Comments
The United States Federal Trade Commission on Monday announced a settlement with Zoom Video Communications, Inc. over “misleading claims” about the platform’s security measures.
The settlement will require Zoom to implement “a robust information security program” to settle allegations that it had engaged in a series of “deceptive and unfair practices that undermined the security of its users”.
In its complaint, the FTC had alleged that Zoom has misled its users with claims of “end-to-end, 256-bit encryption” since at least 2016 when instead it had, in reality, implemented a lower level of encryption.
Also read: TikTok, WhatsApp, Facebook most downloaded non-gaming apps worldwide in October: Report
The complaint alleges that Zoom had “maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised”.
Furthermore, the FTC complaint also alleged that Zoom had stored some recordings in an unencrypted manner for up to 60 days on Zoom’s servers before being transferred to its secure cloud storage.
The complaint also alleges that Zoom had secretly installed a software called a ZoomOpener web server on user’s devices as part of a manual update for its Mac desktop application in July 2018. The software allowed the platform to launch automatically, bypassing the security of Apple Safari browser. Apple had pushed an update to block the software in 2019.
As part of the settlement, Zoom is required to take specific measures to enhance security.
“In addition, Zoom personnel will be required to review any software updates for security flaws and must ensure the updates will not hamper third-party security features,” FTC said.
Also read: Microsoft Teams now has over 115 million daily active users: Nadella
“Under the proposed settlement, Zoom is also prohibited from making misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information, its security features, and the extent to which users can control the privacy or security of their personal information,” it said.
Furthermore, the company will also be required to get biennial third-party assessments of its security program which the FTC has the authority to approve and notify the Commission if it experiences a data breach.
A Zoom spokesperson, in a statement, has said that it had already addressed the issues stated in the FTC complaint, The Verge reported.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.