90-Day Security Plan Progress Report: May 13
As we approach the halfway mark in our 90-day plan to improve the security and privacy of our platform, this week’s “Ask Eric Anything” webinar focused on security updates in Zoom 5.0.2 and Zoom’s recent acquisition of Keybase, a startup with deep expertise in encryption and security.
Zoom CEO Eric S. Yuan was joined by Zoom CPO Oded Gal, Zoom CTO Brendan Ittelson, and Zoom’s new Head of Security Engineering Max Krohn for this week’s Q&A session.
Updates from the past week and upcoming plans over the next few weeks:
Key takeaways from this week’s session
Zoom acquires Keybase
Zoom last week announced the acquisition of Keybase and plans to build an end-to-end encrypted meeting mode to all paid accounts. Max Krohn, the co-founder of Keybase, will help lead those efforts as Zoom’s Head of Security Engineering. We plan to publish a detailed draft cryptographic design of our end-to-end encryption offering on May 22 and solicit feedback from civil society, cryptographic experts, and customers to evaluate for the final design.
Reminder on Zoom 5.0
Zoom 5.0 became generally available on April 27, and a system-wide account enablement to AES 256-bit GCM encryption will occur on May 30, 2020. Only Zoom clients on version 5.0 or later, including Zoom Rooms, will be able to join Zoom Meetings starting that day. We urge all users to update to Zoom 5.0 or higher today, if you have not done so already. Zoom admins should visit our IT administrators page to manage this update in their environment. Users can preview the GCM experience at zoom.us/testgcm.
Here are some of the webinar attendee questions that were addressed live this week:
With the acquisition of Keybase, what happens to the existing Keybase product?
Max explained that the most immediate goal is to assist Zoom’s large customer base by creating a more secure meeting experience. The Keybase product will still be active, but new features may roll out more slowly.
Does Zoom expect participant levels to cap out with end-to-end encryption?
While end-to-end encryption provides a more complex security environment, Max explained that there shouldn’t be a scale ceiling, and that Keybase’s technology will be able to effectively scale for the largest Zoom meetings.
How does Zoom balance ease of use with security?
With a recent influx of first-time users, we are focusing on providing security settings that are easy to use for both first-time users and existing enterprise customers to give everyone an experience that is both frictionless and highly secure.
Will users be able to join end-to-end-encrypted meetings via phone?
While phone users can still join meetings using traditional PSTN phone lines, they will not be able to join meetings with end-to-end encryption this way.
What are Zoom’s plans for June?
In addition to working on our end-to-end encryption plans, we will focus on enhancements to the Waiting Room feature, passwords, and more ways to leverage these two features together. We’re also exploring additional screen share controls for meeting hosts.
How long will it take to update my client to version 5.0?
It should take less than a minute to update your desktop or mobile client. For larger enterprise-wide implementations, the length of time depends on how IT admins have configured Zoom. Enterprise IT admins should visit our resource page on updating all of their Zoom endpoints, and reach out to their CSMs if they have questions.
Can you exclude the chat from the meeting recordings?
Recording to the cloud allows you to choose what media streams you want to see in the recording. (See the image below, or view the cloud recording support article.) If you do include chat, the recording will only include chats sent to everyone in the meeting. The host and participants’ private chats are not recorded.
Thank you for your support
Thanks for attending this week’s session, and thank you to everyone who submitted questions! We are grateful for your support on our journey to make Zoom the world’s most secure enterprise communications platform.
If you missed this week’s session, you can watch the recording here: