Zoom to pay $85M for lying about encryption and sending data to Facebook and Google

Source: Ars Technica

Article note: For 2/3 complaints, all they had to do was say they were focusing on scaling and urgently needed management features during the pandemic, not ...blatantly lie... about their encryption features, and not insert spyware APIs into their code. The "zooombombing is the platform's fault" one is a little more of a stretch, since Zoom was very suddenly pushed into all kinds of unintended new use-cases ... but see above, it _is_ what they should have been working on.
A computer screen with a Zoom call showing the faces of a dozen participants.

Enlarge / Technical preview of Zoom's end-to-end encryption, made available months after Zoom was caught lying to users about how it encrypts video calls. (credit: Zoom )

Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant "Zoombombings."

The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations" in a settlement with the Federal Trade Commission, but the FTC settlement didn't include compensation for users.

As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, "Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC said. In real end-to-end encryption, only the users themselves have access to the keys needed to decrypt content.

Read 19 remaining paragraphs | Comments

This entry was posted in News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *