Video conferencing platform Zoom has confirmed that its free users won’t get end-to-end encryption -- which is strongly recommended by privacy advocates -- because law enforcement may need to access these calls in the event that the platform is “misused.”
“We think this feature should be a part of our offering” for professional customers, said Zoom CEO Eric Yuan in a meeting with investors Tuesday. “Free users — for sure we don’t want to give [them] that, because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose.”
The policy has drawn criticism from security experts, who have taken issue with Zoom’s requirement of a payment in exchange for end-to-end encryption.
“This is a bizarre policy to say the least. Zoom. Perhaps it should have said ‘Y’all free users are just potential criminals. Y’all don’t deserve e2e protection,’” tweeted user PrivacyMatters.
Zoom has dealt with a number of security issues in recent months, some of which transpired due to the unexpected surge in the number of Zoom users. One such issue was a phenomenon known as “Zoombombing," where hackers infiltrate and disrupt private chats.
Zoom has also been accused of sending data from users of its iOS app to Facebook and making false claims that video calls were encrypted. Additionally, half a million Zoom accounts have surfaced on the darknet.
In an effort to address security shortcomings, Zoom acquired Keybase, an end-to-end encryption start-up. But based on the latest information, a majority of Zoom calls will remain unencrypted.
A company spokesperson said that Zoom “does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse.” Additionally, Zoom says it doesn’t, and will never, have “backdoors where participants can enter meetings without being visible to others.”
“Zoom’s end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity.”