The US Federal Trade Commission (FTC) is calling for Zoom Video Communications to implement a new security program as part of a proposed settlement over user privacy and encryption discrepancies.
The video specialist is facing backlash that it didn‘t disclose to users that its service was not encrypted end-to-end. The FTC on Monday said that as a result, Zoom’s “misleading” claims gave users a false sense of security.
“The security of our users is a top priority for Zoom,” an FTC spokesperson said in a statement to CRN USA. ”We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs. We are proud of the advancements we have made to our platform, and we have already addressed the issues identified by the FTC. Today‘s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”
The FTC‘s complaint said that Zoom misled users by saying it offered “end-to-end, 256-bit encryption” to secure users’ communications since 2016. In reality, the commission said that Zoom held the cryptographic keys that could allow Zoom to access the content of its customers’ meetings.
The new settlement has Zoom agreeing to establishing and implementing a new, comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, according to the FTC.
Zoom, for its part, in May announced it would be building in an end-to-end encryption (E2EE) meeting option. At its annual Zoomtopia user conference in October, the video specialist announced phase one of four of E2EE. With Zoom’s E2EE, the meeting’s host can generate encryption keys and use public key cryptography on their own machine and distribute these keys to the other meeting participants. This process blocks Zoom’s servers from seeing the encryption keys required to decrypt the meeting contents.
Zoom’s E2EE offering is already available and in technical preview right now, the company said.
Zoom has seen its business take off since the start of the COVID-19 pandemic's outbreak as countries around the globe implemented stay at home mandates. With many employees and students still working and learning from home, Zoom this year became more valuable than IBM and AMD With a market cap standing at more than US$120 billion.
At the end of Zoom’s second fiscal quarter of 2021, which ended July 31, the video specialist said it had approximately 370,200 customers with more than 10 employees, up approximately 458 percent from the same quarter last fiscal year. Zoom’s total revenue climbed 355 percent year over year to US$663.5 million.
Zoom stock was down more than 14 percent Monday to US$429.56 in afternoon trading as Pfizer announced promising COVID-19 vaccine data, sending stay-at-home stocks down.