rocketclips -

Zoom settles FTC suit alleging 'deceptive' security practices

Zoom has agreed to implement a comprehensive program for user security and abide by a government-imposed prohibition against privacy misrepresentations.

Updated Nov. 10, 2020:

Zoom has settled a Federal Trade Commission lawsuit that accused the video conferencing company of engaging in "deceptive and unfair practices" that undermined user security.

The FTC announced the settlement Monday, saying Zoom agreed to implement a comprehensive security program. Zoom also said it would abide by an FTC-imposed prohibition against privacy and security misrepresentations.

The complaint accused Zoom of misleading users since at least 2016 by claiming to have "end-to-end, 256-bit encryption" to secure user communications. At the time, the company provided a lower level of security, the FTC said. Zoom later acknowledged that it was not using the standard definition of end-to-end encryption.

On top of that, the FTC accused Zoom of failing to encrypt video recordings as promised. It also accused Zoom of putting Apple Mac users at risk through its ZoomOpener software. The application bypassed security in the Safari browser, making it possible for hackers to spy on users or take control of their computers.

In a statement, the FTC said Zoom engaged in "a series of deceptive and unfair practices that undermined the security of its users."

"Zoom's security practices didn't line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected," said Andrew Smith, director of the FTC's Bureau of Consumer Protection.

In a statement, Zoom said it had addressed the problems listed in the FTC complaint.
"The security of our users is a top priority for Zoom," the company said. "We take seriously the trust [that] our users place in us every day."

Zoom faced a bevy of security- and privacy-related lawsuits this year. Two class-action lawsuits filed in March alleged that Zoom shared user data with Facebook without permission. In April, investors filed two class-action suits alleging that Zoom misled shareholders about its security in violation of federal securities laws. Users lodged two other class-action complaints, accusing the company of violating California laws by deceiving customers through misleading marketing materials.

The lawsuits and security revelations prompted schools, businesses and government entities to ban Zoom outright. They included Google, SpaceX, NASA and the New York public school system. The backlash led to the company freezing feature development for 90 days while securing its platform. 

Zoom's user base soared from 10 million people in December 2019 to 300 million as of April 2020. The video conferencing service has become popular as an online meeting platform for people working from home during the COVID-19 pandemic. Its financial growth has been exponential as well.

Zoom's unexpected growth was sure to come with growing pains, but it should have been more careful with its security claims, said Zeus Kerravala, the founder of ZK Research. Therefore, the FTC settlement seemed "slap-on-the-hand-ish," he said.

Next Steps

Court says RingCentral can keep selling Zoom for now

Federal judge orders RingCentral to stop selling Zoom

Dig Deeper on Video conferencing and visual collaboration