Zoom violated a Washington, D.C. law when it claimed to offer end-to-end encryption when it really didn’t, a consumer advocacy group alleged in a recently filed lawsuit.
Consumer Watchdog filed a lawsuit late Monday claiming Zoom, the popular videoconferencing app, violated the District of Columbia Consumer Protection Procedures Act (DCCPPA) by advertising to consumers that its software offered end-to-end encryption.
The law fights against unfair or deceptive trade practices.
As the coronavirus pandemic led to more people using video conferencing software, Zoom exploded in popularity. However, with that popularity came a slew of concerns—including that it claimed to offer end-to-end encryption, but really didn’t.
The company later admitted that it incorrectly stated that it offered end-to-end encryption on its website, apologizing for a “discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
After backlash, the company worked to rectify it but botched that rollout as well. Zoom CEO Eric Yuan said that only paying customers would have access to end-to-end encryption, leading to a massive online push calling on it to implement the feature for all users by default.
A day after petitions with around 70,000 signatures were unveiled, Zoom reversed its decision and said it would soon offer end-to-end encryption for all users.
However, Consumer Watchdog alleges in its lawsuit that Zoom’s advertising of end-to-end encryption before having it led people to think their video calls were secured by the technology when they really weren’t. The suit was first reported by the Washington Post.
“The reality is that Zoom is, and has always been, capable of intercepting and accessing any and all of the data that users transmit on its platform—the very opposite of end-to-end encryption,” the suit reads. “Nonetheless, Zoom relied on its end-to-end encryption claim to attract customers and to build itself into a publicly traded company with a valuation of more than $70 billion.”
“We take privacy and security extremely seriously and are committed to continuous enhancements, including the timely beta testing and implementation of end-to-end encryption,” a Zoom spokesperson told the Daily Dot.
The suit seeks financial damages for Washington, D.C. Zoom users. The DCCPPA has fines for violations up to $1,500 per violation.
In April, Sen. Richard Blumenthal (D-Conn.) called on the Federal Trade Commission (FTC) to investigate Zoom, tweeting that the company was “advertising privacy features that do not exist.”