meetings without being visible to others. None of this will change,” said a spokesperson. “Zoom’s end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity.
What makes things even more bizarre, is that with the company rolling out encryption to paid subscribers, all it means is at if you want to do something illegal over Zoom, get a subscription. Ye,s you need to provide more details than just an email address, but these things are easy to fudge anyway. So, essentially, law enforcement agencies will still not be able to get what they want, people won’t feel secure using the platform and Zoom will probably lose its user base in the long run if this goes on. End-to-end encryption shouldn’t be a feature, it should be a right of messaging platforms like this and it’s time that tech companies see that.
Last Updated: June 5, 2020