What you need to know
- Zoom won't offer end-to-end encryption for free accounts.
- The company's CEO said that it wants to work together with law enforcement.
- The reported remarks have caused a backlash on social media.
- Zoom's security consultant claims the CEO's statement wasn't clear.
Zoom's CEO recently confirmed that the company will not provide end-to-end encryption for free accounts (via Engadget). Eric Yuan, CEO of Zoom, states that the company wants to work with FBI and local law enforcement. The reported comments from the CEO have caused a backlash on social media, including people accusing Zoom of "kowtowing to the police."
Zoom's security consultant, Alex Stamos, states on Twitter that he believes Yuan's comments weren't clear. He also has a lengthy thread on Twitter that goes into detail regarding Zoom's stance on encryption. In that thread, Stamos explains that Zoom doesn't record meetings silently or proactively monitor content in meetings. Toward the end of the thread, Stamos states that "The current decision by Zoom's management is to offer E2EE to the business and enterprise tiers and not to the limited, self-service free tier."
Stamos states that it's a "difficult balancing act" when it comes to limiting abuse on a service such as Zoom and improve privacy guarantees. Some people use free accounts and throwaway email addresses to perform abuse and illegal activity on Zoom. Having weaker encryption can make it easier for Zoom to work with law enforcement to find and punish repeat offenders.
While preventing abuse is important, the backlash on social media indicates that many don't feel the stance is justified.