Zoom Video Communications, Inc. announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Workplace, specifically Zoom Meetings, making it the first unified communications-as-a-service company to offer a post-quantum E2EE solution for video conferencing.
Michael Adams, Zoom's chief information security officer, said, "With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected."
Post-quantum E2E encryption
To prevent the "harvest now, decrypt later" scenario to capture encrypted traffic in the present, intending to decrypt it in the future when quantum computers have become more advanced, Zoom's offering uses public key cryptography to mitigate potential future threats.
The participants' machines, not servers from Zoom, generate the keys for each Zoom meeting. Zoom explained on its website, "Encrypted data relayed through Zoom's servers is indecipherable by Zoom since Zoom's servers do not have the necessary decryption key. This key management strategy is similar to most E2EE messaging platforms today."
Limited functionality
Zoom further explained that E2EE can enhance privacy and data protection and serve as an additional layer of risk mitigation and protection of sensitive meeting content.
However, enabling Zoom's E2EE in meetings turns off features such as joining before the host, cloud recording, Zoom Whiteboard, AI Companion features, streaming, live transcription, and polling.
"Individual Zoom users should determine whether they need these features before enabling E2EE in their meetings," Zoom explained in the article.