Zoom FTC Settlement

Ink Drop / Shutterstock.com

Zoom settles with FTC over end-to-end encryption claims

The company's claims about end-to-end encryption were a focus earlier this year.


Andrew Wyrich


Posted on Nov 9, 2020   Updated on Jan 27, 2021, 11:53 am CST

The Federal Trade Commission (FTC) announced on Monday that it has reached a settlement with Zoom, the popular videoconferencing software, after opening a complaint into claims about its security practices.

The FTC’s complaint specifically targeted the fact that Zoom said it offered “end-to-end encryption” to its users, but did not.

The company, which surged in popularity during the coronavirus pandemic, caught flak for making the claim and ultimately apologized for a “discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”

In June, the company announced that all users would have access to end-to-end encryption shortly after a massive push from organizations and advocates to implement the change. The announcement also came after the company’s CEO Eric Yuan initially said only paid users would have access to end-to-end encryption.

The FTC said the company engaged “in a series of deceptive and unfair practices that undermined the security of its users.”

“Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information,” the agency said in a press release. “In numerous blog posts, Zoom specifically touted its level of encryption as a reason for customers and potential customers to use Zoom’s videoconferencing services.”

The settlement requires Zoom to have a “comprehensive information security program,” including documenting internal and external security risks and developing ways to safeguard against those risks; implementing a vulnerability management program; using multi-factor authentication; instituting data deletion controls; and taking “steps” to prevent the use of user credentials that are known to be compromised, according to the FTC.

The company is also prohibited from making misrepresentations about its security and privacy practices as part of the settlement.

A Zoom spokesperson told Axios that the company has “already addressed the issues identified by the FTC,” and that “today’s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”

Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Nov 9, 2020, 12:38 pm CST