In another milestone in Zoom’s 90-day plan to further strengthen the security of the video communications platform, Zoom has now announced the acquisition of Keybase to help the video conferencing app build end-to-end encryption that can reach current Zoom scalability.
The Keybase’s team has built a secure messaging and file-sharing service leveraging its deep encryption and security expertise ever since it was launched. With this acquisition, Zoom has taken the first attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses.
In a blog post, Zoom stated, “Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behaviour on our platform. Keybase’s experienced team will be a critical part of this mission.”
With this, Zoom will soon offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees. An ephemeral per-meeting symmetric key, which will be generated by the meeting host, will now be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees.
In addition to this, Zoom informed that the cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting. Zoom is also probing mechanisms that would allow enterprise users to provide additional levels of authentication.
However, the app further notified that these end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host. Encryption keys will be tightly controlled by the host, who will admit attendees. We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises.
Besides this, Zoom is aware of its goal to prevent the use of its products to cause harm. For this, Zoom will continue to work with users to enhance the reporting mechanisms available to meeting hosts to report unwanted and disruptive attendees. This cloud-enabled video meeting app does not and will not proactively monitor meeting contents, but our trust and safety team will continue to use automated tools to look for evidence of abusive users based upon other available data.
Moreover, Zoom has asserted that it has not and will not build a mechanism to decrypt live meetings for lawful intercept purposes. “We also do not have a means to insert our employees or others into meetings without being reflected in the participant list. We will not build any cryptographic backdoors to allow for the secret monitoring of meetings,” the company said in a blog post.
Emphasising on its commitment to remain transparent and open as it build the end-to-end encryption offering, Zoom revealed, “We plan to publish a detailed draft cryptographic design on Friday, May 22. We will then host discussion sections with civil society, cryptographic experts, and customers to share more details and solicit feedback. Once we have assessed this feedback for integration into a final design, we will announce our engineering milestones and goals for deploying to Zoom users.”
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.