Zoom isn't beefing up security for free users so that it's better able to 'work with law enforcement'

insider@insider.com (Ben Gilbert)
Zoom founder and CEO Eric Yuan reacts at the Nasdaq opening bell ceremony on April 18, 2019 in New York City.

Kena Betancur/Getty Images

  • When the coronavirus pandemic hit, millions of people around the world were suddenly using Zoom, putting the videoconferencing software ahead of rivals like Google Meet and Microsoft's Skype.
  • A number of security concerns have been raised as the service has gained popularity, including that Zoom was not using end-to-end encryption to protect call data. 
  • The company announced on it's earnings call Tuesday that paid users would receive a security update that includes higher encryption. Calls made on the unpaid version of Zoom will not get the added security. 
  • Zoom CEO Eric Yuan said excluding the unpaid service from the update was intentional, "because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose."
  • Visit Business Insider's homepage for more stories.

Zoom, the video call software that has exploded in popularity during the ongoing coronavirus pandemic, is increasing security features on the service.

On the company's earnings call on Tuesday, CEO Eric Yuan announced the addition of end-to-end encryption for paid and enterprise users. Users on the free version of the service, however, will not get that same added security. 

Moreover, Yuan said unpaid accounts were excluded from this higher level encryption, "because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose." 

Zoom last week confirmed to Reuters that the new encryption features would only apply to paid users, leaving free accounts with a lower level of security. 

The service's paid accounts start at $15/month, and there are a variety of different plan options depending on which features a customer wants.

As the service has hoovered up new users by the millions, the company has faced scrutiny over security issues — everything from unwanted meeting attendees (so-called "Zoombombing") to a class action lawsuit that alleges the company shared analytics data with Facebook without alerting users. 

Unlike Google Meet and Microsoft's Skype, Zoom was built with business in mind, and the service was primarily used by membership-paying companies until the pandemic forced millions of people indoors and into video calls. 

A Zoom representative provided a statement further detailing the company's intentions with the change:

"Zoom's AES 256 GCM encryption is turned on for all Zoom users — free and paid. Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where participants can enter meetings without being visible to others. None of this will change.

Zoom's end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity.

The current decision by Zoom's management is to offer end-to-end encryption to business and enterprise tiers. We are determining the best path forward for providing end-to-end encryption to our Pro users.

Zoom has engaged with child safety advocates, civil liberties organizations, encryption experts, and law enforcement to incorporate their feedback into our plan. Finding the perfect balance is challenging. We always strive to do the right thing."

Read the original article on Business Insider