The Intercept reported that while end-to-end encryption is enabled for text chat in the application, video calls use 256-bit TLS encryption.
This means that Zoom holds the keys to decrypt this data and is able to view your video meetings as this traffic is sent to its servers.
Zoom confirmed to The Intercept that video meetings on the platform are not end-to-end encrypted, stating that “currently, it is not possible to enable E2E encryption for Zoom video meetings”.
The company further explained that the use of the term “end-to-end” encryption is not misleading, as it does not decrypt the data when it moves through its servers.
“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom endpoint to Zoom endpoint,” Zoom said. “Content is not decrypted as it transfers across the Zoom cloud.”
End-to-end vs TLS
The TLS technology which Zoom uses to encrypt its meetings is the same encryption protocol that secures connections to HTTPS websites.
While this does protect the user’s data from being observed or decrypted by attackers on the same Wi-Fi network, it does not prevent Zoom from viewing the unencrypted video and audio of your meeting.
End-to-end encryption, which is used by apps like WhatsApp and Signal, prevents everyone except the recipient from decrypting the data as it is routed through the Internet.
Only the sender and the recipient hold the keys to decrypt this data, ensuring a private and secure connection.
When end-to-end encryption is employed to secure communication, even the company which hosts the servers which the data travels through cannot decrypt and access it.
Zoom told The Intercept that it only collects user data it requires to improve its service. This includes IP addresses, operating system details, and device specifications.
It added that it does not allow employees to view the content of video meetings and it does not sell user data of any kind.
It is important to note, however, that because Zoom does not employ end-to-end encryption for video calls, it may be required to provide authorities with recordings of meetings if it is legally compelled to.