Zoom has announced its acquisition of Keybase, as part of their 90-day plan to further strengthen the security of the Zoom video communications platform. Integrating Keybase into the Zoom family will enable Zoom to continue on their road of creating a truly private video communications platform.
What is Keybase?
Keybase is a secure messaging and file-sharing service, built on its team’s deep encryption and security expertise. Launched in 2014, Keybase has been designed to share and store photos, videos, and documents with end-to-end encryption, ensuring that all information shared remains private.
Zoom and Keybase
Zoom’s acquisition of Keybase marks a key step for Zoom as they create a fully secure and private video communications platform, all whilst enabling scalability for hundreds of millions of participants and having the flexibility to support the wide variety of uses that Zoom has. Zoom’s goal is to provide the most privacy possible for every use case, alongside balancing the needs of users and Zoom’s commitment to preventing harmful behaviour on their platform. The experience of Keybase’s team will be critical to making this a reality.
Zoom Encryption Today
Currently, all audio and video that flows through Zoom clients (such as Zoom Rooms, laptops, and smartphones that run the Zoom app) are encrypted at each sending client device. They are not decrypted until reaching the recipients’ devices. The encryption keys for each meeting are currently generated by Zoom’s servers. Some widely used features such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies will always require Zoom to keep some encryption keys in the cloud. However, Zoom is creating a new solution that will offer hosts the ability to prioritise privacy over compatibility.
The Future of Zoom Security
Zoom has pledged the following changes to increase the future privacy and security of their platform:
“Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees. An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees. The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys and thereby join the meeting. We are also investigating mechanisms that would allow enterprise users to provide additional levels of authentication.
These end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host. Encryption keys will be tightly controlled by the host, who will admit attendees. We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises.”