Zoom has announced that it is going to start rolling out end-to-end encryption (E2EE) by next week and will be starting off the whole process with a technical preview to “glean feedback” from users over the first 30 days. That will be followed by three more phases before it is fully launched.
The announcement was a part of Zoom’s annual Zoomtopia event, as VentureBeat reported, and the event also saw the launch of a new encrypted platform for classes and events alongside the new Zapps platform that brings third party apps directly into video calls.
End-to-end encryption has been a “long time coming” for Zoom. The video-conferencing platform launched two-factor authentication earlier in September this year and also got into a spot of controversy when it revealed plans of making E2EE available only for those who were on paid Zoom plans.
At that point in time, privacy advocates and civil rights groups had argued that “basic security functionality” should not be a premium feature. This forced Zoom to take a step back and realign its plans to offer the service to all its users.
The main idea behind Zoom limiting the offer to paid customers only was to “negate nefarious use of its service and deter bad actors from mass-creating abusive accounts”, as per reports.
On its new updated plan, Zoom has said that free users seeking E2EE will have to go through a one-time verification process that may require providing their mobile number. The purpose of this is to weed out potential bad actors who might not be ok sharing their contact details.
With the new E2EE, Zoom is building on its current GCM or Galois/Counter Mode encryption. However, instead of Zoom servers managing the encryption key process, the meeting host will generate the encryption keys and will use public key cryptography to share the keys with all the meeting participants.
Basically, that means that Zoom will have no knowledge or access to the keys that are to be used to decrypt video chat content, the keys are going to be generated and sorted locally on user’s machines.
Once Zoom’s E2EE rolls out, a little green shield logo on the top left of the screen will let users know if they call is E2EE protected or not. And all the participants on the call will be able to see the meeting host’s security code and cross-check it with the one they see on their screen.
To start using the new feature, hosts will have to activate E2EE from their account settings and then opt-in for each meeting they get on. All participants on a call will have to enable E2EE on their individual Zoom apps to join a call.
Over the first phase of Zoom rolling out E2EE, certain features and functions like breakout rooms, cloud recording, polling, live transcription, one-to-one chats and reactions will be disabled for E2EE calls.
Zoom is yet to furnish a concrete timeframe for the next three phases of the E2EE rollout but the company has mentioned that phase two is tentatively on the map for 2021 for which it needs to introduce “better identity management” and E2EE SSO (single sign on) integration, reports VentureBeat.