If you’ve kept up with the news, you’ll know that video conferencing platform Zoom has faced public backlash in recent times over its handling of privacy and security affairs. To their credit, the company appears to be responding well to the criticism, with founder Eric Yuan even apologising on an interview with CNN earlier.
Now, Zoom has announced that it has acquired Keybase, a startup with noted expertise in security and “deep encryption”. The aim of the acquisition is to develop end-to-end encryption for the Zoom client, which will address one of the key complaints about Zoom.
What is end-to-end encryption?
End-to-end encryption is kind of the gold standard of privacy for messaging apps. Basically, communication is encrypted so that only the recipient and the sender can view the contents of a message. Even the operator of the platform—in this case, Zoom—won’t be able to decrypt the data.
In the past, Zoom has come under fire for claiming that its meeting rooms are protected with end-to-end encryption (the statement has since been deleted from the security page). Currently, Zoom clients support AES-GCM encryption, with encryption keys generated by Zoom’s servers. This basically means that Zoom still keeps “some encryption keys” on their servers.
However, the acquisition of Keybase is part of a concerted move towards end-to-end encryption. However, this encryption standard will only be available to paid accounts, which is rather disappointing; WhatsApp, in comparison, offers end-to-end encryption for all of its users.
According to founder Eric Yuan:
“We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises.”
At the moment, Zoom says that a “detailed draft cryptographic design” of the encryption solution will be published on the 22nd of May. Following that, feedback and discussions on the service will be taken before the release of a final product.
Additionally, Yuan says that the team at Zoom will continue to work to address past concerns, promising the following:
We will continue to work with users to enhance the reporting mechanisms available to meeting hosts to report unwanted and disruptive attendees.
Zoom does not and will not proactively monitor meeting contents, but our trust and safety team will continue to use automated tools to look for evidence of abusive users based upon other available data.
Zoom has not and will not build a mechanism to decrypt live meetings for lawful intercept purposes.
We also do not have a means to insert our employees or others into meetings without being reflected in the participant list. We will not build any cryptographic backdoors to allow for the secret monitoring of meetings.
To find out more, click here.