Looks Like Zoom Will Soon Have End-to-End Encryption: Cybersecurity Trends

It’s cybersecurity day!  Though this is a much more positive topic than this morning’s post – at least for paid users of Zoom.

As reported by Gizmodo (Zoom’s Adding End-to-End Encryption for Real This Time, But It’ll Cost You, written by Alyse Stanley), Zoom, the video conferencing platform du jour while nearly everyone’s stuck inside under shelter-in-place orders, has been gradually beefing up its security as part of a 90-day plan after a wave of disturbing troll attacks drew international ire. Last Thursday the company announced its latest step: implementing the kind of encryption protocols that many investors and users believed it already supported.

With the acquisition of Keybase, a New York-based startup specializing in encrypted messaging and cloud services, Zoom will finally be able to make good on its claims of offering end-to-end encryption.

“We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability,” CEO Eric Yuan said in a Zoom blog post on Thursday.

As reported by the Intercept in March, security experts found that the platform’s home-baked encryption system fell short of what it was marketed as, and instead qualified as transport-layer encryption since it still allowed Zoom’s servers to see certain content from the client end. With true end-to-end encryption, à la apps like WhatsApp and Signal, only the people communicating with one another can see this content, and it remains inaccessible to whatever company’s behind the intermediary server they’re using. Zoom’s shareholders have since sued the company over allegations of fraud regarding this discrepancy.

This news does come with stipulations, however. Once in place, end-to-end encryption will only be available for users with paid Zoom plans (which start at $14.99 per month), meaning anyone using Zoom’s free service won’t have access. If a meeting’s host has enabled this feature, participants will be barred from joining by phone and cloud-based recording will be disabled. In Thursday’s blog post, Yuan emphasized that the feature will not store the encryption key on Zoom’s servers, so the company will not be able to see any part of the call.

It will be interesting to see how that is received and also interesting to see how the Zoom litigation progresses.  Anyone need an eDiscovery consultant?  😉

Hat tip to Sharon Nelson’s excellent Ride the Lightning blog for the tip on the story.  Speaking of Sharon, I will be a guest of hers (and her husband, John Simek) on their excellent podcast, Digital Detectives!  Sharon and John will interview me next week and the podcast interview will be published soon after that.  I’ll keep you posted.

More shameless plugs! Just a reminder that I’ll be participating in an ACEDS webinar on Thursday at 1pm ET – Forms of Production: Maximizing Benefit and Managing Costs, with Tom O’Connor and Mike Quartararo.  You can still register for it here.  Please join us!

So, what do you think?  Is this a good thing or bad thing for Zoom users?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply