After mounting pressure from privacy activists and users, Zoom said today that it’ll provide end-to-end encryption protection to everyone — including free users.
Earlier this month, the company had said that it’ll provide this feature to only paid users to comply with law enforcement and catch abusers of the service. After its announcements, several privacy experts wrote to zoom about enabling this feature for all users.
Yesterday, Mozilla foundation, the Electronic Frontier Foundation (EFF), 19,000 other users sent an open letter to the company, urging it not to make “security and privacy a luxury.” In another letter, digital rights organizations such as Fight for the future and MPower Change conveyed similar concerns.
Zoom’s CEO, Eric Yuan, said that the company consulted with many encryption experts and government representatives for feedback on this feature:
Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users.
The company said that free users will have to verify themselves with a phone number in a one-time process. It claimed that this will stop bad actors from creating multiple abusive accounts.
Zoom is also releasing an updated design of its end-to-end encryption solution on GitHub that intends to achieve a balance between “the legitimate right of all users to privacy and the safety of users.”
Encryption has certain limitations: if it’s turned on, participants with traditional PSTN phone lines can’t join in. The firm said that this will be an optional feature, so the host will have to manually turn the encryption on or off.
Zoom plans to roll out an easy beta version of the end-to-end encryption feature in July.