FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
Zoom has reached a settlement with the Federal Trade Commission (FTC), admitting to inaccurate and misleading claims of encryption for calls and promising to engage in a number of activities intended to ensure that similar issues don't recur.
According to the FTC's settlement announcement, Zoom had promised "end to end 256-bit encryption" of Zoom calls since 2016 but only delivered a lesser level of security until October of this year. The greater security was only offered to all users after Zoom backtracked following an initial announcement that only paid subscribers would see full encryption. Zoom's misleading statements to consumers form the heart of the FTC's complaint against the company
The FTC's announcement notes that Zoom's user base skyrocketed from roughly 10 million users in December 2019 to more than 300 million in April 2020. Zoom has publicly scrambled to keep up with the demand for secure communications, offering features such as two-factor authentication to all users beginning in September.
In the agreement, Zoom admitted to a series of security missteps (such as the ZoomOpener installation that secretly installed a program that automatically opened the Zoom application on macOS computers, and defeated attempts to uninstall the application, in 2018) as well as encryption misstatements, and agreed to a program of security improvements, new program development, regular assessments, and new safeguards for customers data. The consent agreement will become final after a 30-day comment period following its publication in the Federal Register.
For more, read here.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024