Following through a promise it made a few months back, videoconferencing platform Zoom is all set to roll out end-to-end encryption (E2EE) to users. The feature will be available as a technical preview starting next week, the company announced on Wednesday. During this period, Zoom will be "proactively soliciting feedback from users for the first 30 days."
When the feature is available, Zoom users will be able to host up to 200 participants in an E2EE meeting. A green shield logo with a padlock in the upper left corner of the screen will indicate that the meeting is end-to-end encrypted. Users can also see and verify the host's security code to ensure that the connection is secure.
Hosts will be able to enable E2EE at the account, group, and user level, and can also lock the setting at the account or group level. Additionally, to join an E2EE-enabled meeting, customers must enable the setting at the account level and will require to opt-in on a per-meeting basis.
However, it'll be a phased rollout, and Phase 1 comes with some limitations. Firstly, all participants must join the meeting from the Zoom desktop client, mobile app, or Zoom Rooms. Users will also lose some features, including the ability to join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, and meeting reactions. E2EE will not be available for one-on-one private Zoom chats.
Zoom expects to begin Phase 2 of its E2EE rollout in 2021, but it doesn't detail an exact timeline. Better identity management and E2EE SSO integration are some of the features that'll arrive with Phase 2. There will be four phases in total.
Zoom users finally get end-to-end encryption
Zoom's unprecedented growth spurt following the outbreak of the COVID-19 pandemic has somewhat been plagued by security concerns. Over the past few months, the company has taken several measures to mitigate security risks. Now, with the addition of end-to-end encryption, it may earn some trust back.
The company had announced the E2EE plans in May, shortly after its acquisition of encryption startup Keybase. It initially wanted to offer E2EE to only paying customers. However, it quickly changed that decision after a backlash. The company now promises the same level of security to both paying and free users.
Zoom's E2EE uses the same GCM encryption you get currently in a Zoom meeting. However, the participants' machines now generate encryption keys. Earlier, Zoom's cloud would generate those security keys and distribute them to meeting participants.
While the keys are still distributed through Zoom's servers, they lack the decryption keys required to see the meeting contents. Only the participants of that particular meeting will be able to decrypt the contents.
"End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world," said Zoom CEO Eric S. Yuan. "This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises."