Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Overreaction Over Video Conferencing End-to-end Encryption

April 23, 2020

It's no secret that Zoom is in the crosshairs for its usage of the term end-to-end encryption (E2EE). While there is a situation when the Zoom traffic is encrypted end-to-end, more often than not it is not. The criticism is loud and long that Zoom lied and we should be using other video conferencing applications. Not so fast. The reality is that most video conferencing systems that deal with more than a handful of participants DO NOT have end-to-end encryption. CSO has an excellent post that describes video chat applications and how they deal with encryption. There is a huge tradeoff between security and usability when employing encryption. The good news is that Zoom is in the process of improving its encryption mechanism to AES 256-bit GCM encryption with version 5.0 of the desktop client instead of the crappy 128-bit ECB that is currently utilized. The conversion should be completed by the end of May. It's not end-to-end, but a big improvement.

So all you folks that say you should use something other than Zoom, get off your soapbox. Use Signal if you want end-to-end encryption today, but don't count on conferencing with more than one person. Security over convenience is still a struggle. E2EE is hard and will significantly impact the user experience.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com