Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security IT Technology

Zoom Won't Encrypt Free Calls Because it Wants To Comply With Law Enforcement (thenextweb.com) 70

If you're a free Zoom user, and waiting for the company to roll out end-to-end encryption for better protection of your calls, you're out of luck. From a report: Free calls won't be encrypted, and law enforcement will be able to access your information in case of 'misuse' of the platform. Zoom CEO Eric Yuan today said that the video conferencing app's upcoming end-to-end encryption feature will be available to only paid users.
This discussion has been archived. No new comments can be posted.

Zoom Won't Encrypt Free Calls Because it Wants To Comply With Law Enforcement

Comments Filter:
  • And the days before interstate and global everything?

    • by Applehu Akbar ( 2968043 ) on Wednesday June 03, 2020 @09:37AM (#60140118)

      And the days before interstate and global everything?

      You mean the days when getting a long distance phone call meant that someone had died?

      No, I don’t. I appreciate Interstate and global everything.

      • at least Not yet...

        We are discussing the trade off here. There WILL come a point where these luxuries will have cost us our humanity and liberty because they will all be used to monitor us like lab rats.

        This is not a joke and it is very destructive to the human psyche to know for a fact that you are constantly monitored. It changes behavior, it affects both physical & mental health, and it slowly eats away at a nation until it destroys itself.

        Your TV, Thermostat, CellPhone, Computers, Fridge, and your

        • by Rick Schumann ( 4662797 ) on Wednesday June 03, 2020 @10:47AM (#60140484) Journal

          Your TV, Thermostat, CellPhone, Computers, Fridge, and your DoorBell are going to be used to keep track of you and spy on you.

          Only if you're stupid enough to buy Internet-of-Things everything, and actually connect them to the goddamned internet.

          • by SirAstral ( 1349985 ) on Wednesday June 03, 2020 @11:01AM (#60140568)

            Again... for now.

            Wait until those are the ONLY things you can buy and of course they will not work until you connect them. Especially when regulations for those things go into effect... and you can bet that people will ask for them.

            Yes, we have a ways to go, but like all acts of tyranny, it takes a while to build it up.

            How easy is it now to buy a non-smart TV? Sure you can refuse to connect it to the internet but you also lose features like voice control with your remote. Notice that many TV's don't even have control panels other than just a single button to power it on or off and in order to adjust things with it becomes a "session".

            Slowly, but surely, the things I have said will come to pass and when they are done... well lets just see how bad it's going to be. You can easily turn people into willful slaves if you keep them fed and entertained, especially when you give them the illusion of freedom. Perception is reality after all!

          • Your TV, Thermostat, CellPhone, Computers, Fridge, and your DoorBell are going to be used to keep track of you and spy on you.

            Only if you're stupid enough to buy Internet-of-Things everything, and actually connect them to the goddamned internet.

            You're assuming you'll have a choice. You won't. And it's easy enough to ban old appliances by simply passing laws that outlaw them under "environmental concerns".

        • by Ungrounded Lightning ( 62228 ) on Wednesday June 03, 2020 @11:16AM (#60140662) Journal

          Your TV, Thermostat, CellPhone, Computers, Fridge, and your DoorBell are going to be used to keep track of you and spy on you.

          Also the doorbell of the guy across the street, which is pointed into your yard and street-facing windows.

          Some states have laws that limit video surveillance cameras and microphones. Ring says mounting their networked high-res-camera doorbell button so it obeys them is the job of the customer. But it apparently doesn't provide any warning about the risk of breaking these laws, let alone a handy summary of them, with the product.

          • Comment removed based on user account deletion
            • When you setup a Ring device, you can setup ...

              What's that got to do with how your neighbor sets up his? Or whether he even knows it's possible? Or whether the software behind it actually honors the settings? Or whether the settings can be overridden by law enforcement or Ring's operation? Or whether the settings are implemented by retrieval filtering in Ring's cloud database, which could be overridden retroactively by Ring or law enforcement? Or hacked by intelligence agencies, crooks, blackmailers,

        • by kqs ( 1038910 )

          This is not a joke and it is very destructive to the human psyche to know for a fact that you are constantly monitored. It changes behavior, it affects both physical & mental health, and it slowly eats away at a nation until it destroys itself.

