Zoom, the video conferencing service that overnight became both a messiah and a villain in the initial months of the Covid-19 pandemic, has been issued a settlement order by the United States Federal Trade Commission (FTC). As part of the order, the FTC has divulged that for years, Zoom lied about the level of security that it offered its users. The main reason behind this was because of how Zoom told its users since 2016 that its video conferencing services offered 256-bit end-to-end encryption, which was completely untrue.
Zoom also secretly downloaded a web service on Apple Mac users that allowed Zoom to bypass the Safari web browser’s security prompt, which would have informed users before allowing Zoom to log users into a meeting automatically. This feature was also not disclosed by Zoom adequately to its users, and was later removed by Apple via a software update. It has also been noted that when Zoom users saved a copy of their meetings on their cloud servers, the company apparently kept cloud meeting copies on their unsecured cloud server for almost 60 days, hence putting user data in serious risk.
Imposing restrictions on Zoom, a statement by the FTC said, “Zoom personnel will be required to review any software updates for security flaws and must ensure the updates will not hamper third-party security features. Zoom is also prohibited from making misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information; its security features; and the extent to which users can control the privacy or security of their personal information.”
“Finally, the company must obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the Commission if it experiences a data breach,” it further added.
In response to the FTC order, Zoom has issued a statement saying that it has already complied with all the impositions that the Commission has laid out. Despite that, it is important to note that Zoom’s security efforts, under the guise of all sincerity, only came after it faced global pressure from all quarters as it witnessed a surge in its user count. Zoom has since hired ex-Facebook security chief Alex Stamos to head its security efforts, and of late, has rolled out end-to-end encryption for all users. The update came after Zoom faced significant backlash for stating that only paid users would be privy to its secure encryption standard.