Zoom initially said that it would not offer end-to-end encryption (E2EE) to free users, though it did announce it would incorporate AES 256 GCM transport encryption for all users. Since then, Zoom has started building out its E2EE solution and now says that it has “identified a path forward” that will accomplish that goal. Zoom’s E2EE should be released in an early beta in July.
The company claims that it has taken feedback from civil liberties organizations, security experts and the government to form its new course of action. Zoom will require free users to undergo a one-time verification process to enable encryption. “All Zoom users will continue to use AES 256 GCM transport encryption as the default,” says the company, because E2EE does cause issues with some hardware, such as PSTN or SIP conference phones. As such, users will be able to turn E2EE off as needed.