Zoom settles with FTC over allegations of 'deceptive' security practices

CATHERINE THORBECKE
·3 min read

Federal regulators have settled with Zoom over allegations that the video software company "engaged in a series of deceptive and unfair practices that undermined the security of its users."

The settlement was announced Monday by the Federal Trade Commission. Zoom has become an essential part of many Americans' work, life and education amid the COVID-19 pandemic. The FTC noted that Zoom's user base skyrocketed from 10 million in December 2019 to 300 million in April 2020.

Moreover, the company's stock price has jumped more than 400% since the beginning of the year.

MORE: Zoom stock soars after blowout earnings report

The FTC's complaint alleged that since 2016, "Zoom misled users by touting that it offered 'end-to-end, 256-bit encryption' to secure users' communications, when in fact it provided a lower level of security." End-to-end encryption refers to a security infrastructure where only the sender and recipient can view the content.

The FTC claimed Zoom had tools that could allow it to access the content of customers meetings and that it secured these meetings with a lower level of encryption than it said.

"During the pandemic, practically everyone -- families, schools, social groups, businesses -- is using videoconferencing to communicate, making the security of these platforms more critical than ever," Andrew Smith, the director of the FTC’s Bureau of Consumer Protection, said in a statement. "Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected.”

The FTC also alleges the company misled users who wanted to store recorded meetings, claiming those files on the company's cloud storage were encrypted immediately when in some cases they were stored unencrypted for up to 60 days.

PHOTO: In this photo illustration a Zoom App logo is displayed on a smartphone, March 30, 2020, in Arlington, Va. (Olivier Douliery/AFP via Getty Images, FILE)
PHOTO: In this photo illustration a Zoom App logo is displayed on a smartphone, March 30, 2020, in Arlington, Va. (Olivier Douliery/AFP via Getty Images, FILE)

The settlement does not require Zoom to pay any fines or restitution. Rather, Zoom has to stop making misrepresentations about its privacy and security practices, obtain biennial third-party assessments of its security programs and other internal policy changes.

The commission voted 3-2 to accept the agreement with the company. Two commissioners notably dissented, taking issue with the lack of financial penalties.

MORE: Temporary Zoom outage upends remote learning, court proceedings and more

"Zoom has 'cashed in' on the pandemic," Commissioner Rohit Chopra wrote in his dissent, adding that Zoom's CEO Eric Yuan "has increased his net worth by almost $16 billion since March, and is now one of the wealthiest individuals in America."

"Zoom stands ready to emerge as a tech titan," Chopra added. "But we should all be questioning whether Zoom and other tech titans expanded their empires through deception."

A Zoom spokesperson told ABC News in a statement that security of users is a "top priority" and that it takes seriously "the trust users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs."

The company added that it has "already addressed the issues identified by the FTC" in advancements recently made to the platform.

The resolution with the FTC "is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience," the statement added.

Zoom settles with FTC over allegations of 'deceptive' security practices originally appeared on abcnews.go.com