Zoom won’t encrypt calls made by users on the free plan so that it can work with the FBI and local enforcement agencies to trace down repeat offenders and spammers, CEO Eric Yaun told investors on the company’s Q1 2021 earnings call. The end-to-end encryption feature, which is at the moment in beta stages, will be soon available exclusively to enterprise and paid clients.
“Free users, for sure, we don’t want to give that [end-to-end encryption]. Because we also want to work it together with FBI and local law enforcement, in case some people use Zoom for bad purposes,” added Mr. Yuan.
The surge in demand for telecommunications services due to the pandemic had caught Zoom by surprise. As the company’s figures and daily users soar, it has scrambled to patch its many privacy flaws that have been actively abused by intruders to hack into calls and spawned issues such as Zoombombing.
Most of these intruders, as one might guess, are on Zoom’s free tier and the company hopes to make it easier for law enforcement agencies to crack down on them when a host reports abuse on a call.
Data of Zoom calls is only encrypted in transit and not at the end destinations. This means that it can be potentially accessed and viewed by Zoom’s employees.
Alex Stamos, an independent security and privacy consultant to Zoom, claimed that Zoom itself won’t misuse the absence of end-to-end encryption to “proactively monitor content in meetings and will not in the future. “Zoom doesn’t record meetings silently. Neither of these will change,” he wrote in a tweet.
Stamos added that while this won’t eliminate all abuse, it will “create fiction and reduce harm” since “the vast majority of harm comes from self-service users with fake identities.”
To build its end-to-end encryption, which will remain optional for enterprise customers, Zoom acquired Keybase, a software startup that develops several encryption-focused services. Zoom, however, has yet to share a release date for its end-to-end encryption feature. In March, after a report published by The Intercept, the company issued an apology and backtracked on a false claim on its website which said calls were end-to-end encrypted.