Why Zoom Video (ZM) Is Buying Keybase

By Amit Chowdhry ● May 8, 2020
  • Zoom Video Communications Inc (NASDAQ: ZM) recently announced it is buying Keybase, which is a startup known for its end-to-end encryption expertise.

Zoom Video Communications Inc (NASDAQ: ZM) recently announced it is buying Keybase, which is a startup known for its end-to-end encryption expertise. Keybase has been developing encryption products over the last several years including collaboration tools and file-sharing tools. The terms of the deal were undisclosed.

Keybase has been developing encryption products over the last several years, including collaboration platforms and file-sharing tools. This acquisition will be beneficial for Zoom Video as the video chatting app company saw a surge in usage due to the stay at home orders associated with the COVID-19 pandemic. In fact, the company went from 10 million users to 300 million daily participants in the span of a few months.

Along the way, Zoom dealt with a number of security issues. And Zoom also recently hired former Facebook security head Alex Stamos as an adviser to help.

Due to the security issues, a number of corporations, governments, and schools decided to ban employees from using Zoom.

Following the security issues, Zoom implemented a 90-day plan to improve its security.

“Today, audio and video content flowing between Zoom clients (e.g., Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device.  It is not decrypted until it reaches the recipients’ devices. With the recent Zoom 5.0 release, Zoom clients now support encrypting content using industry-standard AES-GCM with 256-bit keys. However, the encryption keys for each meeting are generated by Zoom’s servers. Additionally, some features that are widely used by Zoom clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require Zoom to keep some encryption keys in the cloud. However, for hosts who seek to prioritize privacy over compatibility, we will create a new solution,” wrote Eric S. Yuan, Founder & CEO of Zoom Video Communications in a blog post.

In the near future, Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. And logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network, which can be used to establish trust relationships between meeting attendees. Plus an ephemeral per-meeting symmetric key will be generated by the meeting host and it will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are major changes to the list of attendees.

The end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. And Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host.

“Encryption keys will be tightly controlled by the host, who will admit attendees. We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises,” added Yuan.

As part of the acquisition, Keybase will become a subsidiary of Zoom Video. And Keybase co-founder Maxwell Krohn will head up Zoom’s security engineering team.