{"id":16853,"date":"2020-11-13T12:52:44","date_gmt":"2020-11-13T17:52:44","guid":{"rendered":"https:\/\/abovethelaw.com\/?p=711782"},"modified":"2020-11-13T12:52:44","modified_gmt":"2020-11-13T17:52:44","slug":"zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption","status":"publish","type":"post","link":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/","title":{"rendered":"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-711806\" src=\"https:\/\/abovethelaw.com\/wp-content\/uploads\/sites\/4\/2020\/11\/GettyImages-157337542-300x199.jpg\" alt=\"\" width=\"300\" height=\"199\" \/>In many ways, Zoom is an incredible success story. A relative unknown before the pandemic, the company&#8217;s userbase exploded from 10 million pre-pandemic to 300 million users worldwide as of last April. One problem: like so many modern tech companies, its security and privacy practices weren&#8217;t up to snuff. Researchers found that the company&#8217;s &#8220;end-to-end encryption&#8221;\u00a0<a href=\"https:\/\/theintercept.com\/2020\/03\/31\/zoom-meeting-encryption\/\">didn&#8217;t actually exist<\/a>. The company also came under fire for features that let employers\u00a0<a href=\"https:\/\/www.vice.com\/en\/article\/qjdnmm\/working-from-home-zoom-tells-your-boss-if-youre-not-paying-attention\">track employees&#8217; attention levels<\/a>, and for\u00a0<a href=\"https:\/\/www.vice.com\/en\/article\/k7e599\/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account\">sharing data with Facebook<\/a>\u00a0that wasn&#8217;t revealed in the company&#8217;s privacy policies.<\/p>\n<p>While the company has taken great strides to improve most of these problems, the company received a bit of a wrist slap by the FTC this week for misleading marketing and &#8220;a series of deceptive and unfair practices that undermined the security of its users.&#8221; A\u00a0<a href=\"https:\/\/www.ftc.gov\/system\/files\/documents\/cases\/1923167zoomacco2.pdf\">settlement<\/a>\u00a0(pdf) and\u00a0<a href=\"https:\/\/go.skimresources.com\/?id=100767X1643288&amp;isjs=1&amp;jv=14.4.0-stackpath&amp;sref=https%3A%2F%2Fwww.vice.com%2Fen%2Farticle%2Fwx85pb%2Fzoom-misled-users-false-sense-of-security-ftc-says&amp;url=https%3A%2F%2Fwww.ftc.gov%2Fsystem%2Ffiles%2Fdocuments%2Fcases%2F1923167zoomacco2.pdf&amp;xguid=&amp;xs=1&amp;xtz=480&amp;xuuid=cb0d504ea666b641e95e20cfbf379cf1&amp;abp=1&amp;xjsf=other_click__auxclick%20%5B2%5D\">related announcement<\/a>\u00a0make it clear that the company repeatedly misled consumers with its marketing, particularly on the issue of end-to-end encryption:<\/p>\n<blockquote><p>&#8220;In reality, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers\u2019 meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised. Zoom\u2019s misleading claims gave users a false sense of security, especially for those who used the company\u2019s platform to discuss sensitive topics such as health and financial information.<\/p><\/blockquote>\n<p>The FTC also criticized Zoom for storing some meeting recordings unencrypted in the cloud for up to two months, despite marketing claims that meetings would be encrypted immediately following session completion. The agency also criticized Zoom for bypassing Safari malware detection when it installed ZoomOpener web server software as part of a Mac desktop application update in July 2018:<\/p>\n<blockquote><p>&#8220;Without the ZoomOpener web server, the Safari browser would have provided users with a warning box, prior to launching the Zoom app, that asked users if they wanted to launch the app. The complaint alleges that Zoom did not implement any offsetting measures to protect users\u2019 security, and increased users\u2019 risk of remote video surveillance by strangers. The software remained on users\u2019 computers even after they deleted the Zoom app, and would automatically reinstall the Zoom app\u2014without any user action\u2014in certain circumstances.&#8221;<\/p><\/blockquote>\n<p>The settlement itself isn&#8217;t much of one. As part of it, Zoom simply has to &#8220;establish and implement a comprehensive security program&#8221; and adhere to &#8220;a prohibition on privacy and security misrepresentations,&#8221; stuff the company insists it has already done. The settlement doesn&#8217;t come with any meaningful financial penalties or consumer compensation of any kind, resulting in some dissenting Democratic Commissioners (like commissioner Rebecca Kelly Slaughter) arguing it\u00a0<a href=\"https:\/\/go.skimresources.com\/?id=100767X1643288&amp;isjs=1&amp;jv=14.4.0-stackpath&amp;sref=https%3A%2F%2Fwww.vice.com%2Fen%2Farticle%2Fwx85pb%2Fzoom-misled-users-false-sense-of-security-ftc-says&amp;url=https%3A%2F%2Fwww.ftc.gov%2Fsystem%2Ffiles%2Fdocuments%2Fpublic_statements%2F1582918%2F1923167zoomslaughterstatement.pdf&amp;xguid=&amp;xs=1&amp;xtz=480&amp;xuuid=cb0d504ea666b641e95e20cfbf379cf1&amp;abp=1&amp;xjsf=other_click__auxclick%20%5B2%5D\">wasn&#8217;t really much of a settlement at all<\/a>:<\/p>\n<blockquote><p>&#8220;Zoom is not required to offer redress, refunds, or even notice to its customers that material claims regarding the security of its services were false. This failure of the proposed settlement does a disservice to Zoom\u2019s customers, and substantially limits the deterrence value of the case.&#8221;<\/p><\/blockquote>\n<p>Again, Zoom should be applauded for the fact that the company has taken many concrete steps to improve things sense reports first surfaced that its privacy and security standards weren&#8217;t up to snuff. But it&#8217;s not clear that the FTC, arriving late to the party and &#8220;requiring&#8221; the company do a bunch of things it had already accomplished, really acts as much of a deterrent for the long line of companies that phone in their privacy and security standards. Especially when most of them get far less (if any) attention for similar behavior, in part because the FTC routinely\u00a0<a href=\"https:\/\/www.marketwatch.com\/story\/congresswoman-shocking-that-ftc-has-only-8-of-the-staff-the-uk-does-devoted-to-privacy-data-security-2019-05-08\">lacks the resources<\/a>\u00a0to seriously police privacy at any real scale.