HIPPA compliance is a bugbear. The encryption standards vary across the spectrum and are primarily mathematical constructs. Which library to choose? What would be the additional overheads? These issues need to be tied into commercial deployments as well (and make money). The grapevine states that the marketing department runs the blurb through the legal desk and claims about “features” that are on the roadmap while escaping liabilities.
Follow the link below and the sobering tweet. We still don’t know what goes in the background.
Let’s get to the bottom of things fast: Boo Zoom!
I reviewed how Zoom’s implements their web client last year.
I’m not really surprised of their general lack of e2ee given that their web client did not provide any encryption on top of TLS or WebRTC’s DataChannel. For reasons we will discuss below, this means they weren’t doing any obvious e2ee there.