On Monday, the Federal Trade Commission approved a settlement requiring Zoom to strengthen its security concerns after allegations surfaced that the video conferencing service misled users about its level of privacy and security for meetings.
The FTC alleged that Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.”
Zoom has become a staple in homes and businesses since the COVID-19 outbreak began last year, giving people the ability to meet online rater than in person.
They reported some 300 million users, including a large percent of workers around the world, have been logging in and using the platform as they were suddenly ordered to work from home last spring due to the stay at home orders issued.
The settlement was approved following a 3-2 vote on a complaint filed by the Federal Trade Commission stating Zoom has been deceiving users over security since 2016, if not longer.
The complaint specified that Zoom held on to cryptographic keys that allowed it to access content from its customers’ meetings.
They also secured meetings with a lower level of privacy encryption than what they promise customers.
Many of the above 300 million users have used the video conferencing platform to discuss sensitive topics such as health and financial information, leaving them with a false sense of security.
The regulators noted that in blog posts, Zoom promoted its level of encryption as a reason for consumers — whether families, schools, social groups or businesses — to use the services.
The proposed settlement would require Zoom Video Communications Inc., based in San Jose, California, to take specific measures to resolve privacy vulnerability.
Company personnel would be required to review any software updates for security flaws.
Zoom said it has already addressed the problems cited by the FTC and “is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience,” the company said in a statement Monday.
“The security of our users is a top priority for Zoom,” it said. “We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs.”
The 3-2 vote came about by the FTC’s two democratic commissioners, Rohit Chopra and Rebecca Kelly Slaughter, who disagreed because the settlement does not require refunds or other redress for affected customers.
“Zoom has ‘cashed in’ on the pandemic,” Chopra said in his dissent.
“Zoom stands ready to emerge as a tech titan. But we should all be questioning whether Zoom and other tech titans expanded their empires through deception. Zoom could have taken the time to ensure that its security was up to the right standards.”
The proposal will be open for public comment for 30 days before the agency will decide to make it final.