So Wait, How Encrypted Are Zoom Meetings Really?

The service's mixed messages have frustrated cryptographers, as the US government and other sensitive organizations increasingly depend on it.
zoom video communications building
A clearer accounting of Zoom's encryption is due.Photograph: Smith Collection/Getty Images

The videoconferencing company Zoom has seen its star rise exponentially during the Covid-19 pandemic, as friends and coworkers increasingly turn to the service for a communication lifeline. With this notoriety, though, has come mounting scrutiny of Zoom's security and privacy practices. Zoom is safe for most people. But as the United States federal government and other sensitive organizations ramp up use of the service, a clearer accounting of its encryption is due.

That's harder to achieve than it should be, because Zoom has sent conflicting signals about its encryption approach. A report in the Intercept on Tuesday noted that, based on its own technical white paper, Zoom had falsely marketed one of its features as making meetings "end-to-end encrypted." That would mean video call data is encrypted at all times in transit, such that not even Zoom could access it.

The company has since admitted that this is not the case, and now uses the word "encrypted" instead of "end-to-end encrypted" when meetings have the setting enabled. Zoom still, though, hasn't removed its "end-to-end encrypted" pitch everywhere on its website and in marketing materials. In a blog post about its encryption posted late Wednesday, Zoom attempted to resolve the confusion.

"In light of recent interest in our encryption practices, we want to start by apologizing for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption," chief product officer Oded Gal wrote. "Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it."

But, in some ways, the blog post only complicates things further. Gal reasonably points out that Zoom can add comprehensive encryption only if everyone in a meeting is logged in through one of the company's apps. If someone joins a Zoom meeting through a regular phone call, for example, Zoom can't extend its encryption to the legacy telephony network. But Gal further writes that, with the exception of those connections and a caveat for recorded Zoom meetings, "we encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients." Which starts to sound a lot like end-to-end encryption again. The post also includes a diagram that seems to depict Zoom's system as being fully end-to-end encrypted for most audio and video calls.

"What can you say, because they apologize for the confusion, admit that it’s not end-to-end, and then go on arguing how it is end-to-end," says cryptographer Jean-Philippe Aumasson, founder of the internet of things encryption firm Teserakt. Zoom did not respond to WIRED's request for comment.

Based on the blog post, Aumasson and others point out that the system does not meet the criteria of being end-to-end encrypted because of key management—the logistics of generating, using, and storing the keys that encrypt and decrypt data. The blog post says that Zoom currently manages and stores all of the keys involved in user data encryption in its own cloud infrastructure. By definition, this means that Zoom is not end-to-end encrypted, even if meetings remain encrypted on their whole route across the internet, because Zoom could use the keys it holds to decrypt the data during that journey. In the blog post, Gal emphasizes that Zoom has extensive internal controls in place to keep anyone from using the keys to access users' video or audio meetings.

"Saying they don’t decrypt it at any point does not mean that they cannot decrypt it at any point," says Brown University cryptographer Seny Kamara.

An analysis of Zoom's encryption scheme, published on Friday by Citizen Lab at the University of Toronto, shows that Zoom does generate and hold all keys itself on key management systems. The report notes that most of Zoom's developers are based in China, and that some of its key management infrastructure is in that country, meaning keys used to encrypt your meetings could be generated there. It's also unclear how Zoom generates keys and whether they're adequately random or might be predictable.

"It would help if Zoom were more clear about how keys are generated and transmitted," Teserakt's Aumasson says.

Citizen Lab's investigation found that every Zoom meeting is encrypted with one key that is distributed to all meeting participants, and it doesn't change until everyone has left the "room." Conceptually, this is a legitimate way to encrypt video calls, but its overall security depends on a number of factors, including what happens in situations where only some people join or leave the meeting after it has started. Citizen Lab found that the key does not change when some participants join and leave, and only refreshes when everyone has left a meeting. Citizen Lab also found that Zoom uses an unexpected configuration for its transport protocol, used in delivering audio and video over the internet. Improvising alternatives in this way is often called "rolling your own" cryptography, typically a red flag given how easy it is to make mistakes that create vulnerabilities.

"It sounds like Zoom solved a lot of the hard problems, but didn’t go all the way," says Johns Hopkins University cryptographer Matthew Green.

After reviewing Citizen Lab's findings, all the cryptographers WIRED spoke to for this story emphasized that Zoom's centralized key management system and opaque key generation is the biggest issue with the company's past end-to-end encryption claims, as well as its current muddled messaging on the subject. Other enterprise video conferencing services take a similar approach to managing keys. The issue for Zoom is simply that the company made claims that evoked a much more secure—and desirable—offering.

Adding to the confusion, Zoom's blog post claims that the company can still make many of the guarantees that come with true end-to-end encryption. "Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list," Gal wrote. It seems clear, though, that governments or law enforcement could ask the company to build such tools and the infrastructure would allow it.

The blog post also notes that Zoom offers a way for customers to manage their own private keys, an important step toward end-to-end encryption, by physically installing Zoom infrastructure like servers on their own premises. A cloud-based option for users to do their own key management through Zoom's remote servers is coming later this year, according to Gal.

"Running the entire Zoom infrastructure—clients, servers, connectors—in-house, sure, but this can only be done by big organizations. What can the rest of us do?" Kamara says. "And for the cloud-based option, this kind of sounds like end-to-end encryption, but who knows—maybe they mean something else. If it is, then why not just say, 'End-to-end encryption will be available later this year'?"

The fact is that implementing end-to-end encryption with the kinds of features Zoom offers is very difficult. A free Zoom account can host calls with up to 100 participants. Enterprise Plus tier users can have up to 1,000 people on the line. By comparison, it took Apple years to get end-to-end encryption to work with 32 participants on FaceTime. Google's enterprise-focused Hangouts Meet platform, which doesn't offer end-to-end encryption, can only handle up to 250 participants per call.

For most users in most situations, Zoom's current security seems adequate. Given the service's rapid proliferation, though, including into high-sensitivity settings like government and health care, it's important that the company give a real explanation of what encryption protections it does and doesn't offer. The mixed messages aren't cutting it.


More Great WIRED Stories