Zoom will deploy end-to-end encryption, but not for everyone

Zoom will deploy end-to-end encryption, but not for everyone Cybersecurity

Building on its rapid success, fueled by the boom in teleworking necessary in the face of the Covid-19 epidemic, the Zoom videoconferencing application has also faced numerous criticisms of its confidentiality. Company director Eric Yuan announced plans to correct the problem by focusing on security, and Zoom is now reporting that its company plans to deploy end-to-end encryption functionality in its video conferencing application.

As security consultant Alex Stamos explained to Reuters at the start of the week, the Zoom teams are indeed working on the deployment of an end-to-end encryption functionality: according to him, this functionality would be available to paying customers of the platform as well as a handful of organizations chosen by Zoom, such as schools. Free users of the video conferencing application will not benefit from this new functionality. Stamos nevertheless specifies that for the moment, the availability of the functionality remains a subject for debate and that developments may still occur.

The company released a white paper last week detailing the technical solution it plans to implement to successfully deliver this new encryption functionality to its users. No date has yet been given as to the official availability of this feature, which is still being implemented by the publisher’s technical teams.

What encryption are we talking about exactly?

One of the criticisms the application faced at the start of the year was the issue of Zoom video conferencing encryption. Marketing content indeed ensured the confidentiality of conversations thanks to encryption, but several experts had pointed out at the time that the famous “end-to-end encryption” advanced by Zoom was not really one.

In view of the technologies used and Zoom’s successive declarations, it was understandable that the data was actually encrypted when using Zoom, but that the company had the keys necessary to decrypt the content. In a videoconference with end-to-end encryption, the encryption keys remain on the user’s device and only participants in the conversation can decrypt the audio and video streams of the conversation, thus ensuring true confidentiality of exchanges.

The choice of Zoom, which wishes to limit the use of its encryption functionality to paying users, has won it criticism from pro-encryption associations such as the Electronic Frontier Foundation. But the question of end-to-end encryption is also a thorny political question: the American authorities have several times taken an open position against the democratization of these encryption tools, which hamper judicial investigations by preventing investigators from accessing data suspects. By choosing to reserve its functionality for paying users, Zoom hopes to limit the risk of conflict with American justice, if the latter wishes to access data on one of its users.

Source: www.zdnet.fr

Rate article
Add comment