- Zoom plans to deliver stronger encryption for certain business customers, but not for free users.
- The strategy has received some blowback.
Zoom CEO Eric Yuan suggested Tuesday that cooperation with law enforcement is one reason why the company isn't planning to offer end-to-end encryption on calls for free users.
The company sought to deliver end-to-end encryption as one part of a wider effort to boost security on its service, which has seen an influx of users this year as schools and offices closed in response to the coronavirus pandemic, pushing workers to find virtual ways to meet. Zoom has grown considerably since going public last year but remains smaller than competitors with more money to spend on product development, including Cisco, Google and Microsoft.
But the company has consistently said this encryption will only be available to some paying business customers, and Yuan offered one reason why on the company's first-quarter earnings call on Tuesday:
"We want to give [end-to-end encryption] to at least the enterprise customer or business customer. Free users, for sure, we don't want to give that," Yuan said on a conference call with analysts on Tuesday.
"Because we also want to work together, say, with FBI, with local law enforcement in case some people that use Zoom for the bad purpose, right?"
When free customers make Zoom video calls, those calls are protected with secure socket layer encryption and 256-bit advanced encryption standard, or AES, encryption. Those technologies secure meeting data while it's in transit over the internet, to prevent it from getting intercepted by attackers.
End-to-end encryption goes further. It's meant to prevent anyone other than the sender and recipients from accessing information.
In March the Intercept reported that Zoom lacked end-to-end encryption despite claims on the company's website. The report was part of a series of weaknesses people pointed to as usage of the service ballooned.
Yuan's remarks on Tuesday were not the first time Zoom was communicating the company's new strategy. Reuters reported last week that Zoom intends to provide end-to-end encryption only for paying users, citing Alex Stamos, a Zoom security consultant who previously worked as Facebook's chief security officer.
On Tuesday and Wednesday, as people reflected on what Yuan had told analysts, Stamos took to Twitter to discuss the subject further. Stamos said certain Zoom rivals don't enable end-to-end encryption by default.
Some people didn't take well to Zoom's position. One Twitter user described it as "a serious unforced error."
Another person suggested that it shows Zoom siding with law enforcement at a time when people across the U.S. have been protesting police brutality following George Floyd's death in police custody.
"Zoom's end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes," a Zoom spokesperson told CNBC in an email on Wednesday. "We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity."
The company has taken input from child-safety advocates, civil-liberties groups, encryption experts and law enforcement, and finding the right balance is not easy, the spokesperson said.