Zoom will offer stronger encryption for paid accounts


Sabina Weston

1 Jun, 2020

Zoom is planning to roll out stronger encryption for businesses and institutions that pay for its service.

Zoom’s security consultant Alex Stamos, who was poached by the company in early April, has confirmed the news but added that the plan was subject to change.

According to Reuters, Stamos has not yet decided whether stronger security measures could also potentially be rolled out for non-profit organisations or users in need of an extra layer of protection, such as political dissidents.

“At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety,” Stamos told The New York Times in an interview published yesterday.

“The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are.”

He added that providing full encryption for every meeting would leave Zoom’s trust and safety team unable to add itself as a participant in gatherings to tackle abuse in real-time.

Zoom hired former Facebook security chief Stamos following numerous security incidents which threatened the immense popularity of the video conferencing platform, such as ‘Zoom-bombing’, which led to numerous companies and institutions banning the use of the platform.

Zoom attracted millions of users and became the most popular video conferencing platform globally. With the majority of its audience using the free version of the platform, Zoom might be trying to increase the number of its paid users and regain the trust of businesses by promising a higher level of security for its paid subscription models.

However, a similar announcement from Facebook, which plans to implement end-to-end encryption across all of its messaging systems, has garnered criticism from its shareholders.

Zoom had been previously criticised for not using end-to-end encryption despite specifically stating that it does on its website. The company finally implemented the 256-bit AES-GCM encryption standard in late April.