FTC OKs Final Settlement with Zoom over Alleged Misleading Data Security Practices

Zoom faces class action lawsuit over security

The Federal Trade Commission (FTC) announced the final approval of its settlement with Zoom Video Communications (NASDAQ: ZM) over allegations that the company misled consumers regarding its data security practices.

Zoom is a video conferencing platform. It is one of the tech companies that benefitted from the COVID-19 pandemic. To prevent the spread of the disease, many businesses were forced to allow their employees to work from home. Educational institutions to implement online learning.

FTC’s allegations against Zoom

In November, the FTC sued Zoom for allegedly engaging in deceptive and unfair practices related to its data security and privacy for consumers. The company claimed that its video conferencing platform is integrated with “end-to-end AES 256 bit encryption.”

Signup for the USA Herald exclusive Newsletter

The Commission alleged that Zoom lied to users about the level of its encryption. In fact, it is using a lower level of encryption” to secure meetings on its platform. It was not securing users’ data using AES-256 bit encryption. Instead, it was using AES 128-bit encryption in Electronic Code Book (ECB).

Zoom agreed to settle FTC’s lawsuit. Under the proposed settlement, the company agreed to establish and implement a comprehensive security program to address the allegations against it.

On Tuesday, the FTC said it received 12 comments on its proposed settlement with Zoom. Its Commissioners voted 3-2 on January 19 to finalize the settlement and to send responses to the commenters.

Aside from implementing a comprehensive security program, the Commission’s final order requires Zoom to review any software updates for security flaws. It requires the company to ensure the updates will not hamper third-party security features.

In addition, the final order requires Zoom to obtain assessments of its security program by an independent party every other year.

Furthermore, the company must notify the FTC if a data breach occurs in its video conferencing platform.

Statements regarding FTC’s final order

In a statement, Commissioner Christine Wilson said the FTC’s proposed final order “provides  immediate, strong relief to consumers.”

She added that it “will enable the Commission to seek significant penalties for non-compliance and provides critical, and timely relief.”

Acting FTC Acting Chairwoman Rebecca Kelly Slaughter and Commissioner Rohit Chopra released a dissenting statement regarding the order.

In her statement, Slaughter said the final order “did not do enough to ensure that consumers can trust this now-ubiquitous videoconferencing tool with their private conversations.”

“Specifically, the proposed order did not address Zoom’s privacy failings and did not require Zoom to provide any recourse to affected users,” added Slaughter.

On the other hand, Chopra said he opposed the settlement because it was “weak.” It does not provide help, money, and notice to victims. He added that it did not include meaningful accountability for Zoom.

Zoom still faces a class-action lawsuit over its encryption

The company is still facing a class-action lawsuit filed by Consumer Watchdog in the Superior Court of the District of Columbia in September.

The non-profit consumer advocacy group accused Zoom of unlawful trade practices and false or deceptive advertising related to its encryption.

Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.