          See, I don't buy that.

          I was one of six kids growing up. Everyone knew what everyone was doing; there was no privacy. Then I went to college where I lived in the dorm; there were two people per room and two big bathrooms for the whole floor (maybe 40 people per bathroom?). Again, no secrets. I didn't like it; I prefer privacy. But it's not an anti-human condition that "slowly eats away at a nation until it destroys itself".

          A few hundred of years ago, my parents and 6 kids would have lived in a one-room

    • I miss the slower way of life. I like the convenience of today. I miss the face to face living. I like the ability to shop online.

    • Aside from the stillness that's disturbed by today's cell towers and that, I miss a good sense of humor. Lots of people used to laugh so much back in the day. Today there are a lot of mental blocks imposed by society as it is. Lots of topics exist and everyone feels like they're supposed to have an opinion on all of it. Comedians are the ones that are able to sit out the opinion part, and make fun of it all, but at it's roots. Comedians, the good ones, get to the root of the subject, and bring about th

  • So... (Score:4, Informative)

    by Immerman ( 2627577 ) on Wednesday June 03, 2020 @09:08AM (#60139976)

    So, what I'm hearing is that you have to PAY to "misuse" their platform.

    Wish I could say I was surprised.

    • Re:So... (Score:4, Interesting)

      by Hydrian ( 183536 ) on Wednesday June 03, 2020 @09:14AM (#60140008) Homepage
      It makes it harder (but not impossible) for misuse. With free accounts, any Tom/Dick/Jane can sign up for an account. This makes it easy for people to not track things back to you. If you have payment information, misuse can more easily be traced back to the misusing user/person/group.
      • If you have payment information, misuse can more easily be traced back to the misusing user/person/group.

        .... except the paid accounts usage is encrypted which makes it far, far more difficult to even detect misuse much less trace it back to anyone.

    • by fermion ( 181285 )
      Or find something else. Zoom is a toy. It is like MS Windows in the 1990s through ME. Toys are simple and fun to use.
    • by DeVilla ( 4563 )
      Hey! If you want them to be your accomplice, you have to cut them in. It's like buying a safe deposit box with a "help me escape out the back if the police arrives" clause.
  • Really? (Score:4, Insightful)

    by SwashbucklingCowboy ( 727629 ) on Wednesday June 03, 2020 @09:09AM (#60139980)

    Sounds like total bullshit to me, it's as if he's saying "if you pay us money we're willing to fight law enforcement." I'm sure that message goes over great with LE.

    • Re:Really? (Score:5, Interesting)

      by Synonymous Cowered ( 6159202 ) on Wednesday June 03, 2020 @09:18AM (#60140028)

      Yes, it does sound like bullshit. If you say 1) "fuck law enforcement...everything should be secure", that makes sense. If you say 2) "fuck security...law enforcement should be able to access everything", that makes sense (though I'd disagree). If you say flat out 3) "we know you want security, so we're gonna milk it...pay us money if you want it", that makes sense.

      But to take this weird middle...we need to comply with law enforcement but we somehow don't if you pay us money...that's just bullshit. It's clear they're choosing #3 above, which is fine, but they're too chickenshit to just flat out admit why they're doing it.

      • Re:Really? (Score:4, Interesting)

        by mysidia ( 191772 ) on Wednesday June 03, 2020 @09:28AM (#60140074)

        Perhaps they are not saying "f' that" to EITHER law enforcement or security. But they are concerned about End to End encryption being a feature ripe for abuse, And they deem the risk to be higher with free accounts Or harder to police on their systems with the combination of End-to-End encryption AND Free access to their system infrastructure.

        Without End-to-End, then they facilitate easier investigations of potential Abuse... while investigating abuse of Paid accounts would still be possible; it becomes harder in one respect,
        BUT easier in another respect... At least with a paid account, there should be some verifiable identification of the account holder due to the use of a digital payment from a credit card, etc.

    • Re:Really? (Score:5, Informative)

      by ceoyoyo ( 59147 ) on Wednesday June 03, 2020 @10:45AM (#60140466)

      Fighting law enforcement is costly. The sensible approach for a company is to not do so unless they can make more money than it costs.

