Zoom won't add end-to-end encryption to free calls so it can keep aiding police

Most harmful behavior on the videoconferencing app comes from free users "with fake identities," Zoom security consultant Alex Stamos said.

Sean Keane
Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture, Video Games, Breaking News

Zoom's end-to-end encryption is only for users whose identity it can verify.

Angela Lang/CNET

Zoom's decision not to add end-to-end encryption to free users' calls keeps the door open for law enforcement cooperation, CEO Eric Yuan told analysts in a Tuesday conference call, as previously reported by Bloomberg

"Free user, for sure, we don't want to give that because we also want to work together with FBI, with local law enforcement, in case some people use Zoom for a bad purpose," Yuan said.

End-to-end encryption, which the videoconferencing company is currently working on, secures connections all the way from each device to every other device on a call. It'll only be enabled on paid accounts because the "vast majority of harm comes from self-service users with fake identities," Zoom security consultant Alex Stamos noted in a tweet on Tuesday.

Watch this: Zoom works on end-to-end encryption, SpaceX crew lands on ISS

Zoom's business has surged as the coronavirus pandemic forced millions to work from home. That brought increased scrutiny and revealed several security problems. Since then, it's added some encryption for all users.

The company is working with "child safety advocates, civil liberties organizations, encryption experts and law enforcement" to refine its strategy, it confirmed via email. Its approach to encryption is designed to protect children and potential victims of hate crimes.

"We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity," a spokesperson wrote. "Finding the perfect balance is challenging. We always strive to do the right thing."