End-to-end Encryption Meetings Only Available to Paid Accounts
Zoom, faced with security challenges, is implementing its own 90-day plan aimed at
“further strengthening the security of the video communication platform.”
The company calls its acquisition of Keybase startup part of it.
Note that this is the first purchase in the nine-year history of Zoom. Its amount was not disclosed.
According to Zoom, since the launch of the service in 2014, it has been using its own means of secure messaging and file exchange.
Keybase’s integration into the Zoom team should
“help build end-to-end encryption,”
which can scale to current Zoom coverage.
Content transmitted by Zoom clients is now encrypted on the sending device and not decrypted until it reaches the recipient devices.
Zoom 5.0 supports AES-GCM encryption with 256-bit keys. However, encryption keys are generated by Zoom servers and stored in the cloud. Hosts for whom confidentiality is a priority, the company intends to offer a new solution.
This will be end-to-end encrypted mode, available only to paid accounts. In it, cryptographic secrets will be controlled by the host, and the host client software will decide which devices are allowed to join the communication.
End-to-end encryption meetings will not support telephone bridges, cloud recording, and third-party conferencing systems.
Zoom Rooms and Zoom Phone members can attend, only having the explicit permission of the organizer.
Companies believe this will provide equal or better security than consumer end-to-end encryption messaging platforms,
but with the video quality that made Zoom so popular.
The company emphasizes that it seeks to maintain transparency when creating the described mechanism. She plans to publish a detailed draft of cryptographic design on Friday, May 22.
After discussion with the community and experts, more detailed information will be published and feedback will be collected.
Once this feedback has been evaluated for integration into the final design, the company will publish a plan for introducing innovations.
