FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
Zoom has reached a settlement with the Federal Trade Commission (FTC), admitting to inaccurate and misleading claims of encryption for calls and promising to engage in a number of activities intended to ensure that similar issues don't recur.
According to the FTC's settlement announcement, Zoom had promised "end to end 256-bit encryption" of Zoom calls since 2016 but only delivered a lesser level of security until October of this year. The greater security was only offered to all users after Zoom backtracked following an initial announcement that only paid subscribers would see full encryption. Zoom's misleading statements to consumers form the heart of the FTC's complaint against the company
The FTC's announcement notes that Zoom's user base skyrocketed from roughly 10 million users in December 2019 to more than 300 million in April 2020. Zoom has publicly scrambled to keep up with the demand for secure communications, offering features such as two-factor authentication to all users beginning in September.
In the agreement, Zoom admitted to a series of security missteps (such as the ZoomOpener installation that secretly installed a program that automatically opened the Zoom application on macOS computers, and defeated attempts to uninstall the application, in 2018) as well as encryption misstatements, and agreed to a program of security improvements, new program development, regular assessments, and new safeguards for customers data. The consent agreement will become final after a 30-day comment period following its publication in the Federal Register.
For more, read here.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024