Zoom Resolves FTC Issues, Vows to Develop Enhanced Security Infrastructure
In a significant move, video conferencing giant Zoom established a Chief Information Security Officer (CISO) advisory board and implemented a feature freeze until all security issues were remedied. This came following a series of allegations and scrutiny from the Federal Trade Commission (FTC) over deceptive and unfair practices.
One of the key issues raised by the FTC was the Zoom Opener software, a component of an update, which allowed Zoom's automatic launch to bypass an Apple Safari browser safeguard. The FTC alleged that this secret installation of the Zoom Opener software in 2018 compromised the security of some users.
During the early months of the nationwide lockdown, some organizations banned Zoom due to security concerns. However, in a bid to address these issues, Zoom made end-to-end encryption (E2EE) available globally for both paying and free customers in October. This move followed reports in April of Zoom's default use of transport encryption instead of E2EE.
The FTC settlement requires Zoom to establish a comprehensive security program and prohibits any misrepresentations of its privacy and security. The settlement also mandates that Zoom's cloud meeting servers become oblivious relays and never see the encryption keys, ensuring a higher level of security for its users.
Notably, Zoom's E2EE feature prohibits anyone except meeting participants, including Zoom's servers, from having access to encryption keys. This is a significant step towards addressing the concerns raised by the FTC.
In June, Jason Lee was named as Zoom's CISO. Lee reports to Zoom's COO Aparna Bawa. The available search results do not provide information on who hired Lee as CISO at Zoom or when this was published.
The FTC's scrutiny of Zoom is setting an example for the technology industry. The FTC has sought greater authority in privacy and data security cases, beyond the limitations of Section 5 of the FTC Act. In 2019, the FTC called on Congress to allow the agency to enact privacy and data security legislation, enforceable by the FTC, which grants the agency civil penalty authority.
It's worth noting that while Zoom's encryption methods are improving, other video meeting platforms like Microsoft Teams and Google Hangouts also lack a default E2EE encryption mode. Cisco Webex, on the other hand, uses TLS, while offering E2EE for Webex Meetings and Support.
Zoom CEO Eric Yuan admitted to "missteps" during this period. The company is taking steps to rectify these issues and regain the trust of its users. The future of Zoom's security measures will be closely watched by both users and regulatory bodies alike.
Read also:
- Development of Restaurant Apps: Expenses and Essential Elements
- Indian Oil Corporation's Panipat Refinery secures India's inaugural ISCC CORSIA accreditation for Sustainable Aviation Fuel production
- Ford Bets on an Affordable Electric Pickup Revolution with a $30,000 Design
- Rapid Charging Stations for Electric Vehicles Avoiding Grid Overload
