Zoom will strengthen security protections on its phone calls – but only if people pay, according to the company's chief executive Eric Yuan.
Those accounts and organisations that pay for the premium service will have their encryption increased, so that calls cannot be intercepted, he announced.
But people using the free version will not benefit from those protections, so that their calls can be watched by law enforcement.
The company has attracted greater business during the coronavirus pandemic, with multitudes of people working from home and continuing their lives via video call, but has seen people entering video calls they should not have been in – a practise called “zoombombing” – which has led to people being subject to harassment or made to view footage of child abuse.
300 million Zoom meetings a day now happen during the pandemic, many of which under its free service, but Yuan says those people will not have their conversations encrypted because the company “want[s] to work together with FBI”.
“Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said as part of the company’s financial results for the first quarter of 2020.
Currently, while all users have their meeting content encrypted, when it is sent to others or to Zoom’s connector servers it is decrypted. Alex Stamos, a Zoom security consultant, said that “Zoom does not proactively monitor content in meetings and will not in the future. Zoom doesn't record meetings silently. Neither of these will change.”
Full encryption for every meeting would leave Zoom’s trust and safety team unable to add itself as a participant in gatherings to tackle abuse in real time, Mr Stamos also said.
It is unclear how that claim matches Zoom’s CEO stating that it would like to work with the FBI, which would presumably monitor content in Zoom conversations, or whether that is even possible.
A Zoom spokesperson told The Independent that the company "does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse"
Zoom also said that it plans to "provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity."
It remains unclear whether Zoom plans to let free users verify their identities in exchange for end-to-end encryption, or what situations Zoom would allow law enforcenement access to its calls other than "child sex abuse," one example the spokesperson gave.
End-to-end encryption, which is used on many popular apps including Facebook-owned WhatsApp and private messaging app Signal, has been a controversial matter because it would allow law enforcement to access the messages of individuals without their consent.
While some argue that it would be safer for the government to monitor their conversations in order to stop criminal activity, others argue that such an action is a serious infringement of civil liberties.
Conversations which are not end-to-end encrypted are also more susceptible to violation from hackers and other malicious individuals. Limiting security at a platform level for one user to stop one crime necessarily weakens protections to all users.
Gennie Gebhart, a researcher with the Electronic Frontier Foundation, said she hoped Zoom would change course and offer protected video more widely.
Yet with the Justice Department and some members of Congress condemning strong encryption, Zoom could draw unwanted new attention through a major expansion in that area, privacy experts said.
Zoom has previously been criticised for incorrectly suggesting on its website that it used end-to-end encryption and for an infamous vulnerability last year which could have allowed hackers to spy on people through their webcams.
Additional reporting by Reuters