Oklahoma Bar Association

Home  |  Members  |  Resources  |  About

Management Assistance Program

Want an Encrypted Zoom Connection? There’s Going To Be a Paid Subscription Required for That. (June 5, 2020)

Executive Summary: If you want end-to-end encryption (E2EE) on your Zoom meetings, you will need to have a paid subscription. Many privacy advocates are criticizing Zoom for not protecting the non-paying public. But for lawyers using Zoom, the relatively minor expense of Pro subscriptions to have E2EE (and other features) makes this a very easy business decision.

As sheltering in place elevated Zoom videoconferences from “never heard of Zoom” to “it’s my lifeline” for many, there were a lot of breathless articles published about Zoom’s failings and security shortcomings. Many of the problems were user error. But Zoom team had not envisioned its rapid rise from fun videochatting app to important business tool. Many internal business conversations require better security. Zoom went to work on that.

So, the more secure Zoom 5.0 is now out and is a required update. You can opt out of your data being routed through a data server in China. (In fact, if you did nothing it, this opt out apparently has been done for you.)

No one really cares if their Zoom chat with grandma is secure, but lawyers do care about confidentiality and so end-to-end encryption (E2E) is a big deal for our profession. But it is also important for many other businesses with trade secrets. So, Zoom’s upcoming launch of end-to-end encryption has been followed closely. Zoom recently released a white paper, E2E Encryption for Zoom Meetings. It is a technical read, but the threat analysis should be interesting to many.

Bottom line for Zoom-using lawyers. Pay the subscription fee for a Pro plan at $149.90 per year. Larger firms may opt for the Business plan. It is relatively unlikely your Zoom meeting will be hacked or compromised. But if there is any issue, you want to be able to say you paid for the E2E encryption. I should also note that Oklahoma judges are not approved to use Zoom at this time due to those security concerns.

If you want to read more, a critique entitled Zoom defenders cite legit reasons to not end-to-end encrypt free calls at Ars Technica began:

“If you’ve waded into Twitter timelines for security and privacy advocates over the past five days, you’ve no doubt seen Zoom excoriated for its plans to enable end-to-end encrypted video conferencing solely for paying customers. Zoom’s millions of non-paying users won’t receive the protection so that the company can monitor meetings for child-abuse activity and other types of illegal and disturbing content, executives said.”

Famous internet security expert Bruce Schneier posted Zoom’s Commitment to User Security Depends on Whether you Pay It or Not. You have to chuckle at his hypothetical example:

“This is just dumb. Imagine the scene in the terrorist/drug kingpin/money launderer hideout: ‘I’m sorry, boss. We could have have strong encryption to secure our bad intentions from the FBI, but we can’t afford the $20.’ This decision will only affect protesters and dissidents and human rights workers and journalists.”

For more about how Zoom works, see our OBA Crisis Tips video posted April 16, 2020 Zooming in on Zoom

It’s not my place to say whether this is a bad decision for Zoom’s business or for online privacy generally. What I can say is this is an easy decision for lawyers using Zoom for any client matters, once E2E is available.