The Federal Trade Commission has announced a settlement with Zoom, after it accused the video calling giant of engaging in “a series of deceptive and unfair practices that undermined the security of its users,” in part by claiming the encryption was stronger than it actually was.
Zoom said in March that the phrase “end to end” was “in reference to the connection being encrypted from Zoom end point to Zoom end point,” that “content is not decrypted as it transfers across the Zoom cloud,” and that it only collected user data needed to improve its services.
But according to the FTC, Zoom had the cryptographic keys that could allow the company to access customers’ meetings. “Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information,” the agency said.
Zoom finally introduced the first of four phases of its end-to-end encryption in October for free and paid users in meetings with up to 200 participants. The next phase, scheduled to launch next year, will have better identity management and support for single sign-on, the company said.
In its statement, the FTC said it has prohibited Zoom from misrepresenting its security and privacy practices going forward, and has agreed to start a vulnerability management program and implement stronger security across its internal network.
Zoom spokesperson Colleen Rodriguez said in a statement, via the company’s external crisis communications firm Sard Verbinnen, that Zoom had “already addressed the issues identified by the FTC.”
Shares in Zoom were down 14% in afternoon trading.
