FTC accused Zoom of misleading users

The US Federal Trade Commission (FTC) has accused Zoom of misleading users about the security measures it has implemented.

At a press conference today, the FTC announced a compromise agreement with Zoom after initially accusing the company of “a series of deceptive and fraudulent practices that compromise user security,” in particular, claiming that the encryption it uses is stronger than it actually was.

We will remind, earlier this year, when quarantine restrictions began to be introduced around the world, the popularity of Zoom skyrocketed. At the time, the company claimed that it used end-to-end encryption to ensure the security of transmitted data, making it almost impossible to decrypt meetings in Zoom, even for the company itself.

However, as it turned out, the encryption keys were stored on Zoom’s servers, allowing the company to access users’ calls.

“According to a complaint from the US Federal Trade Commission, Zoom’s misleading claims instilled a false sense of security in users, especially among those using the company’s platform to discuss sensitive topics such as health and finance”, — the FTC said in a statement.

The company quickly admitted it was wrong and promised to implement true end-to-end encryption. However, Zoom was criticized here as well, as it initially decided to implement end-to-end encryption for paid users only.

The FTC also accused the company of keeping records of some meetings on its servers for two months and undermining the security of users by secretly deploying a web server on their computers to quickly connect to meetings.

According to a statement from the Federal Trade Commission, it prohibited Zoom from further misrepresenting its security and privacy practices, and ordered the company to run a vulnerability management program and improve internal network security.

“Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic”, — also said in a statement from the FTC.

Zoom spokeswoman Colleen Rodriguez said through external crisis communications firm Sard Verbinnen that Zoom “has already resolved the issues identified by the FTC.”

Let me remind you that SpaceX, NASA and Google have banned their employees from using Zoom for security reasons. Additionally, the governments of many countries have banned the use of this application.