The popular video-conferencing service, Zoom has been saddled with privacy and security issues, owing to lack of end-to-end encryption which is required to secure messaging on the platform.
Now, Zoom has scheduled to publish a draft of its cryptographic design on May 22, before preceeding on discussions with industry experts which is a necessary step to improve transparency, as independent third-party attestation is increasingly common for cloud-provided applications.
The move is possible through its acquisition of Keybase, a secure messaging and identity management firm that has been at the forefront of end-to-end encryption technology. It will give Zoom access to Keybase’s encryption technology, as well as its team of engineers, to secure the Zoom platform.
How Keybase’s Encryption technology will be Integrated with Zoom
Keybase was launched in 2014, and it allows users to encrypt social media messages or shared files with public key encryption which ensures that communication stays private.
Going forward, Keybase’s cofounder Max Krohn will head Zoom’s security team, along with other engineers, as a first step for Zoom as it aims to build a “truly private” video communications platform that will scale hundreds of millions of participants and help the firm to improve security and privacy on its platform as usage soars.
Albeit, Zoom has faced criticism for overstating its end-to-end encryption capabilities, which it subsequently apologized for the “confusion” around its definition of the encryption technology.
What's Next for Zoom?
Zoom has unveiled a 90-day strategy aimed at addressing its security concerns, including the hiring of Alex Stamos, the former CSO at Facebook, as a security consultant. It also initiated a freeze on non-security product features, amidst the plan to incorporate Keybase’s technology to provide full end-to-end encryption for its platform.
As at now, Zoom audio and video data are encrypted as it’s sent out before being decrypted on the receivers end. But with the Zoom upgrade last month to 256-bit encryption with the launch of Zoom 5.0, the keys are still generated at Zoom’s own servers.
Zoom plans to make full end-to-end encryption available as a paid service, in which case, the encryption keys will be generated from the meeting host, that is, even Zoom will not be able to view the data sent over its network.
Though it will continue to generate keys on its own servers when necessary, like for users who want to call into a third-party meeting system or use cloud recording features.
Zoom already offers Live Video Meeting notes integration with access to live transcripts, through partnership with Otter.ai, which is available to Zoom Pro users, allowing meeting participants to highlight, add comments and pictures via the Otter.ai web or mobile app.