Will Zoom Bring Encryption to the People Who Need It Most?
This morning, EFF and Mozilla called on Zoom to make their upcoming end-to-end encryption feature available to all 300 million of its users. We published an open letter urging Zoom’s CEO Eric Yuan not to exclude Zoom’s free customers from using their upcoming end-to-end encryption feature.
We applaud Zoom for building strong end-to-end encryption into their service. But by limiting this security enhancement to paid accounts, Zoom is denying privacy protections to the participants who may need them the most.
Zoom CEO Eric Yuan defended the decision to withhold strong encryption, saying, “Free users — for sure we don’t want to give [them] that, because we also want to work together with the FBI, with local law enforcement.” But many activists rely on Zoom as an organizing tool, including the Black-led movement against police violence. Given the long history of law enforcement targeting Black organizers for unconstitutional surveillance, this access raises serious concerns.
For decades, the DOJ and FBI have argued that their inability to access encrypted communications poses a serious threat to national security. But the idea that compromising on encryption will give special access to U.S. officials is a fallacy. Any mechanism that law enforcement uses to access Zoom users’ data will be vulnerable to oppressive regimes and other bad actors. We recognize that premium features are a key part of Zoom’s business model, but we strongly encourage them not to compromise the privacy and security of their users.
The ability to communicate privately is an essential feature of a free society. As more of our communication shifts to video calls, that feature shouldn’t be reserved for those who can afford it.
June 8, 2020
Zoom Video Communications, Inc.
55 Almaden Boulevard, 6th Floor
San Jose, CA 95113
Dear Mr. Yuan,
While we were pleased to see Zoom’s plans for end-to-encryption, we are extremely surprised and concerned by the news that Zoom plans to offer this protection only to paying customers. We understand that Zoom is rightfully concerned about curbing child sexual abuse material (CSAM), but restricting end-to-end encryption to paid accounts is not the right solution.
As your own growth numbers demonstrate, Zoom is one of the most popular video-call platforms available. Recently, Mozilla conducted a U.S.-based survey that reiterated Zoom’s popularity among consumers. In this context, Zoom’s decisions about access to privacy and security features have enormous impact.
We strongly urge you to reconsider this decision given the following considerations:
- Tools like Zoom can be critical to help protesters organize and communicate their message widely. Activists should be able to plan and conduct protest-related activities without fear that these meetings, and the information they include, may be subject to interception. Unfortunately, recent actions from law enforcement – and a long history of discriminatory policing – have legitimized such fears, making end-to-end encryption all the more critical.
- Best-in-class security should not be something that only the wealthy or businesses can afford. Zoom’s plan not to provide end-to-end encryption to free users will leave exactly those populations that would benefit most from these technologies unprotected. Around the world, end-to-end encryption is already an important tool for journalists and activists that are living under repressive regimes and fighting censorship. We recognize that Zoom's business model includes offering premium features for paid accounts, but end-to-end encryption is simply too important to be one of those premium features.
- While we recognize that Zoom is concerned about the potential misuse of its platform, offering end-to-end encryption to paid accounts only is not the solution. Such an approach ultimately punishes a larger number of users – from families using the tool to communicate, to activists using the tool to organize – who would benefit from the security of an end-to-end encrypted system.
- Your rationale for this decision could undermine encryption more broadly at a time when the U.S. Attorney General has publicly battled with companies that refuse to weaken their products’ encryption in order to provide the government a “back door” and while Congress is considering legislation that jeopardizes the future of encryption with the EARN IT Act.
In Mozilla’s letter to you in April, we highlighted our conviction that all users should have access to the strongest privacy and security features available. The value of privacy and security is even more critical today, especially for political organizers and protesters who may be the target of government surveillance.
Thank you for your openness to our previous recommendations – we especially appreciate that you have already made important changes, such as prioritizing user consent to be unmuted. Our hope is that you consider this feedback and immediately adjust course.
Vice President, Advocacy and Engagement
Associate Director of Research
Electronic Frontier Foundation