What price privacy? Zoom is facing a fresh security storm after CEO Eric Yuan confirmed that a plan to reboot its battered security cred by (actually) implementing end-to-end encryption does not in fact extend to providing this level of security to non-paying users.
This Zoom 'premium on privacy' is necessary so it can provide law enforcement with access to call content, per Bloomberg, which reported on security-related remarks made by Yuan during an earnings call yesterday, when the company reported big gains thanks to the coronavirus pandemic accelerating uptake of remote working tools.
“Free users for sure we don’t want to give [e2e encryption] because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said on the call.
Security experts took swiftly to Twitter to condemn Zoom's 'pay us or no e2e' policy.
👀 This is a bizzare policy to say the least. Zoom. Perhaps it should have said “Y’all free users are just potential criminals. Y’all don’t deserve e2e protection” https://t.co/HKKFWHk8Mn
— Privacy Matters (@PrivacyMatters) June 3, 2020
remember unless you want to pay for zoom, they’ll be happy to hand over your calls to the feds. it doesn’t matter how good the crypto is if you can’t turn it on. e2e encryption for ALL users. https://t.co/Nh7W40zXoE
— Charlie Miller (@0xcharlie) June 3, 2020
— Jesse Cooke (@jc00ke) June 3, 2020
EFF associate research director, Gennie Gebhart, also critically discussed Zoom's decision to withhold e2e encryption for free users in a Twitter thread late last month, following a feedback call with the company -- criticizing it for spinning what she characterized as pure upsell as a safety consideration.
It's a nuance-free cop-out to blanket-argue that 'bad things happen on free accounts', she suggested.
You heard that right, activists, journalists, organizers, and cash-strapped non-profits of the world: Zoom *could* offer you best-practice security, but it won't, because you might be a child pornographer. Better luck next time.
— Gennie Gebhart (@jenuhhveev) May 28, 2020
Fast forward to today and a tweet about the report of Yuan's comments written by Bloomberg technology reporter, Nico Grant, triggered an intervention by none other than Alex Stamos -- the former Facebook and Yahoo! security executive who signed up by as a consultant on Zoom's security strategy back in April days after the company had been served with a class action lawsuit from shareholders for overstating security claims.
Stamos -- who was CSO at Yahoo! during a period when the NSA was using a backdoor to scan user email and also headed up security at Facebook at a time when Russia implemented a massive disinformation campaign targeting the 2016 US presidential election -- weighed in via Twitter to claim there's a "difficult balancing act between different kinds of harms" which he said justifies Zoom's decision to deny e2e encryption for all users.
Will this eliminate all abuse? No, but since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm.
Curiously, Stamos was also CSO at Facebook when the tech giant completed the roll out of e2e encryption on WhatsApp -- providing this level of security to the then billion+ users of its free-to-use mobile messaging and video chat app.
Which might suggest Stamos' conception of online "harms" has evolved considerably since 2016 -- after all, he's since landed at Stanford as an adjunct professor (where he researches "safe tech"). Although, in the same year (2016), he defended his employer's decision not to make e2e encryption the default on Facebook Messenger. So Stamos' unifying thread appears to be being paid to defend corporate decision-making while applying a gloss of 'security expertise'.
His latest Twit(n)ter-vention runs to type, with the security consultant now defending Zoom's management's decision not to extend e2e encryption to free users of the product.
But his tweeted defence of AES encryption as a valid alternative to e2e encryption has attracted some pointed criticism from the crypto community -- as an attack on established standards.
Some facts on Zoom's current plans for E2E encryption, which are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues.
The E2E design is available here:https://t.co/beLdeAwMSM
— Alex Stamos (@alexstamos) June 3, 2020
Nadim Kobeissi, a Paris-based applied cryptography researcher -- who told us that his protocol modelling and analysis software was used by the Zoom team during development of its proposed e2e encrypted system for (paid product) meetings -- called out Stamos for "insisting that AES encryption, which can be bypassed by Zoom Inc. at will, qualifies as real encryption".
That's "what's truly misleading here", Kobeissi tweeted.
Stamos is replying to people calling out Zoom's lack of e2e encryption for free tier by calling their takes "misleading", insisting that AES encryption, which can be bypassed by Zoom Inc. at will, qualifies as real encryption. Which, of course, is what's truly misleading here. pic.twitter.com/WH67gKwAit
— Nadim Kobeissi (@kaepora) June 3, 2020
In a phone call with TechCrunch, Kobeissi fleshed out his critique, saying he's concerned, more broadly, that a current and (he said) much needed "Internet zeitgeist" focus on online safety is being hijacked by certain vested interests to push their own agenda in a way that could roll back major online security gains -- such as the expansion of e2e encryption to free messaging apps like WhatsApp and Signal -- and lead to a general deterioration of security ideals and standards.
Kobeissi pointed out that AES encryption -- which Stamos defended -- does not prevent server intercepts and snooping on calls. Nor does it offer a way for Zoom users to detect such an attack, with the crypto expert emphasizing it's "fundamentally different from snooping-resistant encryption".
Hence he characterized Stamos' defence of AES as "misleading and manipulative" -- saying it blurs a clearly established dividing line between e2e encryption and non-e2e.
"There are two problems [with the Zoom situation]: 1) There's no e2e encryption for free users; and 2) there's intentional deception," Kobeissi told TechCrunch.
He also questioned why Stamos has not publicly pushed for Zoom to find ways to safely implement e2e encryption for free users -- pointing, by way of example, to the franking 'abuse report' mechanism that Facebook recently applied to e2e encrypted "Secret Conversations" on Messenger.
"Why not improve on Facebook Messenger franking," he suggested, calling for Zoom to use its acquisition of Keybase's security team to invest and do research that would raise security standards for all users.
Such a mechanism could "absolutely" be applied to video and voice calls, he argued.
"I think [Stamos] has a deleterious effect on the kind of truth that ends up being communicated about these services," Kobeissi added in further critical remarks about the former Facebook CSO -- who he said comes across as akin to a "fixer" who gets called in "to render a company as acceptable as possible to the security community while letting it do what it wants".
We've reached out to Zoom and Stamos for comment. Update: Stamos has now sent this response to Kobeissi's criticism of his defence of AES, writing: "The free tier is encrypted on the wire, just like WebEx, Meet, Teams and other competitors. Just as with those companies, servers have access to the encryption keys to allow for things like phone bridges, room services and in-cloud transcription. The tweet thread and the paper I linked to make this all perfect clear and are accurate."
"[Facebook] Messenger's franking system addresses an important issue, allowing for hosts to report bad activity in a cryptographically secure way. We are looking at the Messenger design as we build host reporting. This is important to deal with 'Zoombombings', especially when the disruptors do something really harmful," Stamos added when asked about the possibility of implementing a similar mechanism on Zoom's platform.
"But that doesn't address a whole other safety issue, which is the creation of short lived self-service accounts that then host really harmful meetings for strangers, the worst being the live abuse of children. Right now, Zoom's T&S team can enter a small number of meetings that are very high risk but a proper E2E design (like we have proposed) would stop that."