The Federal Trade Commission says Zoom has been misleading users for years and that its end-to-end encryption isn’t as safe as the company claims. The video-conferencing app was allegedly utilizing a less secure form of protection than it promised, for at least four years. Zoom has not only seen a massive spike in users during 2020, but it has also been the subject of multiple controversies.
Zoom previously announced that it will be reserving its highest-level of security for paying customers. This meant that users would have to pay a minimum of $14.99 per month to prevent the risk of any third parties, including the FBI, from accessing their Zoom calls. However, the company eventually reversed their decision, allowing all users to access its end-to-end encryption security without paying a monthly fee. While E2EE for free users has its limitations, it is designed to protect all users from unwanted eavesdroppers.
According to the FTC, Zoom was allegedly misleading users as early as 2016, by initially promising E2EE security, but delivering “lower level” security instead. In addition, the FTC claims that Zoom maintained access to cryptographic keys that could have been used to access user meetings. A number of recorded Zoom meetings were reportedly at risk as well, as some recordings were said to have been kept in an unencrypted storage on Zoom’s servers for about sixty days before they were transferred to a secure cloud location. The complaint against Zoom indicated that the company’s misleading claims were instilling a “false sense of security” in its user base, which has rapidly grown by over 100 million since last year. Zoom has agreed to a settlement which requires it to establish a more “robust” information security program and avoid security and privacy misrepresentations in the future.
Zoom’s Shaky History Marring Rising Popularity
Despite the meteoric rise of Zoom’s popularity during the pandemic, this isn’t the first time Zoom has been lambasted over questionable practices. Previously Zoom was accused of allowing the Chinese government to influence who could use the service. While the company vowed to do better following the incident, it has also been embroiled in other controversies, such as limiting user security with a paywall, only to change its stance shortly after.
All of these instances, including a recent security breach, are unlikely to help the company’s reputation. However, adhering to the FTC’s settlement might help to pave the way for the company to mend its tumultuous misgivings. With a growing number of companies relaying sensitive information through video-conferencing apps like Zoom, an emphasis on transparency (as well as security) might go a long way to establishing and maintaining trust with users.
