show image

Zoom to make encryption free to all in privacy U-turn

Zoom has given into demands to roll out its end-to-end encryption offering to all users following a major backlash from privacy activists.

The video conferencing company, which has seen its popularity skyrocket as hundreds of millions of people transitioned to remote working, had planned to charge for access to the encrypted service.

But on Wednesday evening, as pressure from digital rights groups mounted, the US firm yielded to calls for encryption to be made freely available to all users, amid concerns that the privacy of those who could not afford a premium subscription would be imperilled.

The U-turn comes after Zoom chief executive Eric Yuan had said the company wanted to be able to “work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose”.

Zoom faced criticism earlier this year after claiming that its service was end-to-end encrypted, meaning that even its engineers could not decrypt the messages, and then admitting that it was not.

It has also come under fire for routing encryption keys through servers in China, prompting fears that communications on the platform could be subject to Chinese espionage and leading Taiwan to ban the software.

An open letter published earlier this week and signed by privacy activists and tens of thousands of internet users accused of Zoom of “making privacy a luxury”.

“Zoom’s controversial decision comes at an especially precarious moment, when millions of people are relying on the app to stay securely connected during the pandemic,” the letter stated. “And, when protesters are organising marches and other events in support of the movement for Black lives.”

Corporate and government usage

Under the new policy, which will come into effect in July, a conversation will only be end-to-end encrypted if a user asks for it to be. This is the same policy applied to Facebook Messenger at present. The level of uptake of the encryption offering is likely to depend on company policies; if encryption is mandatory for sensitive business meetings, then it is likely to be widely adopted.

Administrators with business accounts will be able to set encryption as the standard offering for all meetings across their organisation, although it won’t work for meetings in which participants dial in by phone.

Zoom will hope that the move will encourage wider adoption across government. The government had set up framework for the procurement of Zoom licences just weeks before security officials warned that the platform should not be used for confidential business, especially if it concerned China.

The framework, which is open to a number of central government departments, is estimated to be worth up to £2m.

Government struck Zoom deal just weeks before NCSC warned of security risks