<\/p>\n<p><a href=\"https:\/\/www.techdirt.com\/articles\/20201110\/06431545676\/zoom-gets-ftc-wrist-slap-misleading-users-security-encryption.shtml\">Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption<\/a><\/p>\n<p><strong>More Law-Related Stories From Techdirt:<\/strong><\/p>\n<p><a href=\"https:\/\/www.techdirt.com\/articles\/20201110\/23305545680\/about-time-ny-governor-cuomo-signs-anti-slapp-law.shtml\">About Time: NY Governor Cuomo Signs Anti-SLAPP Law<\/a><br \/>\n<a href=\"https:\/\/www.techdirt.com\/articles\/20201107\/22235745666\/appeals-court-strips-immunity-detectives-who-turned-rape-report-into-18-hours-terror-victim.shtml\">Appeals Court Strips Immunity From Detectives Who Turned A Rape Report Into 18 Hours Of Terror For The Victim<\/a><br \/>\n<a href=\"https:\/\/www.techdirt.com\/articles\/20201111\/08335445683\/trumpland-apparently-just-forgot-about-manufactured-tiktok-hysteria.shtml\">Trumpland Apparently Just Forgot About Its Manufactured TikTok Hysteria<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p class=\"summary\">Encryption? What&#8217;s that?<\/p>\n","protected":false},"author":205,"featured_media":711806,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[11],"tags":[1402,7,7361],"class_list":["post-16853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ftc","tag-technology","tag-zoom"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event\" \/>\n<meta property=\"og:description\" content=\"Encryption? What&#039;s that?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"Above The Law&#039;s Legal Tech Non-Event\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-13T17:52:44+00:00\" \/>\n<meta name=\"author\" content=\"Techdirt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Techdirt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/\",\"url\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/\",\"name\":\"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event\",\"isPartOf\":{\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2020-11-13T17:52:44+00:00\",\"dateModified\":\"2020-11-13T17:52:44+00:00\",\"author\":{\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/4a1bdbf630074fc9f1feca42159f08d6\"},\"breadcrumb\":{\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/#website\",\"url\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/\",\"name\":\"Above The Law&#039;s Legal Tech Non-Event\",\"description\":\"A Legal Tech Adoption Guide For Perplexed Lawyers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/4a1bdbf630074fc9f1feca42159f08d6\",\"name\":\"Techdirt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a4151b2f088dc890067fc9e6faefefce91880d605c40cc46dd473049e5d123e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a4151b2f088dc890067fc9e6faefefce91880d605c40cc46dd473049e5d123e?s=96&d=mm&r=g\",\"caption\":\"Techdirt\"},\"sameAs\":[\"http:\/\/www.techdirt.com\/\"],\"url\":\"https:\/\/abovethelaw.com\/legal-innovation-center\/author\/techdirt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/","og_locale":"en_US","og_type":"article","og_title":"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event","og_description":"Encryption? What's that?","og_url":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/","og_site_name":"Above The Law&#039;s Legal Tech Non-Event","article_published_time":"2020-11-13T17:52:44+00:00","author":"Techdirt","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Techdirt","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/","url":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/","name":"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption - Above The Law&#039;s Legal Tech Non-Event","isPartOf":{"@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/#website"},"primaryImageOfPage":{"@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage"},"image":{"@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage"},"thumbnailUrl":"","datePublished":"2020-11-13T17:52:44+00:00","dateModified":"2020-11-13T17:52:44+00:00","author":{"@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/4a1bdbf630074fc9f1feca42159f08d6"},"breadcrumb":{"@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/2020\/11\/13\/zoom-gets-an-ftc-wrist-slap-for-misleading-users-on-security-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/abovethelaw.com\/legal-innovation-center\/"},{"@type":"ListItem","position":2,"name":"Zoom Gets An FTC Wrist Slap For Misleading Users On Security, Encryption"}]},{"@type":"WebSite","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/#website","url":"https:\/\/abovethelaw.com\/legal-innovation-center\/","name":"Above The Law&#039;s Legal Tech Non-Event","description":"A Legal Tech Adoption Guide For Perplexed Lawyers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/abovethelaw.com\/legal-innovation-center\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/4a1bdbf630074fc9f1feca42159f08d6","name":"Techdirt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/abovethelaw.com\/legal-innovation-center\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a4151b2f088dc890067fc9e6faefefce91880d605c40cc46dd473049e5d123e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a4151b2f088dc890067fc9e6faefefce91880d605c40cc46dd473049e5d123e?s=96&d=mm&r=g","caption":"Techdirt"},"sameAs":["http:\/\/www.techdirt.com\/"],"url":"https:\/\/abovethelaw.com\/legal-innovation-center\/author\/techdirt\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/posts\/16853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/users\/205"}],"replies":[{"embeddable":true,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/comments?post=16853"}],"version-history":[{"count":0,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/posts\/16853\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/media?parent=16853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/categories?post=16853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/abovethelaw.com\/legal-innovation-center\/wp-json\/wp\/v2\/tags?post=16853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}