Zoom prepares to roll out end-to-end encryption in 4 phases

Zoom has confirmed that it will begin rolling out end-to-end encryption (E2EE) next week, starting with a technical preview to glean feedback from users for the first 30 days, which will be followed by an additional three phases ahead of its full launch.

This has been a long time coming, with the video communications giant creating controversy earlier this year after it revealed plans to make E2EE available only to those on a paid plan. Privacy advocates and civil rights groups argued that basic security functionality shouldn’t be a premium feature, forcing Zoom to backtrack and promise the functionality to all users. At the heart of Zoom’s original plan was to negate abuse of its service and deter bad actors from mass-creating “abusive accounts” — as part of its new plan, Zoom said that free users seeking E2EE will instead have to go through a one-time verification process, which may involve having to provide their mobile phone number.

With E2EE, Zoom builds on its existing GCM encryption, except rather than Zoom’s servers managing the encryption key process, the meeting host generates the encryption keys and uses public key cryptography to distribute the keys to each participant. In other words, Zoom has no knowledge or access to the keys needed to decrypt video chat content — the decryption keys are generated and stored locally on users’ machines.

A little green shield log in the top-left tells users that the call is protected by E2EE, and all participants will be able to see the meeting host’s security code and check it against the code on their screen.

Above: Zoom: End-to-end-encryption is rolling out soon

To start using E2EE next week, hosts must activate E2EE in their account settings, and then opt-in to it for each meeting that they are on — all participants much enable E2EE in their own Zoom app to join a call. During phase 1, certain functionality and features will be disabled for E2EE calls, such as breakout rooms, cloud recording, polling, live transcription, one-to-one chats, and reactions.

The company hasn’t given a concrete timeframe for the next three E2EE phases, but it did say that phase 2 is “tentatively roadmapped for 2021” for which it plans to introduce “better identity management” and E2EE SSO (single sign-on) integration.

Zoom announced E2EE at its annual Zoomtopia event today, where it also launched its new integrated platform for classes and events, as well as its new Zapps platform to bring third-party apps directly into video calls.

Source: Read Full Article