Zoom Video Communications is now required to implement an improved information security program as part of its proposed settlement with U.S. Federal Trade Commission.
Photo Credit: Shutterstock
It was determined Zoom misled users by claiming that it offered “end-to-end, 256-bit encryption” to secure users’ communications on the platform, when in fact it provided a lower level of security. “End-to-end” encryption gives only the sender and recipient(s) of communications the ability to read the content; no other party has visibility, including the platform provider.
“Zoom’s security practices didn’t line up with its promises,” said director of the FTC’s Bureau of Consumer Protection, Andrew Smith.
The complaint also alleges Zoom users were given a false sense of security while the company engaged in several “deceptive and unfair practices”. This includes neglecting to encrypt recorded meetings for up to two months and secretly installing software on users’ computers. That software is said to have given users the ability to bypass an important browser safeguard that protects against common malware.
The settlement has no financial component, however each future violation committed by Zoom comes at a cost of $43,280. A company spokesperson for Zoom has said, “We have already addressed the issues identified by the FTC.” She noted that security for its users is a top priority.
The settlement was approved in a close vote, with a 3-2 split down the FTC’s party lines.
There are some unhappy with the settlement and believe Zoom’s failures warrant serious action. Democratic commissioner Rohit Chopra said, ““The FTC’s proposed settlement includes no help for affected parties, no money, and no other meaningful accountability.”
Zoom’s user base has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic and continues to grow as virtual meetings are becoming a part of everyday life.
The FTC has shown, even with the exponential growth of users in a short time, Zoom and other communications companies will be held to a strict standard when it comes to their cybersecurity practices.
For more articles from Haute Lawyer, visit https://hauteliving.com/hautelawyer/