Zoom Seeks to Deflect Privacy, Security Concerns With Keybase Buy

7 May 2020

Zoom, the popular-by-necessity video conferencing service, has acquired crypto key directory Keybase in a bid to bring end-to-end encryption to its paying customers. 

The acquisition comes at a time when Zoom has been criticized for privacy and security issues, and is part of Zoom’s 90-day push to make the platform more secure. Past privacy issues have included sharing data with Facebook, Zoombombing and claiming calls were encrypted when they were not. The price and terms of the acquisition were not made public. 

“We are working on a detailed cryptographic design to be published by May 22 for public review,” tweeted, Alex Stamos, a former chief information security officer of Facebook who joined Zoom as a consultant. “This will be an open and transparent design process as Zoom builds something both unique and impactful to the privacy of millions.”

See also: Public Opinion Shifts on Big Tech and Privacy During Pandemic

Keybase, the secure messaging and file sharing platform, is taking on a challenging task because multiparty video conferencing is incredibly difficult to encrypt end to end, the process where only the communicating users can read the messages, when a large number of people are involved. It’s the reason so few large group-video conferencing platforms offer it. Facetime and WhatsApp, two services that feature end-to-end encryption, are able to do so for only a couple of people at a time, or in the case of WhatsApp, no more than four individuals can use it at once. End-to-end encryption prevents data such as calls, videos, and text messages from being read by someone other than the sender and recipient, including the platform hosting the communications. 

In a blog post from Keybase announcing the acquisition, the company said it would be in touch if anything changed with the Keybase app. It also laid out what the next immediate steps would be for the company. 

“Initially, our single top priority is helping to make Zoom even more secure,” Keybase said. “There are no specific plans for the Keybase app yet. Ultimately, Keybase’s future is in Zoom’s hands, and we’ll see where that takes us. Of course, if anything changes about Keybase’s availability our users will get plenty of notice.”

The post adds the most immediate actions will be to significantly improve “our security effectiveness, by working on a product that’s much bigger than Keybase. We can’t be more specific than that because we’re just diving in.”

See also: As Pandemic Decimates Startups, Privacy Industry Holds Strong

Currently, the plan is for the end-to-end encryption feature to only be available for paying customers, according to Zoom CEO Eric Yuan’s blog post on the acquisition. This makes it not just a security play but one that may be an incentive for the millions of people who are using the service for free to sign up for these paid services, boosting the company’s bottom line.  Additionally, the post noted Zoom would not build a mechanism to decrypt live meetings for lawful intercept purposes because end-to-end encryption has become the target of law enforcement ire over the years. It’s unclear what this will mean in the long term for the Keybase app, which featured the option of adding a Stellar cryptocurrency wallet for all users and was a popular security tool for the cryptocurrency community.