FTC Seeks Zoom Security Upgrades

  • The Federal Trade Commission (“FTC”) reached a settlement with online video platform Zoom Video Communications, Inc. (“Zoom”) to resolve allegations that Zoom engaged in a number of deceptive and unfair practices that undermined the data security and privacy of its users.
  • The complaint alleged that, among other things, Zoom misled users by deceptively marketing its service as offering end-to-end, 256-bit encryption that made communications unreadable to anyone except the sender and recipient, while in reality providing a lower level of encryption and maintaining cryptographic keys. The complaint further alleged that Zoom misled users by promising to immediately encrypt recordings stored in the cloud but some recordings were left unencrypted for 60 days, and that it compromised the security of users by installing software that bypassed an Apple Safari browser safeguard.
  • Under the terms of the proposed consent order, among other things, Zoom must take steps to increase its security measures, including by assessing, documenting, and addressing any potential security risks on an annual basis and implementing a vulnerability management program. In addition, Zoom is prohibited from misrepresenting the strength of its data privacy and security practices.
  • As previously reported, Zoom entered into a similar settlement with New York AG Letitia James over its alleged security flaws.