Zoom and the Federal Trade Commission (FTC) have come to a tentative settlement agreement regarding the video conferencing company’s false advertising of end-to-end encryption along with other issues. However, the settlement isn’t a good one. Two of the five FTC commissioners are heavily opposed to the settlement because it is a disservice to Zoom customers. The FTC announced the news on the 9th of November, saying:
“[S]ince at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security.”
Besides lying about the end-to-end encryption offered by their service, Zoom is also being called out for lying about the encryption status of recorded video calls stored in Zoom’s cloud service. The announcement added that Zoom:
“misled some users who wanted to store recorded meetings on the company’s cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom’s servers before being transferred to its secure cloud storage.”
While Zoom is going down on the record as having lied about end-to-end encryption – among other things – the video conferencing company won’t need to pay recompense to affected users. Now that Zoom is officially being chastised for lying to customers for years, you’d expect a significant sort of reprimand to ensure that this type of lying doesn’t happen again. Instead, the FTC is essentially letting Zoom off with a light slap on the wrist and some paperwork obligations for the future. The FTC said:
“Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.”
On Zoom’s end, they maintain that true end-to-end encryption will soon be available to Zoom customers, even though CEO Eric Yuan has also made it clear that one of Zoom’s priorities is cooperating with law enforcement.
FTC Commissioner speaks out against FTC Zoom settlement
The FTC consists of five Commissioners, and the current FTC Zoom settlement really only has the blessings of ⅖ Commissioners. Instead of providing recompense to the users that Zoom lied to, Zoom is being let off very easily by the only organization that can put a foot down and set an example of Zoom. FTC Commissioner Rohit Chopra said in a statement:
“Today, the Federal Trade Commission has voted to propose a settlement with Zoom that follows an unfortunate FTC formula. The settlement provides no help for affected users. It does nothing for small businesses that relied on Zoom’s data protection claims. And it does not require Zoom to pay a dime. The Commission must change course.”
Instead, the Zoom FTC settlement is going to go down in history as another failure of the government to rein in anti-consumer practices. The second dissenting FTC Commissioner, Rebecca Kelly Slaughter, also stated:
“Zoom is not required to offer redress, refunds, or even notice to its customers that material claims regarding the security of its services were false. This failure of the proposed settlement does a disservice to Zoom’s customers, and substantially limits the deterrence value of the case.”
The government is sending the message to big tech that they can lie about the level of security and privacy offered to their customers and not face any real consequences for betraying the public trust with an institutional privacy disaster. That isn’t just a disservice to Zoom customers, it’s a disservice to the rule of law.