If you want your Zoom video calls to be as secure as possible, you may need to pay up. Zoom security consultant Alex Stamos told Reuters in an interview that the company plans to offer stronger videoconference encryption to paying customers, enterprises and institutions like schools, but not to free accounts. He cautioned that the plan could change, and that it wasn’t clear if non-profits, dissidents and other might get exceptions, but that was the current goal. A number of “technological, safety and business factors” went into the decision, according to Reuters.
While Stamos wasn’t too specific about the plan, he noted that full encryption would make it impossible for Zoom staff to address abuse in real-time and might rule out people calling in on phone lines.
Zoom has been improving security ever since the COVID-19 pandemic drew attention to shortcomings in its software. Critics like the Electronic Frontier Foundation’s Gennie Gebhart are already attacking the decision as potentially harmful, though. This theoretically leaves free Zoom users vulnerable to security exploits that wouldn’t be possible for paying customers. Your privacy could effectively be worth less as a free user.
ACLU fellow Jon Callas argued to Reuters that weaker encryption on free accounts was a good compromise, as it would eliminate “riff-raff” who could use full encryption to discuss crimes without eavesdropping. However, that appears to contradict the ACLU’s usual opposition to weakened encryption. It typically argues that encryption should be strong for everyone, and that governments ask for weakened encryption merely to access data quickly, not to access data in the first place. Whether or not Zoom’s approach is problematic will depend on what it ultimately implements, but relatively mild encryption could risk alienating free users who still want to keep their calls safe from prying eyes.
Update 5/30 3:55PM ET: A Zoom spokesperson told Engadget the company’s strategy for end-to-end encryption is still a “work in progress,” and was referring to the company’s crypto design draft. The representative was also eager to point out that Zoom updated to AES 256-bit GCM encryption for everyone as of today.