Zoom has confirmed that it will begin rolling out end-to-end encryption (E2EE) next week, starting with a 30-day technical preview to glean feedback from users, which will be followed by an additional three phases ahead of its full launch.
This has been a long time coming, with the video communications giant creating controversy earlier this year after it revealed plans to make E2EE available only to those on a paid plan. Privacy advocates and civil rights groups argued that basic security functionality shouldn’t be a premium feature, forcing Zoom to backtrack and promise the functionality to all users. At the heart of Zoom’s original plan was to negate abuse of its service and deter bad actors from mass-creating “abusive accounts” — as part of its new plan, Zoom said that free users seeking E2EE will instead have to go through a one-time verification process, which may involve having to provide their mobile phone number.
With E2EE, Zoom builds on its existing GCM encryption, except rather than distributing encryption keys through Zoom apps as the participants join, the meeting host generates the encryption keys and uses public key cryptography to distribute the keys to each participant. In other words, Zoom has no knowledge or access to the keys needed to decrypt video chat content — the decryption keys are generated and stored locally on users’ machines.
To start using E2EE next week, hosts must activate E2EE in their account settings, and then opt-in to it for each meeting that they are on — all participants much enable E2EE in their own Zoom app to join a call. During phase 1, certain functionality and features will be disabled for E2EE calls, such as breakout rooms, cloud recording, polling, live transcription, one-to-one chats, and reactions.