Zoom management announced that free users will not have access to end-to-end encryption, which protects conferences from wiretapping and other intrusion from the outside. The company explained this by the fact that they intend to cooperate with the FBI and other special services, and therefore must provide them with the right to access the service if "someone uses Zoom for criminal purposes."
Zoom video conferencing service, which has gained superpopularity amid the coronavirus pandemic, has announced plans to introduce end-to-end encryption to protect its conversations from wiretapping, but only for so-called “professional”, that is, paid, users, reports The Verge portal.
rambler without ads
While the Zoom audience grew at a tremendous pace, information security experts constantly warned of vulnerabilities and issues related to user privacy. In particular, experts pointed to the lack of end-to-end encryption [E2E], which today is a kind of gold standard for such applications.
The lack of E2E encryption in the application implies that user information is stored on the company's servers, and not on the conference participants' smartphones.
This means that under a certain set of circumstances, attackers can take over this data – they just need to hack into one database to gain access to conversations of all Zoom users.
Last week, it became known that Zoom will still have end-to-end encryption, but as it turned out, it will not be available to everyone, but only to those who bought paid accounts. The management of the company explained its decision by the fact that, if necessary, it wants to provide law enforcement authorities with access to the profiles of its users if they are involved in criminal activities.
rambler without ads
“We believe that this feature [encryption] should be part of our offer for business customers.
Free users will not receive it, since we also intend to cooperate with the FBI and local law enforcement agencies if suddenly someone uses Zoom for criminal purposes, ”said Eric Founder and CEO.
Later, an official representative of the company said that Zoom does not constantly monitor the conferences of its users and does not share information with the police if it is not a matter of serious crimes, for example, child molestation.
“We do not have backdoors that allow anyone to join the conference so that other participants do not notice it. For users, nothing will change. The Zoom Endpoint Encryption Plan aims to strike a balance between user privacy and the security of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users whose identity we can verify, thereby limiting the likely harm to these vulnerable groups. Free users can connect to Zoom using only email, which is not enough to confirm their identity, ”said a Zoom spokesman.
rambler without ads
Currently, the problem of maintaining confidentiality and the ability to quickly block illegal content is on the agenda of the IT industry.
The fact is that these two concepts actually contradict each other – in order to find users who distribute prohibited videos or images, it is necessary to weaken security measures, which is unacceptable, since in this case all users become vulnerable to hacker attacks.
According to The Verge, human rights activists have repeatedly pointed out that Zoom, like other video communication platforms, is often used by criminals involved in child trafficking. One US federal attorney even called Zoom "Netflix with child pornography."
The desire of company management to cooperate with US law enforcement agencies is logical if the privacy of their users is not sacrificed. So, for example, Apple took a more categorical position, refusing to introduce backdoors into its devices at the request of the FBI – the Cupertinos refused to provide the US authorities with constant access to data on their gadgets, unless the matter is a threat to national security.