San Francisco: Zoom (ZM.O), a video conferencing provider, plans to strengthen the encryption of video calls hosted by paying customers and institutions such as schools, rather than being hosted by users of its free consumer accounts.
The company’s business has flourished due to the coronavirus pandemic. The company held a telephone discussion with civil liberties groups and child abusers on Thursday. Zoom security consultant Alex Stamos confirmed the move on Friday.
Stamos said in an interview that the plan may change, and it is unclear which non-profit organizations or other users (such as dissidents) are eligible for accounts that allow more secure video conferencing.
He added that the plan combines technical, security and commercial factors and has caused different responses from privacy advocates.
In the pandemic, Zoom attracted millions of free paying customers, partly because users can attend meetings-now 300 million times a day without registration.
But this provides an opportunity for troublemakers to participate in meetings and sometimes even pretend to be invited.
Gennie Gebhart, a researcher at the Electronic Frontier Foundation, said on Thursday’s conference call that she hopes Zoom will change direction and provide more protected videos.
But Jon Callas, a technical researcher at the American Civil Liberties Union, said the strategy seemed to be a reasonable compromise.
Security experts and law enforcement warned that sex predators and other criminals are increasingly using encrypted communications to avoid detection.
Callas said: “People of us who communicate securely believe that we need to deal with really terrible things.”
“Charging for end-to-end encryption is a way to get rid of improvisation.”
After a series of security failures caused some organizations to ban the use of Zoom, Zoom hired Stamos and other experts. Last week, Zoom released a technical paper about its encryption plan, but did not specify the scope they will reach.
Facebook ’s former chief security officer Stamos said: “While Zoom is trying to improve security, they are also greatly increasing their trust and security.”
“The CEO is studying different arguments. The current plan is for paying customers and corporate accounts where the company knows who they are.”
Stamos added that fully encrypting every meeting will prevent Zoom’s trust and security team from adding itself as a participant in a party that handles abuse in real time.
The end-to-end model means that no one but the participants and their devices can see and hear what is happening, which will also have to exclude people who make calls through the phone line.
From a business perspective, it is difficult to make money by providing complex and expensive encryption services for free. Facebook plans to fully encrypt Messenger, but it has generated considerable revenue from other services.
Other encryption communication providers charge enterprise users or act as non-profit organizations, such as the manufacturer of Signal.
Stamos and another person familiar with the matter said that Zoom also deals with regulators such as the US Federal Trade Commission, which is investigating its previous claims about encryption, which were criticized as exaggerated or false.
Privacy experts say that because the Justice Department and some members of Congress condemned powerful encryption technology, Zoom may cause unnecessary new attention through a major expansion in the field.