Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto

reader comments

38 with 37 posters participating

Richard Blumenthal, the US senator sponsoring a bill that critics say will limit the use of encryption, is calling for an investigation of video-conference provider Zoom, in part over its false claim it offered… end-to-end encryption.

The Connecticut Democrat is a sponsor of the EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act bill that would create incentives for companies to make changes to their platforms. In return, the companies would receive liability protections for any violations of laws related to online child sexual abuse material. Critics of the proposed law, who include the Electronic Frontier Foundation and Sen. Ron Wyden (D-Ore.), say it’s a Trojan horse designed to allow the government to weaken end-to-end encryption. A Blumenthal representative disagrees with the characterization and says the bill doesn’t hamper encryption.

A pattern of privacy infringements

Citing a “pattern of security failures & privacy infringements,” Sen. Blumenthal on Tuesday called for the FTC to investigate Zoom. Chief among cited privacy infringements is the claim on the Zoom website that meetings were end-to-end encrypted, meaning video, audio, and text was encrypted at all times in transit, and couldn’t be decrypted by Zoom or anyone else, other than conference participants. A post published last week by The Intercept reported that Zoom meetings, in fact, used what’s usually called transport encryption, which allows Zoom to decrypt meeting data.

Researchers from Citizen Lab, the University of Toronto group that investigates security and hacking, further reported serious weaknesses in Zoom’s encryption regimen. One flaw was that Zoom “rolled its own”

Continue reading – Article source