Zoom Chief Executive Officer Eric Yuan has sparked a controversy after the executive said that the company would not offer the strongest end-to-end encryption (E2EE) for free calls to make sure it was able to work with law enforcement. During a conference call on Tuesday, Yuan suggested that the E2EE security would only be provided to premium Zoom users rather than the millions of free users of the platform. With these comments, several users on Twitter criticised the company for compromising basic security that is offered by even rivals such as WhatsApp, Google Duo, and Facetime. In the meantime, the company’s security consultant Alex Stamos took to Twitter to pacify this situation and to explain why the company has taken this decision with E2EE security.
In a series of posts, Stamos explained the company’s decision to offer E2EE security to premium customers, saying that Zoom is facing a “difficult balancing act” of trying to improve privacy while also “reducing the human impact of the abuse of its product.” The security consultant here is referring to “hate speech, exposure to children and other illegal behaviours” that have infected Zoom in recent times. Stamos further indicated that “self-service users” or the non-premium users often use fake identities for disrupting the platform with such abuses. The executive cleared that the E2EE was also provided to enterprises such as schools and other educational institutes that are not paying a premium.
“Will this eliminate all abuse? No, but since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm,” the Twitter post reads.
Stamos also claimed that Zoom did not proactively monitor content in meetings and would not in the future, however, he contradicted the statement by saying that Zoom’s Trust and Safety team could enter a zoom call “if they have a strong belief that the meeting is abusive.”
“All users (free and paid) have their meeting content encrypted using a per-meeting AES256 key. Content is encrypted by the sending client and decrypted by receiving clients or by Zoom’s connector servers to bridge into the PSTN network and other services,” he says.
Similarly, Zoom through its official Twitter account also tried to clarify Yuan’s statement. In a post, the company said “Zoom does not provide information to law enforcement except in circumstances such as child sex abuse.”