This tweet misrepresents what’s going on. All users get end to end encryption by default. Certain features (bridges to other networks for example) make encryption impossible, which is not something Zoom can solve. Enterprise customers can also decide what features they want.
This extends to the feature that lets people indicate that there’s a disruption going on. If you have a public meeting and someone joins and starts misbehaving (using racial slurs for example), host can flag his behavior. If this is repeated and criminal, there has to be a way for Zoom to provide evidence of the behavior. This requires a mechanism that allows content moderator (Zoom employee) to inspect what’s happening and/or allows for recording this behavior.
The key takeaways are: there is no active monitoring happening, host has to report an incident using built-in mechanisms for anything to happen (and this isn’t transparent in the background; if moderator joins, he does it visibly). As a host (or enterprise customer) you can decide on another course of action and officials won’t be alerted. It’s your choice.
Zoom messed up its security features and mislabeled them early on but they had one of the best responses a company could have. They accepted the criticism, asked for help and invested in security expertise buying Keybase wholesale (which upset some people - Keybase had a great product in the security space but all developers were completely diverted to improve Zoom security).