I have been pleasantly surprised with Zoom's quick and decisive responses to security criticism recently, but after a feedback call they hosted this morning about their end-to-end encryption plan I am back to being disappointed.

The plan that I heard is to build out end-to-end encryption, but as a premium feature offered only to paid accounts.

Zoom's rationale? "Bad things like CSAM happen on free accounts," and so Zoom wants to maintain lawful interception capabilities for those calls.

You heard that right, activists, journalists, organizers, and cash-strapped non-profits of the world: Zoom *could* offer you best-practice security, but it won't, because you might be a child pornographer. Better luck next time.

I'd be a little less disappointed if Zoom just called this what it is - an upsell! Zoom wants you to pay for an enterprise product. It will pack said product with features to entice you to do so. That's Zoom's prerogative, and could be a starting point for more discussion.

But spinning it as "bad things happen on free accounts" strikes me as paternalistic and unconcerned about other user groups who need e2e protection. (I also wonder if it's conflating paid/free patterns with registered/unregistered ones - I'd be interested to see more numbers.)

And I heard no concrete plans to make this clear to the average user. Prophecy foretells "Zoom now offers e2e!" headlines and confused people with a false sense of security about a platform that had done some great work to earn their trust.

I sincerely hope Zoom reconsiders.