In these days, my new book entitled End-to-End Encrypted Messaging is being printed and prepared to be shipped. Due to this fact, but mainly due to the Corona crisis, I am often asked these days whether the various conferencing tools that are used worldwide, such as Zoom and Microsoft Teams, are reasonably secure and adhere to the state of the art. The short answer is “no,” but it makes a lot of sense to scrutinize both the question and the answer.
With regard to the question, the first counterquestion I would ask is why would you want to encrypt a conference in the first place, especially if the conference has many participants. Remember the famous quote attributed to Benjamin Franklin: “Three may keep a secret if two of them are dead.” It seems exaggerated, but the bottom line is still that keeping a secret becomes increasingly difficult, the more people are to share it. One may argue about the threshold, and the quote is overly pessimistic here, but beyond only a handful or persons it seems very unlikely that a secret can ever be kept secret. This, in turn, means that secure – maybe even E2EE – conferencing is meaningful for small groups, but certianly becomes more and more pointless the larger the group is. Note that any group member can tape the audio and/or video streams and redistribute them at will. If we are talking about dozens, hundreds, or even thousands of particpants in a large conference, then encrypting it may be a nice engineering execise, but its actual value may be small. The information is going to leak anyway, even if E2EE. This insight is just a consequence of human behavior and its (in)ability to keep secrets.
With regard to the answer, I am more optimistic. In spite of the fact that most conferencing tools are not truely end-to-end encrypting and have sometimes even devastating shortcomings (e.g., Zoom seemingly encrypting with AES-128 in ECB mode), cryptographic research has come up with E2EE protocols that are highly secure and permanently refresh their keying material, such the Signal protocol that is also used in WhatsApp, Facebook Messenger, and many more. This protocol is optimized for the asynchronous setting, but it works equally well in the simpler case of the (synchronous) setting of a conference. Some messengers are already using this protocol for small-group conferencing (e.g., WhatsApp for groups up to 4 members). Furthermore, the community (in particular the IETF MLS WG) is working on a messaging layer security (MLS) protocol that is particularly well suited for large groups with thousands of members. This protocol can be used for E2EE messaging, but it can also be used for E2EE conferencing. So from a technical persepctive, the problem of how to implement E2EE messaging and conferencing in a scalable way seems to be solved. The remaining question is how reasonable and meaningful it is to use it and end-to-end encrypt large conferences. My personal impression is that secret information should not be discussed in large conferences, and hence currently deployed messengers (that support groups up to a few members) are sufficient here.
If you still want to use an E2EE conferencing tool, then it makes sense to study the details. As is usually the case in security, the devil is really in the details and they make the difference. In times like today, marketing departments are good in putting together various buzzwords and acronyms (like E2EE) to make product sheets as interesting and promising as possible. It is therefore important to stay critical and ask the right questions. E2EE conferencing may not be the appropriate solution in all situations.