Zoom will offer full encryption to free users after all

Angela Lang/CNET

It turns out Zoom will go ahead and offer end-to-end encryption to all users, despite previously saying the feature would be a premium one, for paying customers only. That’s according to a Wednesday blog post from CEO Eric Yuan.

The videoconferencing service saw a massive surge in users at the onset of the coronaviruspandemic, as more people began working and socializing from home. But the increased focus revealed several Zoom security problems, and the fact that an earlier Zoom claim of end-to-end encryption was baseless.

Zoom’s original decision not to add end-to-end encryption (which secures connections from device to device on a call) to free users’ calls was meant to keep the door open for law enforcement cooperation, Yuan told analysts on a conference call earlier this month. But its new end-to-end encryption design, released Wednesday on GitHub, will be available to everyone.

“We are pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform,” Yuan said in the post. “This will enable us to offer E2EE [end-to-end encryption] as an advanced add-on feature for all of our users around the globe — free and paid — while maintaining the ability to prevent and fight abuse on our platform.”

To cut down on the mass creation of abusive accounts, users with free/basic accounts who want access to Zoom’s end-to-end encryption will have to provide information to verify their account, such as verifying a phone number via a text message.

Zoom plans to release an early beta of the end-to-end encryption feature in July. In the meantime, all users will continue to use AES 256 GCM transport encryption by default — one of the strongest encryption standards available today, according to the company.

Once available, end-to-end encryption will be an optional feature, as it limits some meeting functionality, like the ability to include traditional PSTN phone lines or SIP/H.323 hardware conference room systems, Yuan said in the post. Meeting hosts can toggle end-to-end encryption on or off on a per-meeting basis, and account administrators can enable and disable it at the account and group level.