Zoom U-turns on end-to-end encryption policy

The platform will now offer free users strong protection following pressure by the EFF and Mozilla

UPDATE: Zoom will now offer end-to-end encryption to all its users, and not just paying customers, after bowing to pressure from privacy activists.

The Electronic Frontier Foundation (EFF) has claimed victory in a short-lived campaign to commit the video conferencing service to offer encryption to all its users. The U-turn follows an open letter jointly-written and published by EFF and Mozilla on Wednesday.

"Zoom’s decision to offer end-to-end encryption more widely is especially important because the people who cannot afford enterprise subscriptions are often the ones who need strong security and privacy protections the most," the EFF's associate director of research, Gennie Geghart, said.

"For example, many activists rely on Zoom as an organizing tool, including the Black-led movement against police violence."

To use Zoom's end-to-end encryption, users will have to provide additional information, like a phone number, to authenticate.

Zoom had initially planned to roll out end-to-end encryption to paying users only because, to some extent, the company wanted to co-operate with law enforcement. The early beta for end-to-end will arrive in July.

17/06/20: Privacy advocates urge Zoom to encrypt free video calls

Mozilla and the Electronic Freedom Foundation (EFF) have published an open letter to Zoom that urges it to make end-to-end encryption available for all users.

The letter, addressed to Zoom CEO Eric Yuan, criticises the company’s decision to offer end-to-end encryption only to paying users.

It has been signed by 19,000 internet users and backed by tech organisations and advocacy groups including Fight for the Future and MPower Change.

Earlier this month, the video conferencing platform announced plans to roll out stronger encryption for businesses and institutions that pay for its service.

Zoom’s security consultant Alex Stamos suggested that stronger security measures may also be rolled out for non-profit organisations or users in need of an extra layer of protection, such as political dissidents, but added that “the current plan is paid customers plus enterprise accounts where the company knows who they are”. 

The decision has garnered criticism from many tech companies and organisations, including Mozilla and the EFF. In the open letter to Yuan, they argued that “best-in-class security should not be something that only the wealthy or businesses can afford”.

“Around the world, end-to-end encryption is already an important tool for journalists and activists that are living under repressive regimes and fighting censorship,” wrote Mozilla’s Advocacy and Engagement VP Ashley Boyd and EFF’s associate director of Research Gennie Gebhart.

Boyd and Gebhert also criticised Zoom’s recent decision to suspend three user accounts at the request of the Chinese government for hosting meetings to commemorate the 21st anniversary of the Tiananmen Square massacre.

“Tools like Zoom can be critical to help protesters organize and communicate their message widely,” they wrote. “Activists should be able to plan and conduct protest-related activities without fear that these meetings, and the information they include, may be subject to interception.

"Unfortunately, recent actions from law enforcement – and a long history of discriminatory policing – have legitimized such fears, making end-to-end encryption all the more critical.”

Related Resource

Cybersecurity crisis-planning checklist

Tips for planning and ensuring business continuity

Download now

The letter acknowledged Stamos’s argument that full encryption for every meeting would leave Zoom’s trust and safety team unable to tackle child sexual abuse material (CSAM), but added that “restricting end-to-end encryption to paid accounts is not the right solution”.

Organisations such as Fight for the Future, MPower Change, Daily Kos, Kairos, Media Alliance and Jewish Voice for Peace have also launched a petition targeted at the video conferencing platform, arguing that “people who can’t afford Zoom’s services are left vulnerable to cyber-criminals, stalkers, and hackers”. It has been co-signed by 42,000 internet users.

Lau Barrios, campaign manager at MPower Change, said that “end-to-end encryption has always been a racial justice issue”.

“It most directly protects Black, brown, Muslim and poor communities from the disproportionate risk of surveillance, policing, and criminalization," she said. 

"Zoom has already misled the public once on whether or not they use end-to-end encryption. Openly defending their refusal to provide it to those not wealthy enough to pay to protect themselves and their communities is unconscionable. And it’s a direct refusal to protect activists and organizers from surveillance in this moment."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
UK and Singapore align closer on digital trade
Policy & legislation

UK and Singapore align closer on digital trade

1 Dec 2021