Free end-to-end Zoom encryption alters competitive climate

End-to-end encryption could soon become a standard feature in video conferencing following Zoom's decision to make the highly secure communication method available to all users for free, analysts said.

Zoom is not the first vendor to embrace end-to-end encryption. Cisco Webex has long offered the feature to businesses. But people are increasingly looking to Zoom as the standard-bearer for video conferencing, especially in the consumer market. As such, the vendor's embrace of the secure encryption method should forever alter the competitive landscape.

Facebook, LogMeIn, Lifesize, 8x8, Jitsi and Symphony are among the video conferencing providers that have claimed in recent months to be developing or beginning to roll out end-to-end encryption. Many leading video services still lack the security system, including Microsoft Teams, GoToMeeting, Google Meet and Facebook Messenger.

"I think it will be a sort of mandatory requirement … especially in the public sector and financial services, and perhaps even in the healthcare field," said Mike Fasciani, an analyst at Gartner.

Aside from discouraging hacking, end-to-end encryption ensures that governments and tech firms can't snoop on calls. Under the system, users generate the keys used to encrypt communications. That prevents software-makers like Zoom from being able to decrypt the content, even if subpoenaed.

Many people likely don't understand how exactly end-to-end encryption is different from other methods of encryption. But these days, everyone wants what sounds like the most secure method of encryption, said Alan Pelz-Sharpe, founder of research and advisory firm Deep Analysis.

"If you think about Zoom and how widely used it has become over the last few months, who wouldn't want it to be secure?" Pelz-Sharpe said. "Everybody wants it to be secure."

In a recent Nemertes Research survey, 528 business leaders ranked end-to-end encryption as more critical for video security than enterprise key management, on-premises deployment options and waiting rooms.

Customers and civil liberties groups criticized Zoom for initially planning to offer end-to-end encryption only to paid users. Organizations like Mozilla and the Electronic Frontier Foundation said the feature provided essential protections to journalists and activists and should not be restricted only to those who can afford to pay.

Zoom reversed course under pressure last week, announcing that the millions of people who use its service for free would also get access to the feature. The company previously said it wouldn't provide free users with end-to-end encryption to avoid concealing illegal activity, including child sex abuse.

Zoom said it was developing a way to confirm the identities of free users that want to use end-to-end encryption. To use the secure Zoom encryption method, they will need to provide additional information about who they are, such as a phone number, the company said. That could help scare off people who want to use the service illegally.

Zoom plans to launch an "early beta" of the feature in July. The company will implement end-to-end encryption in four phases. It will start by having users generate encryption keys. Then, Zoom will more securely tie those keys to user identities through partnerships with single sign-on vendors and identity providers.

Later stages will introduce real-time threat detection and create an audit trail so that customers can be sure nobody is manipulating the encryption. The company has not released a timeline for the project.

Turning on end-to-end encryption will disable some Zoom features. Users won't be able to connect to the service through the public telephone network or third-party video devices. The feature will also disable meeting recording and transcription.

Zoom is facing numerous class-action lawsuits over alleged security and privacy lapses. The suits fault Zoom for previously claiming to have end-to-end encryption, an assertion the company has acknowledged was potentially misleading.

Restricting end-to-end encryption to paid users would have been a mistake for Zoom, Fasciani said. The company may have felt pressured to justify the cost of its recent acquisition of security firm Keybase. But making the feature free should financially benefit the company more in the long run, he said.

"They have been so successful because their free service is nearly as feature-rich … as the paid-for service," Fasciani said.