End-to-end encryption is finally coming to Zoom. Both free and paid users can start enabling the privacy feature next week.
On Wednesday, Zoom announced the rollout for the "E2EE" setting, which can work on video meetings that host up 200 participants. The end-to-end encryption will first arrive as a technical preview, meaning users can supply feedback on the feature over the next 30 days. “To use it, customers must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis,” the company said.
Zoom meetings are already encrypted by default. This means if an internet service provider or government scoops up the video traffic from your Zoom session, the data will be scrambled.
However, the default encryption relies on Zoom generating and storing the encryption keys on its servers. As a result, Zoom still theoretically has the power to decrypt your video sessions. The issue grabbed headlines back in April when the company was found using its servers in China to generate encryption keys for users in North America.
So to provide the best protection, Zoom has been working on generating and storing the encryption keys on users’ own laptops and smartphones. The result is an end-to-end encryption setup similar to what Apple’s iMessage and Facebook’s WhatsApp currently offer, which can ensure only meeting participants have access to the encryption keys.
“Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key,” the company said in a FAQ about the new feature.
The new setting will appeal to privacy advocates and people who often discuss highly confidential matters over Zoom. However, there are some caveats with using the end-to-end encryption. For instance, a user will only be able to join an end-to-end encrypted meeting on Zoom if they have the feature turned on.
Another limitation is how the meetings must be joined via the Zoom desktop client, the mobile app, or via Zoom's dedicated conference room technology. So the web-based client won't do.
The E2EE mode also isn’t compatible with functions on Zoom that rely on recording users' data. “Enabling this version of Zoom’s E2EE in your meetings disables certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions,” the company said.
Free users will also need to provide a cell phone number to use the function. To verify that your meeting is E2EE protected, Zoom’s software will display a green shield logo in the upper-left corner. “It looks similar to our GCM (default) encryption symbol, but the checkmark is replaced with a lock,” the company says.
“Participants will also see the meeting leader’s security code that they can use to verify the secure connection. The host can read this code out loud, and all participants can check that their clients display the same code,” Zoom added.
The coming rollout marks the first of four phases for Zoom’s end-to-end encryption offering. The second phase, set to arrive next year, will involve “a native, multi-device key management strategy and end-to-end encryption single sign-on (SSO) integration,” a company spokesperson said.