Zoom’s chief executive revealed on Tuesday that free users will not be offered end-to-end encryption as the company wants to assist the FBI and local law enforcement in their investigations.
Zoom’s popularity has increased significantly since the start of the COVID-19 pandemic due to many people being forced to work and study from home. This popularity has also attracted the attention of privacy and security experts, who have identified some serious issues in the video conferencing service, as well as the attention of bad actors who have started abusing the platform.
Zoom has promised to take action and it has already started implementing measures that would help it address security and privacy concerns.
One of these measures is related to end-to-end encryption. Zoom does encrypt communications between clients and its servers, but it currently does not offer true end-to-end encryption, which would prevent even the company itself from gaining access to the content of customers’ communications.
Last month, the company published a detailed draft of the cryptographic design it plans on using for its upcoming end-to-end encryption feature, which it said would be offered to paying customers and schools.
During a conference call following the release of financial results for the first quarter of fiscal year 2021, Zoom CEO Eric Yuan told investors that they do not want to offer this kind of protection to free users, which are more likely to abuse the platform, as the company wants to work with the FBI and local law enforcement if people use Zoom for “bad purposes.”
In a long thread on Twitter, Alex Stamos, who was hired by Zoom as an outside advisor on cybersecurity, shared some details on the company’s plans for end-to-end encryption, which he says “are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.”
Stamos, who in the past worked as CSO at Yahoo and Facebook, said Zoom does not proactively monitor meeting content and it does not plan on doing so in the future. He says the vast majority of abuse comes from people who use Zoom for free and the company plans on taking measures that would “create friction and reduce harm.”
Stamos pointed out that if end-to-end encryption is enabled, Zoom’s Trust and Safety team will not be able to enter a meeting they believe to be abusive — this is now possible without end-to-end encryption — and there will be no backdoor to facilitate such access. Stamos also noted that some meeting features are also incompatible with end-to-end encryption. This is why end-to-end encryption will be opt-in “for the foreseeable future.”
“So we have to design the system to securely allow hosts to opt-into an E2E meeting and to carefully communicate the current security guarantees to hosts and attendees,” Stamos said.
Zoom’s revenue for the first quarter was $328 million and the company expects to generate up to $1.8 billion this fiscal year, with an estimated profit of up to $380 million.
Related: Trojanized Zoom Apps Target Remote Workers
Related: Zoom Agrees to Step Up Security After New York Probe

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Siemens License Manager Vulnerabilities Allow ICS Hacking
- CISA Releases Open Source Recovery Tool for ESXiArgs Ransomware
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
Latest News
- Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
