Providing end-to-end encryption within dynamic multi-party applications like large scale video collaboration platforms is not an easy thing to do, but is critical for establishing even the most basic assurance of digital privacy in online communications.
E2E encryption is generally understood in the cybersecurity field to preclude the ability for any intermediary parties in between end user correspondents (including service providers and infrastructure hosts), to read ‘in-the-clear’ application data (ie. watch and listen to video-conference streams/read IMs/files/documents etc.)
Rendering end user application data unreadable to the service provider and infrastructure host organizations which run modern cloud application platforms provides key privacy capabilities which are essential for any business wanting to assure that remote collaboration channels are secure (this should be most organizations). There really is no substitute for E2E in public cloud environments.
Fair questions around Zoom’s claims regarding the encryption capabilities of it’s video conferencing platform have been raised by The Intercept…
For a Zoom meeting to be end-to-end encrypted, the video and audio content would need to be encrypted in such a way that only the participants in the meeting have the ability to decrypt it. The Zoom service itself might have access to encrypted meeting content, but wouldn’t have the encryption keys required to decrypt it (only meeting participants would have these keys) and therefore, would not have the technical ability to listen in on your private meetings. This is how end-to-end encryption in messaging apps like Signal work: The Signal service facilitates sending encrypted messages between users, but doesn’t have the encryption keys required to decrypt those messages and therefore, can’t access their unencrypted content.
“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients. “The content is not decrypted as it transfers across the Zoom cloud” through the networking between these machines.
Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That’s because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it’s unencrypted.