Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word.
The company said Monday that it was officially rolling out end-to-end encryption (E2EE) for all free and paid users, and it credited the acquisition of messaging and file-sharing service Keybase as a crucial decision toward that milestone.
“This has been a highly requested feature from our customers, and we’re excited to make this a reality,” Jason Lee, Zoom’s chief information security officer, said in a statement. “Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.”
Zoom announced the upgrade a couple of weeks ago, but said it was live as of Monday for Windows, macOS and Android users. Approval for the feature on iOS was awaiting approval from Apple’s App Store, Zoom said. It’s a classic case of a tech company acquiring the resources it needed rather than developing entirely them in-house.
The upgrade was more than just a “highly requested feature,” of course. Security experts, civil liberties groups, child safety advocates and other organizations have been pressuring Zoom for much of 2020 to improve the security of the app, given the explosion in telework that came after businesses and schools closed their buildings in response to the coronavirus pandemic.
The new E2EE technology is still in a “technical preview,” Zoom said, and it encouraged users to submit feedback about it.
E2EE essentially phases out Zoom’s old method of encryption, in which the company’s cloud servers generate encryption keys and distribute them to meeting participants.
“With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents,” the company said. “Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key.”