The Federal Trade Commission (FTC) announced on Monday that it has reached a settlement with Zoom, the popular videoconferencing software, after opening a complaint into claims about its security practices.
The FTC’s complaint specifically targeted the fact that Zoom said it offered “end-to-end encryption” to its users, but did not.
The company, which surged in popularity during the coronavirus pandemic, caught flak for making the claim and ultimately apologized for a “discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
In June, the company announced that all users would have access to end-to-end encryption shortly after a massive push from organizations and advocates to implement the change. The announcement also came after the company’s CEO Eric Yuan initially said only paid users would have access to end-to-end encryption.
The FTC said the company engaged “in a series of deceptive and unfair practices that undermined the security of its users.”
“Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information,” the agency said in a press release. “In numerous blog posts, Zoom specifically touted its level of encryption as a reason for customers and potential customers to use Zoom’s videoconferencing services.”
The settlement requires Zoom to have a “comprehensive information security program,” including documenting internal and external security risks and developing ways to safeguard against those risks; implementing a vulnerability management program; using multi-factor authentication; instituting data deletion controls; and taking “steps” to prevent the use of user credentials that are known to be compromised, according to the FTC.
The company is also prohibited from making misrepresentations about its security and privacy practices as part of the settlement.
A Zoom spokesperson told Axios that the company has “already addressed the issues identified by the FTC,” and that “today’s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”