Zoom's Endeavor in Building End-to-End Encryption: An Industry Perspective

As the COVID-19 pandemic forced many who could into working from home, Zoom’s user base went from primarily companies with IT support teams on standby to teachers and students, parents, and anyone seeking a way to stay in touch with friends and family.

This spike in consumer usage wasn’t without hiccups. The rise in “zoombombing”, for example, prompted Zoom to enact a 90-day feature freeze to focus the company’s engineering resources on the platform’s privacy and security.

At our February privacy_infra() meetup for privacy engineers, Zoom security engineer Merry Ember Mou, gave us a deep dive into one such effort resulting from that focus; the technical challenges of building end-to-end encryption (or E2EE) into the company’s meeting platform.

Scroll down to watch Merry’s full talk.

Prior to Zoom rolling out E2EE, the encryption available for a Zoom call was limited to between meeting participants and Zoom’s servers, leveraging a server-managed meeting encryption key. This is in contrast to the trust model for end-to-end encryption which requires that the encryption key be user generated. Zoom’s privacy commitment set the stage for Mou and their team’s work.

Zoom is taking a phased approach to their end-to-end encryption rollout to optimize for quality along the way. In their talk, Mou explained how Zoom’s end-to-end encrypted meetings rely on a series of key exchanges and verifications.

Each Zoom user has a long term, device specific key, and for each end-to-end encrypted meeting the user securely posts that key to the server which allows them to generate and sign an ephemeral, and meeting specific key. The user specific signed binding gets shared with everyone in the meeting. In order for users to securely join meetings the leader of the meeting must compute a Diffie-Hellman shared secret key generated from the leader’s and their own private keys.

When a participant, or the leader, leaves or joins the meeting, the meeting key is automatically rotated to a new random meeting key so that participants can only decrypt the parts of the meeting they were in. How does the leader know when a participant leaves or joins? The leader sends out regular “heartbeats” at least every 10 seconds. A participant will drop out of the meeting if it misses enough “heartbeats” from the leader.

At the end of the day, the driving force behind end-to-end encryption and a focus on security for Zoom is the user. To Mou and her team, “Is it secure?” is never a yes or no question. Instead, the answer is much more individualistic from user to user or even meeting to meeting.

“Whomever it might be with the answer also depends on your assumptions and at every stage of our work, how well those assumptions are communicated to and validated by end users.”

Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() event series, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal here.