Zoom has announced, after much pressure around its security practices, that it will only encrypt the video calls of paying customers.
During a phone call with investors on Wednesday, Eric Yuan, Zoom's CEO said that the company won't encrypt all calls in case the FBI or local law enforcement come looking for information. “Free users for sure we don't want to give [end-to-end encryption] because we also want to work together with the FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said.
Clearly, the timing is very poor, but this would have been a bad decision at any time. Let's take a look at why Zoom has decided this is the best course of action and which alternatives you can use.
Zoom's Checkered Security Record
Zoom launched back in 2012 when founder Eric Yuan left the enormous business telephony company Cisco Webex. When countries started going into lockdown in order to slow the transmission of coronavirus, friends and colleagues turned to the platform as a way to communicate in groups and with video. But with its surge in popularity has come a difficult relationship with security.
In March, the FBI announced that it was looking into video hijacking, where hackers make their way uninvited into Zoom calls. Zoom calls could be accessed via a short, number-based URL which could easily be generated by hackers. The company said that it would be educating users on how to protect their calls using blog posts and social media, rather than actually fixing the issue.
Zoom also came under fire in March when The Intercept asked the company to clarify its encryption stance. Zoom had advertised that its calls were end-to-end encrypted on its website, its security white paper, and the app's own UI.
However, when reached for comment, a Zoom spokesperson said, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP.” In practice, this meant that Zoom could, with sufficient reason to do so, access the unencrypted video and audio content of meetings.
While the company now seems to have fixed its encryption issue, the decision to only roll out encryption to paying customers is, frankly, distasteful. While Yuan might claim the company is preventing people using its service for nefarious means, there are plenty of other services that offer end-to-end encryption by default.
Zoom's decision to keep free calls unencrypted might also have something to do with the EARN IT Act, which will soon be headed to the Senate. The EARN IT Act calls for internet companies to curb child sexual abuse material on their platforms. It would create an unelected 19-member commission to develop guidelines which could see legal protections removed for companies that fail to follow them.
“The EARN IT Act falsely suggests that we must choose between protecting children and protecting other fundamental rights, including privacy and free expression,” said Hye Jung Han, child rights and technology researcher at Human Rights Watch.
By providing unencrypted calls to free users, Zoom would likely be able to fulfill the guidelines. Therefore protecting itself but not its customers.
Encrypted Video Call Alternatives
Fortunately for us all, there are plenty of end-to-end encrypted video call services that you can use instead of Zoom. Plus, many of them won't cost you a dime to use.
It might not be your first port of call for a work video conference but it's great for a small get together with friends.
It supports up to eight participants and works on Android, iOS, Mac, and Windows devices.
Don't have WhatsApp? Facebook's new(ish) Messenger Rooms is similarly cross-platform and supports up to 50 (yes, fifty) participants.
Perhaps the biggest upside is that all your friends will already have Facebook so getting started is straightforward.
It's not a big name but it offers end-to-end encrypted calls for iOS and Android as well as working in a web browser.
It's open source and completely free.
Yep, Facetime is completely encrypted and supports multiple users. But, bear in mind that it'll only work on iOS devices and Macs.
While the business-focused Google Meet isn't encrypted, Google's more consumer friendly Duo app, is.
You can easily set up calls for a maximum of twelve people.