requires Zoom to live up to its privacy and security promises
BREVARD COUNTY, FLORIDA – Daily life has changed a lot since the pandemic started.
Because face-to-face interactions aren’t possible for so many of us, we’ve turned to videoconference for work meetings, school, catching up with our friends, even seeing the doctor.
When we rely on technology in these new ways, we share a lot of sensitive personal information. We may not think about it, but companies know they have an obligation to protect that information.
The FTC just announced a case against video conferencing service Zoom about the security of consumers’ information and videoconferences, also known as “Meetings.”
The FTC claimed that Zoom failed to protect users’ information in a variety of ways:
- Zoom said it provided end-to-end encryption — a way to protect communications so only the sender and the recipient can see it — for Zoom Meetings. It didn’t.
- Zoom said it secured Meetings with a higher level of encryption than it actually provided.
- Zoom told users who recorded a Meeting that it would save a secure, encrypted recording of the meeting when it ended. In reality,
- Zoom kept unencrypted recordings on its servers for up to 60 days before moving them to its secure cloud storage.
- Zoom installed software, called ZoomOpener, on Mac users’ computers. This software bypassed a Safari browser security setting and put users at risk — for example, it could have allowed strangers to spy on users through their computer’s web cameras. Or hackers could have exploited the vulnerability to download malware onto — and take control of — users’ computers. If users deleted the Zoom app, the ZoomOpener remained, as did these…