What you need to know
- Zoom CEO Eric Yuan this Thursday announced that his company was acquiring Keybase.
- The latter is a cybersecurity startup with an expertise in encryption.
- The goal of the acquisition is to help Zoom implement end-to-end encryption in its own platform.
Zoom's unprecedented growth spurt as a result of the ongoing pandemic hasn't been without its challenges, chief among them being the lacking state of its security architecture. To allay those concerns, the company this week announced its intention to acquire Keybase, a cybersecurity startup that specializes in secure, encrypted communications.
The accompanying press release reads:
We are proud to announce the acquisition of Keybase, another milestone in Zoom's 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase's team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase's team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability.
While Zoom does offer encryption in transit — i.e., between your device and Zoom's servers — and it recently even upgraded to a more secure encryption standard, the company does not currently provide end-to-end encryption, which means that information is encrypted on the sender's device and can only be decrypted by the receiving device; even Zoom, in such a case, would not be able to determine the contents of the communication as it passes through the company's servers.
This holds obvious appeal for enterprise customers, and they are Zoom's primary target market in this regard. "Zoom will offer an end-to-end encrypted meeting mode to all paid accounts," the company says of its future plans following the acquisition.
It, then, goes into more detail about the implementation of such an encryption system, the details of which you can read here, and also clarifies a significant limitation that comes as a result of the heightened security: phone bridges, cloud recording, and non-Zoom conference room systems will all be disabled for end-to-end encrypted calls.
The company hopes to present a draft cryptographic design by May 22, though how long it'll take before the feature ultimately goes live is unknown at the moment.