Zoom today announced that it is acquiring Keybase, a 25-person startup, to bolster its end-to-end encryption efforts. This is the company’s first acquisition and comes as part of the firm’s 90-day feature freeze decision to fix security and privacy issues.
The acquisition is aimed at bringing true end-to-end encryption to the service. While the company claimed that its video calls were end-to-end encrypted, reports suggested that it was not actually the case, because the encryption keys were still generated at the company’s servers. This means that the company could decrypt content if it wished to or it was at the risk of being misused within the company.
However, the company says that “for hosts who seek to prioritize privacy over compatibility, we will create a new solution”. According to Keybase’s co-founder (via CNBC), it will take some time for the company’s technology to be baked into Zoom’s systems. The end-to-end encryption technology, however, will be limited only to paying customers.
Zoom also adds that the encryption will not support phone bridges, cloud recording, or non-Zoom conference room systems. Admission for such attendees will depend on the host. The company adds that “the cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys and thereby join the meeting”.
The company added additional security controls as part of a new update and has promised to bring more security features for basic Zoom accounts on May 9. The company has seen a massive increase in adoption ever since the pandemic forced users to work remotely. However, many security and privacy issues in the past have caught the company off guard, including putting it legal trouble.