As a result of its growing prominence due to the COVID-19 coronavirus outbreak, cybersecurity and privacy experts have been investigating Zoom. The organization revised its privacy policies, fixed specific potentially dangerous bugs, and vowed to take steps to fix those concerns. Zoom has further explained recently that its “end-to-end encryption” concept varies from that of the cybersecurity community. End-to-end encryption usually means that messages are encrypted in such a way that nobody can access the data exchanged between the sender and the receiver. Even the service provider does not have access to unencrypted information when end-to-end encryption is used. In Zoom, however, only messages are encrypted between meeting participants and Zoom servers, which gives the organization access to unencrypted information and enables it to track conversations. Nevertheless, Zoom reported that it “never built a mechanism to decrypt live meetings for lawful intercept purposes.” An investigation undertaken by the Citizen Lab Group of the University of Toronto found that this is not the only problem related to encryption with zoom. During tests carried out by users in Canada and the USA, researchers found that the video conference key used to encrypt and decrypt sent to a server apparently in Peking, China. As a result of its increasing popularity caused by the COVID-19 coronavirus outbreak, Zoom has come under scrutiny from cybersecurity and privacy experts. The company has updated its privacy policy, patched some potentially dangerous vulnerabilities, and it has promised to take measures to address some of the concerns. Zoom also recently clarified that its definition of “end-to-end encryption” is different from the one of the cybersecurity community. End-to-end encryption typically means that communications are protected in a way that ensures no one — except for the sender and the recipient — can access the data transmitted. If end-to-end encryption is used, not even the service provider should have access to unencrypted data. However, in the case of Zoom, only communications between meeting participants and Zoom servers are encrypted, which gives the company access to unencrypted data and allows it to monitor conversations. Zoom, however, claims that it has “never built a mechanism to decrypt live meetings for lawful intercept purposes.” An analysis conducted by the University of Toronto’s Citizen Lab research group revealed that this is not the only issue related to encryption when it comes to Zoom. During test meetings conducted by users in Canada and the United States, researchers noticed that the key used to encrypt and decrypt the video conference was sent to a server located in Beijing, China. For encryption, the organization, as opposed to Zoom documentation which claims AES-256 encoding, found that Zoom meetings are encrypted with an AES-128 key. In addition, the AES key is used in the ECB mode, which is no longer recommended because data patterns are not adequately protected. Citizen Lab also said that while Zoom is based in the USA, it owns three Chinese companies that develop Zoom software.