Zoom acquires encryption startup Keybase to help make video calls more secure
Video conferencing service Zoom is acquiring Keybase, a startup that will help it implement end-to-end encryption to protect calls from unwelcome guests and clandestine monitoring.
Financial terms of the deal, negotiated over Zoom calls amid shelter-in-place orders, were not disclosed.
As coronavirus drives vast swathes of economic and social life online, Zoom usage has exploded from 10 million daily meeting participants in December 2019 to 300 million by the end of April 2020. But that explosion has exposed security weaknesses in the videoconferencing software. A wave of so-called ‘Zoom bombings’, in which uninvited guests disrupted video calls, were particularly embarrassing, and led some schools and businesses to ban the software.
In early April, Zoom responded by announcing that it would freeze new features and focus its resources on a 90-day push to enhance its security. Though it already offers some encryption, Zoom says the Keybase acquisition will help it completely redesign how it encrypts calls. For instance, in Zoom’s current design, the codes used to encrypt a secure call are generated by Zoom’s own servers, which could compromise security if hackers gained access to them. Zoom said it will now develop an option for users to generate these encryption keys on their own devices.
The new end-to-end encryption feature will be limited to paid accounts, and will not be available for some time. Zoom said it will release a draft design for the feature on May 22, then seek feedback from users, experts, and other stakeholders. The heightened security will also come with some tradeoffs – recording of calls in will be disabled for encrypted meetings, as will ‘phone bridging,’ the ability to dial into a Zoom meeting by telephone.
One risk of the new encryption features is their potential use for nefarious purposes, including child abuse. While encryption is key to the online privacy of law-abiding users, it also make it impossible for law enforcement to monitor calls, leading advocacy groups to push back against end-to-end encryption on other digital services, particularly Facebook. Zoom seems acutely aware of this conundrum, saying that while it will not monitor meetings or create any ‘back door’ for law enforcement access, it will “look for evidence of abusive users based upon other available data.”
Though Zoom hasn’t disclosed any plans, other elements of Keybase’s existing products could also have broader appeal as the coronavirus pandemic continues. For instance, malicious hackers have tried to exploit the surge in white-collar employees working from home in a variety of ways. Many of Keybase’s existing features focus on verifying users’ digital identities, which could help combat cyberattacks based on online impersonation.
The type of secure and private digital technology Keybase is focused on could also be significant in the fight against the coronavirus. Many plans for reopening the economy include contact tracing to help slow the spread of the virus, but some solutions could also threaten user privacy. Privacy-protecting contact-tracing infrastructure currently in development by Apple and Google relies on encrypted communication systems similar to those used by Keybase—and, soon, Zoom.
More must-read tech coverage from Fortune:
—Remote work, online grocery shopping, cord cutting: What coronavirus trends will stick
—How T-Mobile shifted 12,000 employees to work from home in less than two weeks
—Coronavirus patient data stored in electronic health records found difficult to study at scale
—The startup founder in India striving to improve mass transit through the pandemic
—Listen to Leadership Next, a Fortune podcast examining the evolving role of CEO
—WATCH: Zoom’s ups and downs since the coronavirus crisis
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.