FTC directs Zoom to enhance security practices
Tumisu / Pixabay
FTC directs Zoom to enhance security practices

The US Federal Trade Commission (FTC) announced Monday that Zoom Video Communications, Inc. (Zoom) must implement a new information security program, in conjunction with a settlement with US regulators over privacy concerns.

The settlement resolves allegations that Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.” Among other things, the FTC alleged that Zoom knowingly misrepresented its end-to-end encryption capacity, made deceptive claims about that level of encryption and failed to disclose important information in violation of the Federal Trade Commission Act.

The FTC also alleged that in 2018, Zoom jeopardized the security of several users when it secretly installed a software, called ZoomOpener web opener, as part of a manual update for its Mac desktop application. According to the complaint, the software allowed the company to “automatically launch and join a user to a meeting by bypassing a [Apple] browser software safeguard that protected users from a common type of malware.”

The complaint asserted that Zoom’s misleading claims and practices gave users a “false sense of security, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information.”

According to a press release, Zoom will require its employees to review any software updates for security flaws as part of the settlement. Additionally, Zoom must take specific steps to address the problems that the FTC identified in its complaint, including:

  • annually documenting “any potential internal and external security risks” and advancing protection tactics;
  • realizing a “vulnerability management program;” and
  • deploying protections such as “multi-factor authentication,” data deletion controls, and limits to the use of compromised user credentials.

The FTC underscored the importance of the agreement in protecting Zoom’s user base, which has “skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.”