Zoom promises security improvements to end federal investigation
Zoom agreed to enhance its security practices to settle allegations from the Federal Trade Commission that the video conferencing company misled consumers about the protections it offers.
The big picture: Zoom's security practices came under scrutiny by federal and state officials as its use exploded during the coronavirus pandemic. The settlement is aimed at better locking down Zoom meetings and user data against intruders.
Driving the news: The FTC voted 3-2 along party lines to approve the settlement, which requires Zoom to:
- Establish a comprehensive security program that includes assessing potential risks and developing safeguards against those risks on an annual basis
- Protect against unauthorized access to its network through safeguards such as ensuring its users can access multi-factor authentication
- Review software updates for security flaws
What they're saying: A spokesperson for the company, which already made some pledges in the spring similar to many of the commitments made to the FTC, said in a statement, "[W]e have already addressed the issues identified by the FTC. Today's resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience."
Background: The FTC alleged that Zoom misled users by claiming it offered end-to-end encryption when the company had the ability to access the content of meetings.
- The FTC also accused Zoom of secretly installing software, "ZoomOpener," as part of an update in 2018 that bypassed an Apple Safari browser safeguard.
- “Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected," Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said in a statement.
Yes, but: The FTC's Democrats said the agency's settlement did not go far enough.
- "When Zoom’s user base rapidly expanded, its failure to prioritize privacy and security suddenly posed a much more serious risk in terms of scope and scale," Democrat Commissioner Rebecca Kelly Slaughter said in a dissent. "This proposed settlement, however, requires Zoom only to establish procedures designed to protect user security and fails to impose any requirements directly protecting user privacy."
Flashback: Zoom previously agreed to implement security measures this summer to settle a probe by New York Attorney General Letitia James.
Editor's note: This story has been updated to include a comment from Zoom.