Zoom to enhance security as part of proposed U.S. settlement with FTC

A 3D printed Zoom logo
FILE PHOTO: A 3D printed Zoom logo is placed between small toy people figures and a keyboard in this illustration taken April 12, 2020. REUTERS/Dado Ruvic/Illustration

November 9, 2020

By Susan Heavey and Nandita Bose

WASHINGTON (Reuters) – Zoom Video Communications Inc <ZM.O> must implement a new information security program as part of its proposed settlement with U.S. regulators over user privacy issues, the Federal Trade Commission said on Monday.

The resolution did not have any financial component but the agency said Zoom would face fines of up to $43,280 for each future violation under the agreement.

It said Zoom’s misleading claims about giving users a secure channel of communication while offering a lower level of protection gave them a false sense of security.

“Zoom’s security practices didn’t line up with its promises,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection.

The company’s stock, which has climbed sharply this year, skidded more than 13% in afternoon trading, to $433.

A company spokeswoman said the security of its users is a top priority for Zoom. “We have already addressed the issues identified by the FTC,” she said.

The FTC voted 3-2 along party lines to approve the settlement. Democratic commissioner Rohit Chopra issued a dissenting statement saying the company’s failures warrant serious action.

“The FTC’s proposed settlement includes no help for affected parties, no money, and no other meaningful accountability,” he said.

Chopra further said the commission’s order includes no findings of fact or liability and the investigation makes no significant conclusions.

Zoom has been a big beneficiary of the coronavirus lockdowns, with millions of workers and students using its video platform as they work and study from home. Its user base has risen from 10 million in December 2019 to 300 million in April 2020, the agency said.

The company has faced a backlash for failing to disclose that its service was not fully end-to-end encrypted, a method of securing communications so that only the sender and recipient can read the content. Zoom had said it planned to develop tools that would give meeting hosts more control and allow users to join a meeting securely.

(Reporting by Susan Heavey and Nadita Bose; Editing by Chizu Nomiyama, Richard Chang and Dan Grebler)