Zoom Boosts Security and Privacy Protections Under FTC Settlement
Videoconferences lacked the end-to-end encryption that the company promised to consumers
Zoom increased security and privacy protections in its videoconferencing platform to settle a Federal Trade Commission complaint that the company misled consumers about those features, the FTC announced.
Some privacy experts, however, suggested that the agreement doesn’t go far enough.
During the pandemic, consumers and small businesses have flocked to Zoom, increasing the company’s traffic from 10 million users per day in December 2019 to as many as 300 million daily in April 2020, when demand was at its peak.
While Zoom was created primarily as a business tool, many consumers are using the platform in new ways, from therapy sessions to Alcoholics Anonymous meetings, with different kinds of sensitive information shared during meetings.
Is the Settlement Enough?
As part of the FTC settlement, Zoom has already implemented fixes for the issues raised in the complaint. The company will also agree to third-party oversight of its privacy and security practices. Future violations could subject the company to substantial monetary fines, like the ones imposed against companies such as Facebook and Google. However, the current agreement doesn’t carry any financial penalties for Zoom.
Some privacy experts, including two FTC commissioners, suggested that the settlement with Zoom doesn’t go far enough.
“Because of the pandemic, consumers have become deeply reliant on Zoom,” says Jeff Chester, executive director of the Center for Digital Democracy, an advocacy organization based in Washington, D.C. “After Zoom got caught, FTC should have imposed significant penalties and demanded significant changes in the way they do business, but instead they gave them a slap on the digital wrist.”
Two of the five FTC commissioners, Rebecca Kelly Slaughter and Rohit Chopra, thought that the agency should have demanded more from Zoom, and they dissented from the decision.
“The order does not address the core problem: Zoom’s demonstrated inclination to prioritize some features, particularly ease of use, over privacy protections,” Slaughter wrote in her dissent to the settlement.
The FTC counters that it has both limited resources and limited authority to litigate a case like this, and if it did, the ensuing court battle would have delayed a settlement significantly.
“Had we litigated this case, we might have gotten more or different relief,” Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said at a press conference announcing the agreement. “But I’d bet we’d be having conversation in 2022 rather than today.”
“The majority seemed to think this is best result they could get with the cards they were dealt,” says CR’s Brookman.
How to Protect Yourself on Zoom
CR’s experts have some advice for enhancing your privacy while using Zoom or other videoconferencing platforms.
- Assume you’re being recorded. Anything you say or do in a Zoom meeting can be recorded. It can be captured officially by a host, an administrator, or another participant, or just grabbed by someone with screencasting software or even a smartphone. The solution? Turn off your camera and mic whenever possible.
- Mind your background. If you need to have your camera turned on, Zoom lets you choose a photo as the background for your video. You can pick one from your hard drive or use one supplied by Zoom. That can be important because the books on a shelf, posters, or other items in your living space can reveal information that you might not want to share with some of your co-workers or clients. And those images of your bedroom may not disappear when the conference is over; they can be stored for months or even years, and shared with people you’ve never met.
- Safeguard meeting information. Don’t share the password or links to any meeting you’ve been invited to. That can help to prevent Zoombombing, which is when bad actors gain access to a meeting and disrupt it.
- Use outside privacy tools. If you’re hosting a meeting and decide to create a videoconferencing account, use a dedicated “burner” email that you don’t use for anything else, or at least for important functions such as banking, healthcare, and social media accounts. It’s also smart to use a highly rated password manager with the platform’s password function. That can help keep your meetings secure from a Zoombombing intrusion.
- Just make a regular phone call. Many meetings simply don’t need video. When that’s the case, pick up the phone to talk to a colleague or loop a small group into an old-fashioned conference call.