Amidst COVID 19 breakdown has compelled people to work from home. Several enterprises and educational institutes have started online meetings which have resulted in Zoom to gain more than 190 million users in just three months. But with a sudden rise, the company has come under scrutiny for several security reasons. Recently, the Ministry of Health Affairs(MHA) in India also red-flagged the Zoom app, citing that the app is not safe for individual users and issued the guidelines on how to use the platform securely.
According to MHA, users using zoom without necessary precautions are exposed to the world of cybercrime with their valuable data, such as details of meetings and conversation in those meetings at risk of being leaked out.
Zoom’s security concern
ZOOM’S meteoric rise has been a matter of concern for privacy and security breach. In response to security loopholes due to deficit encryption protocol over its videoconferencing services. The company has brought on miniature artillery of notable cryptographers and security engineers as consultants, and acquired the secure communication company Keybase, in pursuit of real end-to-end encryption for its users. But later on, Zoom revealed that the feature pack comprising of end-to-end encryption would be provided only to its paid premium users, whereas leaving Zoom’s free users in the lurch
Why End-to-End encryption?
Wherever possible, use End-to-end encryption. It acts like a second layer of protection so that if one fails, the other one has your back. The data sent across two devices are unreadable to illegitimate users. Besides, it protects your information from snooping by your internet service provider, the government, or other communication raised. After all privacy of the customers must be the top priority. But As a cause of national security, the United States, the Department of Justice, has multiplied down on its anti-encryption stand in recent years. It has advised tech companies to create backdoors in their encryption for law enforcement access. So, Zoom’s decision to define end-to-end encryption only to its premium accounts seems to be a security concern for free users.
Zoom’s CEO Thoughts
Zoom CEO Eric Yuan said in a conference call about end-to-end encryption, “Free users for sure we don’t want to give that.” He mentioned that the company for its welfare would be working together with the FBI and local law enforcement bodies.
Yuan’s comments illustrate that the user’s data shall be shared between two people if found something unethical. End-to-End encryption will provide an extra edge to the vulnerable groups who need it most, including activists, reporters, and journalists who usually are confined restricted resources.
“Anyone who cares about public safety should be pushing for more encryption everywhere possible, not less,” says Evan Greer, deputy director of the digital rights organization Fight for the Future. “For the company to say they’ll only keep your calls safe and secure if you pay extra—they’re leaving the people most likely to be targeted by surveillance or online harassment vulnerable. They have a chance to do something really good for human rights by implementing default end-to-end encryption to all users. But if they make it a premium paid feature, they’re setting a precedent that privacy and safety is only for those who can afford to pay for it.”
End-to-end encryption is difficult to get right under any incidents, but primarily for a video chat that can hold up to a thousand associates. It acquires a large bandwidth to hold up people dropping in and out of calls simultaneously. It becomes challenging to manage a large number of participants at the same time. Even Tech giants like FaceTime, Facebook’s WhatsApp, and Google’s Duo all offer end-to-end encrypted video chat, but it is restricted to only a few numbers of people, no one has been able to implement the ideology which Zoom is pursuing.
Future Vision
Zoom would also be the first widely used service of its kind that would fence off the security measures to access special protection.
The optimistic vision of Zoom’s CEO says that the end-to-end encryption policy balances the privacy of its everyday users with the safety of unprotected groups, including children and journalists. A Zoom’s spokesperson reported, “We plan to provide end-to-end encryption only to the verified users. Also restricting the harm to these vulnerable groups. Talk about free users he stated that signing up with just an email address, won’t provide enough information to verify identity.”
Prashant is a student of Computer Science and Engineering at NIT Allahabad. He is also a web pentester and cybersecurity analyst. He may be an introvert and sociable person at the same time. He loves meeting new people and he is in a journey to explore himself. Currently working as a content writer at BLARROW.TECH.