- Zoom was able to reach a settlement on the US Federal Trade Commission (FTC) charges for misrepresenting its encryption features to users during the pandemic.
The US Federal Trade Commission accused the video conferencing software maker Zoom of misleading users about how its call encryption features worked. Zoom successfully settled these FTC charges on 9th November 2020.
According to the FTC claims, Zoom had attracted users by misrepresenting that its product is supported by end-to-end, 256-bit encryption and recorded calls will be stored in an encrypted format. This is a cause of concern during the pandemic when more users are drawn to the video conferencing service that Zoom offers.
According to the complaint filed by FTC, Zoom had around 600,000 paid customers of its video conferencing services and approximately 88% of those customers were small businesses with ten or fewer employees.
End-to-end encrypted calls protects users' privacy. However, in this case the FTC claimed that recorded calls were kept unencrypted on Zoom's servers for up to 60 days before being encrypted and transferred to a secure server. During this time Zoom and other parties could access users' content.
Zoom has agree that this issue has been fixed and the company will implement a three-month marathon focused on improving these security concerns.
Although a fine was not imposed on the company, Zoom has agreed to assess and document potential security risks on an annual basis, implement a vulnerability management program, deploy safeguards like multi-factor authentication, institute data deletion controls, review any software updates for security concerns, and do not misrepresent its privacy and security features as part of its settlement.