FTC Calls For Zoom Security Enhancements In New Settlement

According to a new settlement with the Federal Trade Commission, Zoom must implement a new security program due encryption discrepancies, an issue that the video specialist has already addressed, according to Zoom.


The Federal Trade Commission (FTC) is calling for Zoom Video Communications to implement a new security program as part of a proposed settlement over user privacy and encryption discrepancies.

The video specialist is facing backlash that it didn‘t disclose to users that its service was not encrypted end-to-end. The FTC on Monday said that as a result, Zoom’s “misleading” claims gave users a false sense of security.

“The security of our users is a top priority for Zoom,” an FTC spokesperson said in a statement to CRN. ”We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs. We are proud of the advancements we have made to our platform, and we have already addressed the issues identified by the FTC. Today‘s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”

Sponsored post

[Related: 5 Big Things Zoom CEO Eric Yuan Said About Working With The IT Channel]

The FTC‘s complaint said that Zoom misled users by saying it offered “end-to-end, 256-bit encryption” to secure users’ communications since 2016. In reality, the commission said that Zoom held the cryptographic keys that could allow Zoom to access the content of its customers’ meetings.

The new settlement has Zoom agreeing to establishing and implementing a new, comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, according to the FTC.

Zoom, for its part, in May announced it would be building in an end-to-end encryption (E2EE) meeting option. At its annual Zoomtopia user conference in October, the video specialist announced phase one of four of E2EE. With Zoom’s E2EE, the meeting’s host can generate encryption keys and use public key cryptography on their own machine and distribute these keys to the other meeting participants. This process blocks Zoom’s servers from seeing the encryption keys required to decrypt the meeting contents.

Zoom’s E2EE offering is already available and in technical preview right now, the company said.

San Jose, Calif.-based Zoom has seen its business take off since the start of the COVID-19 pandemic's outbreak as countries around the globe implemented stay at home mandates. With many employees and students still working and learning from home, Zoom this year became more valuable than IBM and AMD With a market cap standing at more than $120 billion.

At the end of Zoom’s second fiscal quarter of 2021, which ended July 31, the video specialist said it had approximately 370,200 customers with more than 10 employees, up approximately 458 percent from the same quarter last fiscal year. Zoom’s total revenue climbed 355 percent year over year to $663.5 million.

Zoom stock was down more than 14 percent Monday to $429.56 in afternoon trading as Pfizer announced promising COVID-19 vaccine data, sending stay-at-home stocks down.