Zoom agrees to boost security to settle case brought by US government

Zoom Video Communications decided to boost its security to stay claims it misled users about usage of online meetings and other issues, the US Federal Trade Commission said.

Since at least 2016, the videoconferencing platform, which skyrocketed in popularity this season due to coronavirus lockdowns, said it offered a higher level of encryption because of its meetings than it actually did and in addition misled participants about the amount of security for storing meeting recordings, the FTC alleged on Monday in a statement.

“During the pandemic, practically everyone - families, schools, social groups, businesses - is using videoconferencing to communicate, making the security of these platforms more critical than ever,” the director of the FTC’s Bureau of Consumer Protection, Andrew Smith, said in the statement.

“Zoom’s security practices didn’t fall into line with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected.”

Within the settlement, Zoom must document and examine security risks almost every other year, develop methods to manage them, deploy more solutions to drive back unauthorised access of the network and take other steps, including stopping “the usage of known compromised user credentials,” the FTC said.

Zoom said it has already set up the security improvements required by the settlement with the commission.

“We take seriously the trust our users place in us each day, particularly as they count on us to keep them linked through this unprecedented global crisis, and we consistently improve our security and privacy programmes,” Zoom said in a statement. “We are pleased with the advancements we've made to our platform, and we've already addressed the issues discovered by the FTC.”

The company’s shares declined 13 per cent to $438.49 at 12.14pm in NY on Monday. The stock dropped early in the day on news that Pfizer’s Covid-19 vaccine is a lot more than 90 % effective in a trial. Other companies which may have benefited during lockdowns spurred by pandemic, including Peloton Interactive, also fell on the news headlines. Zoom had jumped more than six-fold this year through to last Friday’s close, while its tally of daily meeting participants had surged to 300 million from 10 million.

Zoom had hoped that scrutiny over its security lapses was behind it. The company instituted a 90-day security anticipate April 1, where it froze development of other features not linked to user privacy and safety. Zoom held public weekly meetings to discuss the updates of its efforts, which focused principally on developing the end-to-end encryption it had long promised. It’s the best degree of data privacy available, where no one - not Zoom - can decipher communications. The FTC alleged that claiming to have this form of encryption was among Zoom’s biggest deceptions. The business has also made it easier for hosts to say control over meetings by screening, muting and kicking out uninvited guests or disruptors.

Since Zoom’s initial 90-day plan ended, the business has promised periodic updates on security. Zoom is currently on a quest to be a straight bigger part of users’ lives, by debuting something to supply philanthropic, free and paid events, such as for example yoga or language-learning classes, and in addition has developed Zapps, ways to better integrate Zoom with an increase of business applications in order that staff are more productive on the platform. Chief financial officer Kelly Steckelberg said as recently as last month that security is currently included in every product the business is developing.