Zoom is working on end-to-end encryption as it hopes to become the first major videoconferencing platform to offer the feature and help keep organizations secure.
However, that will start and stop with paid users, CEO Eric Yuan said in an earnings call with investors earlier this month.
According to Yuan, the company doesn’t want to offer end-to-end encryption to free users because the company sometimes has to work with law enforcement in the event that the platform is used for bad purposes.
The company encrypts call calls with AES 256 GCM encryption, which Yuan called the industry standard.
In a statement to ZDNet, a spokesperson said it will offer end-to-end encryption for users for whom the company can identify. Since free users only need an email address to sign up, that group doesn’t meet the company’s criteria for the enhanced encryption.
That means if your company is using a free version of Zoom, your calls won’t be protected with end-to-end encryption when that finally rolls out.
In an interview with Reuters, Zoom security consultant Alex Stamos said the plan is subject to change, and it is not clear if nonprofits, political dissidents or other users would qualify for the feature.
According to Reuters, Stamos said full encryption for every meeting would leave Zoom’s security team unable to fight abuse on the platform in real time.
End-to-end encryption will also mean that participants would not be able to call in from a phone line.
After several weeks of headlines about the company’s security issues, Zoom froze all non-security features and embarked on a 90-day plan to address those issues.
Included on the company’s path to greater security and transparency was acquiring Keybase, a secure messaging service company that is supposed to help Zoom reach that encryption milestone.
Since early May, Keybase and Zoom teams have been integrating to help bring that offering to the platform.