Since it exploded in popularity at the start of the coronavirus pandemic, Zoom has promised to address the more glaring security and privacy issues that are a part of its video meeting software. And now the company has a regulatory incentive to do exactly that. As part of a new proposed settlement with the Federal Trade Commission (FTC) over its privacy practices, the company must establish an information security program that will see it share security audits with the agency. Zoom has also agreed to notify the FTC if it goes through a data breach, as well as implement additional security features.
The main issue the FTC had with Zoom’s practices was that it misled people about its use of end-to-end (E2E) encryption. Since as far back as 2016, the company’s website has said users could secure their Zoom meetings “with end-to-end encryption. In reality, Zoom only recently started rolling out E2E encryption to video meetings. The FTC says the company’s claims gave people a false sense of security. The agency also found problems with ZoomOpener, software the company included in a July 2018 update it pushed to Mac users. ZoomOpener installed a persistent web server on your Mac that could, in certain circumstances, reinstall Zoom on your computer without your permission.
“Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected,” said Andrew Smith, the director of the FTC’s Bureau of Consumer Protection.
“We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs,” a spokesperson for Zoom told Engadget. “We are proud of the advancements we have made to our platform, and we have already addressed the issues identified by the FTC. Today’s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”
One thing Zoom won’t have to do as part of the settlement is to pay a fine to the federal government, provided it stays out of trouble. If the FTC finds that the company hasn’t been adhering to the agreement, it faces fines of up to $43,280 for each future offense.