Last month, video-conferencing app Zoom announced that its acquisition of Keybase would allow it to offer end-to-end encryption. That means that those on the sending and receiving end of a Zoom video session would be able to escape scrutiny by law enforcement and hackers. But at the time, Zoom said that only those paying $14.99 a month for its premium tier of service would be in line for what is called E2EE (end-to-end encryption).
Zoom said that it was unable to offer E2EE to its free users in case the app was used to help run an illegal business and the FBI or other law enforcement needed to cut into a Zoom conference to gather information. At the time a companyspokesman said, "Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity."
But a blog post today revealed a change in Zoom's thinking. The company wrote that "Today, Zoom released an updated E2EE design on GitHub. We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform."
To make this work, free/basic Zoom users will have to follow a one-time process that includes verification of a phone number via a text. Zoom said, "Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse."