Most harmful behavior on the videoconferencing app comes from free users "with fake identities," Zoom security consultant Alex Stamos said.
Zoom's decision not to add end-to-end encryption to free users' calls keeps the door open for law enforcement cooperation, CEO Eric Yuan told analysts in a Tuesday conference call, as previously reported by Bloomberg.
"Free user, for sure, we don't want to give that because we also want to work together with FBI, with local law enforcement, in case some people use Zoom for a bad purpose," Yuan said.
End-to-end encryption, which the videoconferencing company is currently working on, secures connections all the way from each device to every other device on a call. It'll only be enabled on paid accounts because the "vast majority of harm comes from self-service users with fake identities," Zoom security consultant Alex Stamos noted in a tweet on Tuesday.
Zoom's business has surged as the coronavirus pandemic forced millions to work from home. That brought increased scrutiny and revealed several security problems. Since then, it's added some encryption for all users.
The company is working with "child safety advocates, civil liberties organizations, encryption experts and law enforcement" to refine its strategy, it confirmed via email. Its approach to encryption is designed to protect children and potential victims of hate crimes.
"We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity," a spokesperson wrote. "Finding the perfect balance is challenging. We always strive to do the right thing."