EXECUTIVE SUMMARY:
In the interest of allaying criticism related to encryption, and warding off a class-action lawsuit, Zoom has acquired Keybase, a 25-person encryption technology company that focuses on secure messaging and secure file-sharing.
The acquisition represents “a key step” in creating a “truly private video communications platform,” says Zoom’s founder and CEO, Eric Yuan.
How does the Keybase encryption work? “An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees.”
The encrypted calls will live outside of Zoom’s servers, ensuring privacy for customers.
Notably, the Keybase encryption will only be available to paying Zoom customers, not those using the free service. Paid subscribers will be able to turn the encryption feature on or off, as needed. In keeping the encryption feature turned on, customers will observe a loss in end-user functionality; calling in by phone and cloud-based recording of Zoom sessions will not be possible.
Zoom expects to publish drafts of the new cryptographic designs for the platform on Friday, May 22nd. For previous Cyber Talk coverage of Zoom, click here. For more on this story, visit Threatpost.
