Zoom recently announced it would not offer end-to-end encryption (E2EE) for free to users, and it was quickly hit with criticism from all angles.
Now, Zoom is changing its mind, by announcing everyone using the video conferencing software will receive E2EE protection. The feature won’t be limited to Zoom enterprise users. It’s coming to both free and paid users. It will appear as a switch any call, so administrators can enable or disable at the account or group level. Zoom indicated free users need to be verified to enable encryption.
Keep in mind, in June, the company suggested that it was concerned free users would use encrypted calls for illegal activity.
“Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse," said Zoom at the time. “We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity.”
Zoom now appears to be backpedaling and simultaneously introducing a workaround, by offering free users encrypted calls if they do a one-time verification. They must provide additional information, such as verifying a phone number via a text. “Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts," Zoom explained.
Zoom described its verification process for E2EE as "risk-based authentication" that will "fight abuse". Zoom also said it's offering AES 256 GCM transport encryption by default, which it said is “one of the strongest encryption standards".
Zoom plans to offer its end-to-end encryption feature initially through a beta test that will start to go live in July.