Zoom plans to offer stronger encryption to paying customers (updated)

Jon Fingas
Associate Editor
In this picture taken on March 30, 2020, YogaUP founder Chaukei Ngai (top C) is seen leading a group of students as they appear on her laptop screen via the Zoom online video conferencing platform, during a live streamed yoga class at her studio in Discovery Bay, on the outlying Lantau Island in Hong Kong. - More than 3.4 billion people have been called on or forced by authorities to stay at home, around 44 percent of the world population, according to a count based on an AFP database. Many are wondering how they can stay healthy during the weeks -- and possibly months -- of self-isolation that lie ahead. Hong Kongers, who live in some of the world's smallest apartments, say it can be done. (Photo by Anthony WALLACE / AFP) / TO GO WITH HongKong-health-virus-fitness,FOCUS by Jerome TAYLOR (Photo by ANTHONY WALLACE/AFP via Getty Images)

If you want your Zoom video calls to be as secure as possible, you may need to pay up. Zoom security consultant Alex Stamos told Reuters in an interview that the company plans to offer stronger videoconference encryption to paying customers, enterprises and institutions like schools, but not to free accounts. He cautioned that the plan could change, and that it wasn’t clear if non-profits, dissidents and other might get exceptions, but that was the current goal. A number of “technological, safety and business factors” went into the decision, according to Reuters.

While Stamos wasn’t too specific about the plan, he noted that full encryption would make it impossible for Zoom staff to address abuse in real-time and might rule out people calling in on phone lines.

Zoom has been improving security ever since the COVID-19 pandemic drew attention to shortcomings in its software. Critics like the Electronic Frontier Foundation’s Gennie Gebhart are already attacking the decision as potentially harmful, though. This theoretically leaves free Zoom users vulnerable to security exploits that wouldn’t be possible for paying customers. Your privacy could effectively be worth less as a free user.

ACLU fellow Jon Callas argued to Reuters that weaker encryption on free accounts was a good compromise, as it would eliminate “riff-raff” who could use full encryption to discuss crimes without eavesdropping. However, that appears to contradict the ACLU’s usual opposition to weakened encryption. It typically argues that encryption should be strong for everyone, and that governments ask for weakened encryption merely to access data quickly, not to access data in the first place. Whether or not Zoom’s approach is problematic will depend on what it ultimately implements, but relatively mild encryption could risk alienating free users who still want to keep their calls safe from prying eyes.

Update 5/30 3:55PM ET: A Zoom spokesperson told Engadget the company’s strategy for end-to-end encryption is still a “work in progress,” and was referring to the company’s crypto design draft. The representative was also eager to point out that Zoom updated to AES 256-bit GCM encryption for everyone as of today.