As millions attempt to work from home during the coronavirus pandemic, some companies are using Zoom teleconferencing software, but that could be a risk: Zoom video calls do not offer end-to-end encryption.
Zoom… claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings… The service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood.
The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to secure HTTPS websites… This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company…
Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end… “If it’s all end-to-end encrypted, you need to add some extra mechanisms to make sure you can do that kind of ‘who’s talking’ switch, and you can do it in a way that doesn’t leak a lot of information. You have to push that logic out to the endpoints,” he told The Intercept. This isn’t impossible, though, Green said, as demonstrated by Apple’s FaceTime, which allows group video conferencing that’s end-to-end encrypted. “It’s doable. It’s just not easy.”
MacDailyNews Take: True end-to-end encryption is important for sensitive, competitive information. If you’re using Zoom for sensitive information, beware. As Lee and Grauer explain, “Without end-to-end encryption, Zoom has the technical ability to spy on private video meetings and could be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.” Read more in the full article.