Last month, Zoom decided to put a 90-day feature freeze to fix various vulnerabilities identified by researchers around the world. The company followed it with changes to the way Zoom works and added new security features to make the calls more secure on the app.
Now, Zoom is planning to add stronger encryption to the app but it will be just for paying customers and institutions as confirmed by the company’s security consultant Alex Stamos.
Security experts have been warning about the misuse of end-to-end encryption by bad actors to avoid detection and conduct illegal activities. Jon Callas, technology fellow of the American Civil Liberties Union said that charging money for features like encryption “is a way to get rid of the riff-raff.” He added:
Those of us who are doing secure communication believe we need to do things about the real horrible stuff… At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety.
Stamos also noted that “full encryption for every meeting would leave Zoom’s trust and safety team unable to add itself as a participant in gatherings to tackle abuse in real-time.” The end-to-end encryption model will not include people who are joining in via telephone. Lastly, Stamos said the plan may change and it was not clear which nonprofits or other instituitions might qualify for accounts allowing more secure video meetings.
End-to-end encryption is usually expensive so it is in the company’s best interest charge money for the feature. WhatsApp currently supports end-to-end encryption but Facebook generates enormous sums of money from different services. Other apps like Signal work as non-profit organizations allowing the service to be free for the users.
Zoom has been running into trouble since late March when researchers found that the app was sending user data to Facebook. The increase in security risks forced companies like Google and SpaceX to ban the use of the app. Not only that, countries like India and Singapore also advised against the use of Zoom due to the increasing security risks. Since then, Zoom has taken several steps like hiring Alex Stamos, Former Facebook and Yahoo Chief Security Officer (SO) and acquiring Keybase to bolster its end-to-end encryption.