Zoom agrees to increase security
Zoom Video Communications Inc. agreed to boost its security to settle claims that it misled users about access to online meetings and other issues, the Federal Trade Commission said.
Since at least 2016, the videoconferencing platform, which skyrocketed in popularity because of coronavirus stay-at-home measures, said it offered a higher level of encryption for its meetings than it actually did and also misled participants about the level of security for storing meeting recordings, the FTC alleged Monday.
As part of the settlement, Zoom will have to document and assess security risks every other year, develop ways to manage them, deploy more methods to protect against unauthorized access to the network and take other steps, including preventing “the use of known compromised user credentials,” the FTC said.
Zoom said it has already put in place the security improvements required by the settlement.
The company had hoped that scrutiny over its lapses was behind it. It instituted a 90-day security plan on April 1, during which it froze development of other features not related to user privacy and safety. Zoom held public weekly meetings to discuss its efforts, which focused principally on developing the end-to-end encryption it had long promised. That’s the highest level of data privacy available, in which no one — not even Zoom — can decipher communications.
The FTC alleged that claiming to have this form of encryption was one of Zoom’s biggest deceptions.
Zoom has also made it easier for hosts to assert control over meetings by screening, muting and kicking out uninvited guests or disruptors.