The Federal Trade Commission (FTC) has announced a settlement with Zoom, after it accused the video calling giant of engaging in “a series of deceptive and unfair practices that undermined the security of its users,” in part by claiming the encryption was stronger than it actually was.
“In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised,” the FTC said in a statement Monday, November 9. “Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information.”
Zoom quickly admitted it was wrong, prompting the company to launch a 90-day turnaround effort, which included the rollout of end-to-end encryption to its users. That eventually months later in late October — but not without another backtrack after Zoom initially said free users could not use end-to-end encryption.
The FTC also alleged in its complaint that Zoom stored some meeting recordings unencrypted on its servers for up to two months, and compromised the security of its users by covertly installing a web server on its users’ computers in order for users to jump into meetings faster. This, the FTC stated, “was unfair and violated the FTC Act.” Zoom pushed out an update which removed the web server, but Apple also intervened to remove the vulnerable component from its customers’ computers.
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
