Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Zoom Buckles Under Pressure – E2EE for Everyone

June 18, 2020

Zoom, the 800-pound gorilla of video conferencing, will be providing end-to-end encryption (E2EE) for all accounts after all. The Register posted detailed information regarding Zoom's rollout of E2EE. Originally, Zoom was only going to provide end-to-end encryption for paying subscribers and not those with free accounts. Public pressure apparently caused Zoom to change its mind and make E2EE available for all users. However, those with free accounts will be forced to provide additional information in order to validate their identity.

Zoom CEO Eric Yuan said, "Today, Zoom released an updated E2EE design on GitHub. We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform." Similar to services such as Signal and WhatsApp, users will have to verify they have control of a valid phone number by entering a single-use code sent via a text message.

Users will continue to use AES 256 GCM transport level encryption as the default encryption method, which is just like its competitors. Account holders and admins can toggle end-to-end encryption once available. E2EE will provide a level of encryption that prevents Zoom and/or law enforcement from intercepting and decoding the communication. E2EE encryption puts control of the encryption keys in the hands of the end-user. Rollout of E2EE beta will be sometime in July.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com