Zoom to roll out end-to-end encryption to users of free service

The company had earlier offered heightened security only to paying customers

FILE - This April 18, 2019, file photo shows a sign for Zoom Video Communications ahead Nasdaq IPO in New York. 
Video app company Zoom said Thursday, June 11 2020, it regretted that some meetings involving U.S.-based Chinese dissidents were disrupted, as meanwhile a prominent Hong Kong activist said his account was blocked despite the city’s guarantees of free speech. (AP Photo/Mark Lennihan, File)

Zoom Video Communications has backtracked on an earlier decision to only offer end-to-end encryption (E2EE) to paying customers and said it would roll out the security feature to all users.

The company, which has attracted scrutiny from regulators and privacy advocates, released an updated E2EE design on GitHub – a Microsoft subsidiary that offers hosting of software development controls – on Wednesday and is planning to release the beta version to all users next month.

“We are pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy,” said Eric Yuan, founder and chief executive of the firm.

“This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe, free and paid, while maintaining the ability to prevent and fight abuse on our platform.”

The E2EE feature includes the addition of an extra security layer that makes it difficult for any third-party organisation to access users' data.

Earlier this month, during its first quarter earnings call, Zoom said it might not be able to provide E2EE to free users to avoid any illegal activity on its platform.

At that time, Mr Yuan said the company was excluding free calls to ensure it was possible to work with the Federal Bureau of Investigation and other local law enforcement agencies to prevent  some people using Zoom for unlawful activities.

“We plan to provide E2EE to users for whom we can verify identity … free users [currently] sign up with an email address, which does not provide enough information to verify identity,” the company said earlier.

However, excluding free users from security services fetched widespread criticism from various rights groups globally.

Under the new initiative, free users seeking access to E2EE need to participate in a one-time authentication process that will seek additional information, such as verifying a phone number through a text message.

Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts, said Mr Yuan.

“We are confident that by implementing risk-based authentication, in combination with our current mix of tools, including our report-a-user function, we can continue to prevent and fight abuse,” he added.

Zoom, which has 2,800 employees globally, has seen its user numbers surge as remote working policies were introduced amid the coronavirus pandemic.

In April, the company said the current number of daily participants across its paid and free services surged to 300 million, from about 10 million in December.

The company, which went public in April 2019, said the offices of more than 25 attorneys general in the US had raised questions about privacy issues and it is working with the authorities.

It has taken many other measures to improve security in the past couple of months.