      Trusting companies to take ideological stands is what's bullshit. They may appear to, if they think it will generate profit, and they may actually do so if they have a crazy majority shareholder, but you shouldn't expect them to.

      • Sure. But if they end-to-end encrypt everything properly, such that even Zoom themselves can't access the communications; then it becomes simple and cheap. All they need is a form letter: "All zoom calls are encrypted end-to-end. The users generate and retain their own keys. Too bad. So sad. Go pound sand." With this half-measure, they still have to waste time and money dealing with LEOs and courts and their subpoenas and warrants for some (Perhaps even the majority... Is there public data on the num

        • by ceoyoyo ( 59147 )

          Sure. There are lots of stories about how well that works. Like when Apple told the FBI to pound sand. The FBI totally said "yeah, that's reasonable, it's great that we have upstanding companies protecting people's rights." The US government and FBI didn't condemn Apple at all, and certainly didn't sue them.

    • Yes, it's bullshit with a crunchy hypocrisy coating dusted with a bit of the finest poppycock.

  • Do you REALLY think a company with ties to China and has seen their stock go up as much as it has be trusted at all?
    • by waspleg ( 316038 ) on Wednesday June 03, 2020 @09:23AM (#60140054) Journal

      This. I read the article. It doesn't specify WHOSE law enforcement. Even encrypted, they do not do end to end and will MITM anything for Daddy Xi and the CCP.

      I'm certain there are millions of people using this who have no idea it's not safe and probably millions more who don't care ("it's just my book club, it's just my cooking show", etc). Fucking sad state.

      • by DewDude ( 537374 ) on Wednesday June 03, 2020 @09:28AM (#60140076) Homepage
        So Im in a position where I'm president of a hobbyist club. We had to go virtual meetings. Everyone was going on and on about Zoom. But I refuse to use it, which is a problem because I have to run meetings. So I run Jitsi. I make everyone use Jitsi. It's on my hardware and has end to wnd encryption.

        Only fools pay others for what they can do themselves.
        • by waspleg ( 316038 )

          I pretty much begged my large inner city school district to use Teams (which we already have) or Jitsi, which got escalated up 2 levels of management for Zoom being a security threat, CIO even linked the FBI warning to C suite and we were completely ignored because FREE/POPULAR which is all school districts care about. Endangering kids? Who cares. We do use Teams but we're forced to support Zoom as well across a variety of platforms and it sucks.

        • by trawg ( 308495 )

          I am not sure that Jitsi is currently e2e encrypted by default - last I saw it was only accessible via opt in [jitsi.org] - unless it's changed in the last couple of months I think the default is not e2e as it's decrypted on the bridge [github.com].

  • by v1 ( 525388 ) on Wednesday June 03, 2020 @09:11AM (#60139990) Homepage Journal

    So we have the option to pay to avoid law enforcement on their platform? Is that really the excuse they're using?

    Seems to me more like "If you want the warm fuzzy of thinking you have privacy even if you don't really get it, you're going to pay to PAY for it!"

    Seems to me more like option B.

    And I'm pretty sure somebody's panties would be in a twist if they were actually selling legitimate protection from law enforcement. But I suppose that depends on whether or not Zoom keeps the end-to-end keys on their server, ready for handing out by subpoena. Anybody know?

    • by mysidia ( 191772 )

      Its more like Pay for a feature for the truly paranoid that they didn't have to implement anyways... For most meeting platforms; Encryption of the transport between the user and the server containing all the web traffic and video+audio feeds is plenty

    • by AmiMoJo ( 196126 )

      If you pay they have your details - name, billing address, credit card. I'm sure they will hand that straight over to police if asked.

    • More like paying for legal defense. If your call is encrypted and it’s designed so that Zoom doesn’t have the keys (as good E2E encryption should be), Zoom has to defend against every search request, warrant, and lawsuit by government officials. However, if you are not a paying customer, that’s additional cost on an already free product. It’s just easier not to encrypt those calls.
    • There's no such thing as "avoid law enforcement" judges from both sides of the isle hands out warrants like pez they just have to shop around for an easy judge.

      I don't care if your on a paid account if an agency knocks with a proper warrant they will hand the data over.

