Zoom has reached a settlement with the Federal Trade Commission (FTC), admitting to inaccurate and misleading claims of encryption for calls and promising to engage in a number of activities intended to ensure that similar issues don't recur.
According to the FTC's settlement announcement, Zoom had promised "end to end 256-bit encryption" of Zoom calls since 2016 but only delivered a lesser level of security until October of this year. The greater security was only offered to all users after Zoom backtracked following an initial announcement that only paid subscribers would see full encryption. Zoom's misleading statements to consumers form the heart of the FTC's complaint against the company
The FTC's announcement notes that Zoom's user base skyrocketed from roughly 10 million users in December 2019 to more than 300 million in April 2020. Zoom has publicly scrambled to keep up with the demand for secure communications, offering features such as two-factor authentication to all users beginning in September.
In the agreement, Zoom admitted to a series of security missteps (such as the ZoomOpener installation that secretly installed a program that automatically opened the Zoom application on macOS computers, and defeated attempts to uninstall the application, in 2018) as well as encryption misstatements, and agreed to a program of security improvements, new program development, regular assessments, and new safeguards for customers data. The consent agreement will become final after a 30-day comment period following its publication in the Federal Register.
For more, read here.