Zoom is now mulling to offer even more enhanced encryption to paying customers in the days to come but free users won't get it.
Zoom calls will not be fully end-to-end encrypted for free users, company founder and CEO Eric Yuan confirmed in a meeting with investors. “Free users, for sure we don’t want to give that (to them), because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose,” Yuan said, reiterating how Zoom will not have access to enough information to verify the identity of free users, in case there’s genuine need to share this with the law enforcement if necessary. Free users can sign up with just an email address and start using Zoom.
Zoom recently upgraded its encryption to standard AES 256-bit GCM, which is an improvement over the previous AES-256 ECB standard. This still isn’t the full-proof end-to-end encryption one would want from the service, but it’s a start. GCM encryption is now fully enabled for all meetings which means all users (free and paying) need to update their app and web client to Zoom 5.0 to join any Zoom meeting.
With the system-wide roll out of AES 256-bit GCM encryption for all users, Zoom is now mulling to offer even more enhanced encryption to paying customers in the days to come. “We think this feature should be a part of our (professional) offering,” Yuan said though chances are the company may allow for end-to-encryption in some “free” cases such as for educational institutions.
At the same time, even though Zoom is open to sharing Zoom call details with law enforcement, it said, “Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where participants can enter meetings without being visible to others. None of this will change. Zoom’s end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups.”