Zoom is finally taking the big leap to bring an end to end encryption (E2EE) as it continues its 90-day challenge to beef up the security and privacy of its platform.
In a blog post, the company announced yesterday it had acquired Keybase, a New York-based startup specializing in providing a secure messaging and file-sharing service.
The acquaintance is what will enable Zoom to support essential end-to-end encryption which the platform doesn’t currently support.
“We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability,” wrote Eric S. Yuan, CEO Zoom.
In the recent past, upon surge in usage, Zoom’s security was criticized by security experts who have led to several organizations and governments around the world restrict or completely prohibit use. Besides, some of its investors also sue the company over fraud allegations for purporting to support E2EE.
Zoom hopes that the Keybase team, with their expertise in encryption and security, will help the platform accelerate its plan to build end-to-end encryption.
“Keybase brings deep encryption and security expertise to Zoom, and we’re thrilled to welcome Max and his team. Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts,” said Eric Yuan.
Currently, Zoom says content is encrypted at each sending client device. Zoom 5.0, the latest update, beefed up security a notch higher by supporting the industry-standard AES 256-bit encryption technology but there’s a catch.
Zoom’s servers generate these keys. But soon, adoption of E2EE means that cryptographic keys will be generated by the meeting host and distributed to the Zoom clients making it difficult for the company to snoop.
Zoom’s E2EE comes with caveats, though. CEO Eric Yuan says the feature will only be available to paid Zoom clients (who spend at least $14.99 a month). Another limitation is that users will not be able to join meetings using mobile devices, and cloud-based recording will be unavailable.
“We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms,” Yuan said.
The company plans to publish a detailed draft of the E2EE cryptographic design on Friday, May 22, as part of its transparency mission. The San Jose based company seeks to collect feedback from several groups, including cryptographic experts, customers, and even members from the civil society before going ahead to the implementation.