Zoom settles with FTC for fibbing over encryption

Zoom has agreed a settlement with the US Federal Trade Commission (FTC) after the agency said the San Jose, California-based company deceived users about its security encryption.

Eric Yuan’s company misrepresented the security of both its videoconferencing and cloud storage, and in so doing engaged in “a series of deceptive and unfair practices that undermined the security of its users,” says the FTC.

However, dissenting members of the five-member government commission said the settlement did not include sufficiently strong penalties, such as a fine. Zoom instead agreed to face fines of up to $43,280 for each future violation under the agreement.

During the pandemic, “practically everyone” is using videoconferencing to communicate, making platforms’ security more critical than ever, says Andrew Smith, director of the FTC’s consumer protection bureau.

Zoom’s security practices “didn’t line up with its promises,” and “gave users a false sense of security”, especially if they were discussing sensitive topics like their finances or health, he says.

So the proposed settlement “sends a message to all companies that they need to live up to their privacy and security promises,” asserts Smith.

Video killed the E2E star

The FTC says Zoom made three sorts of misleading statements to users about security: saying that its encryption was end-to-end; the level of encryption it offered; and the time it took to store recorded meetings on an encrypted server.

To read the complete article, visit Light Reading.