Zoom U-turns on end-to-end encryption policy

Zoom security privacy

The platform will now offer free users strong protection following pressure by the EFF and Mozilla.

Zoom will now offer end-to-end encryption to all its users, and not just paying customers, after bowing to pressure from privacy activists.

The Electronic Frontier Foundation (EFF) has claimed victory in a short-lived campaign to commit the video conferencing service to offer encryption to all its users. The U-turn follows an open letter jointly-written and published by EFF and Mozilla on Wednesday.

“Zoom’s decision to offer end-to-end encryption more widely is especially important because the people who cannot afford enterprise subscriptions are often the ones who need strong security and privacy protections the most,” the EFF’s associate director of research, Gennie Geghart, said.

“For example, many activists rely on Zoom as an organizing tool, including the Black-led movement against police violence.”

To use Zoom’s end-to-end encryption, users will have to provide additional information, like a phone number, to authenticate.

Zoom had initially planned to roll out end-to-end encryption to paying users only because, to some extent, the company wanted to co-operate with law enforcement. The early beta for end-to-end will arrive in July.

17/06/20: Privacy advocates urge Zoom to encrypt free video calls

Mozilla and the Electronic Freedom Foundation (EFF) have published an open letter to Zoom that urges it to make end-to-end encryption available for all users.

The letter, addressed to Zoom CEO Eric Yuan, criticises the company’s decision to offer end-to-end encryption only to paying users.

It has been signed by 19,000 internet users and backed by tech organisations and advocacy groups including Fight for the Future and MPower Change.

Earlier this month, the video conferencing platform announced plans to roll out stronger encryption for businesses and institutions that pay for its service.

Zoom’s security consultant Alex Stamos suggested that stronger security measures may also be rolled out for non-profit organisations or users in need of an extra layer of protection, such as political dissidents, but added that “the current plan is paid customers plus enterprise accounts where the company knows who they are”.

The decision has garnered criticism from many tech companies and organisations, including Mozilla and the EFF. In the open letter to Yuan, they argued that “best-in-class security should not be something that only the wealthy or businesses can afford”.

“Around the world, end-to-end encryption is already an important tool for journalists and activists that are living under repressive regimes and fighting censorship,” wrote Mozilla’s Advocacy and Engagement VP Ashley Boyd and EFF’s associate director of Research Gennie Gebhart.

Boyd and Gebhert also criticised Zoom’s recent decision to suspend three user accounts at the request of the Chinese government for hosting meetings to commemorate the 21st anniversary of the Tiananmen Square massacre.

“Tools like Zoom can be critical to help protesters organize and communicate their message widely,” they wrote. “Activists should be able to plan and conduct protest-related activities without fear that these meetings, and the information they include, may be subject to interception.

“Unfortunately, recent actions from law enforcement – and a long history of discriminatory policing – have legitimized such fears, making end-to-end encryption all the more critical.”

The letter acknowledged Stamos’s argument that full encryption for every meeting would leave Zoom’s trust and safety team unable to tackle child sexual abuse material (CSAM), but added that “restricting end-to-end encryption to paid accounts is not the right solution”.

Organisations such as Fight for the Future, MPower Change, Daily Kos, Kairos, Media Alliance and Jewish Voice for Peace have also launched a petition targeted at the video conferencing platform, arguing that “people who can’t afford Zoom’s services are left vulnerable to cyber-criminals, stalkers, and hackers”. It has been co-signed by 42,000 internet users.

Lau Barrios, campaign manager at MPower Change, said that “end-to-end encryption has always been a racial justice issue”.

“It most directly protects Black, brown, Muslim and poor communities from the disproportionate risk of surveillance, policing, and criminalization,” she said.

“Zoom has already misled the public once on whether or not they use end-to-end encryption. Openly defending their refusal to provide it to those not wealthy enough to pay to protect themselves and their communities is unconscionable. And it’s a direct refusal to protect activists and organizers from surveillance in this moment.”

Source: cloudpro.co.uk