Earlier this week, a report came out that the video conferencing provider, Zoom, would be providing End-to-End-Encryption (E2EE) but only for paying customers. They’ve made a case that because “bad” people would use encryption to do “bad” stuff, they want those who want E2EE to use a paid service.
What an absolutely poor business decision. You cannot have selective security. This tantamounts to saying the we only offer HTTPS access to our server to those who pay for our contents and those who don’t pay, go to the HTTP site.
Here are two threads, one on yc and the other on twitter that have some interesting details, but suffice to say that Zoom feels that they have to work with law enforcement in case there are reports of abuse of Zoom sessions and wth the “free” service they can’t.
It is confusing to read it. The assumption Zoom seems to be making is that those who want to do illegal things are not able to pay for a e2ee’d system. Yes, there will be the dumb ones, but those who want to be deliberate, will pay.
Let’s think this through. When the service is paid for, there will be a trail. Does Zoom think that those who want to use the system to do bad things will leave a trail that can be traced back to the actual perpetrators? How naive is Zoom?
What would be the case if Android or iPhones had selective security of the OS based on what you paid for the phones?