  • If they want to comply with the law, then there is ZERO reason to cypher paid calls. Instead, they are adding end-to-end encription as an extra to make users pay for the full product, because it is a requirement in their feature checklist.

    Weird.

    • by PPH ( 736903 )

      then there is ZERO reason to cypher paid calls

      To keep a competitor from listening in to your companies strategy meetings perhaps? Or Senators sitting on intelligence committees from front-running your companies shares?

    • dafuq, lots of people want end-to-end encrypted communications

  • Law Enforcement isn't the Law.

  • So for a fee, Zoom is willing to assist pedofiles, organized crime, and other people of interest to law enforcement? I wonder if they are also looking to provide guns with serial numbers filed off or other tools criminals require. It could become a one stop shop.

    I can see a great new marketing campaign: "Zoom - Where the Criminal Underworld Shops" --(taxes and fees may apply)

    • Comment removed based on user account deletion
      • Except for the fact that it's trivial to use a fake name/address and buy a disposable Visa/Amex/Mastercard card from most major retailers. So again, for a price they will assist someone to evade law enforcement.

        • Except for the fact that it's trivial to use a fake name/address and buy a disposable Visa/Amex/Mastercard card from most major retailers. So again, for a price they will assist someone to evade law enforcement.

          If that becomes an issue they could simply refuse VISA/MC/AMEX prepaid cards, since, IIRC, those can be identified via the card numbers.

  • Means a knee on your neck, Zoom is complicit in the police state.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Having lived in an actual police state I can assure you, this is not it.

  • Seems as simple as that, Zoom is enabling the wealthy to ignore the law, but refuses to provide the same service to the poor.

    Yeah, stupid idea. Either take a stand that citizens are entitled to strong privacy and give it to all users, or take a stand that the police are entitled to verify you are not breaking the law and offer weak privacy.

  • by Atrox Canis ( 1266568 ) on Wednesday June 03, 2020 @09:39AM (#60140132)

    Zoom won't encrypt communications between users of the free version because they want to make money and encryption is a compelling additional feature. The marketing pitch is that you won't be protected from police if you go the free route. This is a good business strategy and nothing more.

    • In addition, there is traceability and accountability with registered paying customers (billing address, tax #, etc.) if law enforcement needs to get involved - you may not know what is being said, but you know at least who is participating. With free and encrypted you know nothing. I doubt a for-profit corporation will assume this kind of liability.

      • by marcle ( 1575627 )

        It's the accountability that's the reason for this. Anonymous, free, and encrypted Zooming would not only upset law enforcement, but would expose them to a lot of potential liability.

        A paid account is no longer anonymous. And you can still use Zoom for free if you want.

        If you think you're being targeted by law enforcement, or plan on doing something (like protesting) that might make you a target, don't say anything incriminating on Zoom. Or Facebook. Or Twitter. Or your cell phone. Or...

        There are still ways

  • Seems kind of foolish to me. So now they have created the situation where they have to reply to Billy Barr requests for decryption keys by carrying out an investigation and responding appropriately. That response will be either (a) "here you go Billy, here is what you wanted, go put that in your backdoor"; or, (b) "sorry Billy, you are shit out of luck we do not have that information".

    From a strictly cost point of view they should end-to-end encrypt everything so they can just send one form letter that t

  • Or as they say, you are free...to do as we tell you.
  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Wednesday June 03, 2020 @10:23AM (#60140356) Journal

    If Zoom really wanted to "comply with law enforcement", then it shouldn't matter one iota whether a user was a free or paid user with regards to the usage of encryption.

    I've seen this kind of shit plenty of times. Companies that try to pass off their own policies as a requirement that the law is forcing them to do really piss me off... at best they miseducate the public about what the law actually says, and only come across as too cowardly to take responsibility for their own decisions.

  • *People* use Jitsi (Meet) anyway.

    Livestock uses Zoom, and likes it too.

  • I'm staying off of this garbage.

    Let a judge decide if the police should have access.

    I'm not going to give it to them by joining Zoom.
  • What is it, you want to comply with Law Enforcement, or you want to comply with law enforcement only for those who don't pay for the premium service? "Something's rotten in the state of Denver, Dad." --Kelly Bundy

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...