8.2 Advanced Encryption for Voicemail

Zoom Phone users may receive voicemail sent from either mobile and landline phones using PSTN, or other Zoom Phone clients. By default, voicemail messages are received and recorded by Zoom servers, who encrypt them at rest with keys controlled by the Zoom infrastructure. We also offer Advanced Encryption for Voicemail (AEV) as a more secure alternative: Zoom servers still receive and record the voicemail themselves, but they encrypt it for keys known only to the intended recipient’s devices. We accomplish this using a voicemailspecific PUK subkey, as described in Section 3.4.1. Accordingly, AEV-encrypted voicemails can only be accessed by the devices belonging to the intended recipient with access to the PUK, i.e. devices created before the voicemail was generated, or (transitively) approved by such a device. We do not support retrieving these voicemail messages from PSTN, the Zoom website, or generic desk phone/SIP devices. Voicemails encrypted with AEV use a simplified version of the email encryption scheme (Section 6.1). Voicemail ciphertexts include the audio recording as the only encrypted piece, and there is always only a single (non-BCC) recipient. Email addresses are omitted as they are not relevant in the voicemail context, and there are no signatures as, even when sent among Zoom Phone users, it is the Zoom servers that are performing the recording and encryption.