Zoom has been hit with a third federal class-action complaint over
its security and privacy practices.
“Zoom consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of
the product,” Los Angeles resident Lisa Ohlweiler alleges in the newest complaint, brought late last week in U.S. District Court for the Central District of California.
Ohlweiler alleges
that the newly popular video conferencing company shared data about users with Facebook, falsely advertised that its service uses end-to-end encryption, and failed to fix security vulnerabilities.
Claims regarding data sharing with Facebook stem from a March 26 Motherboard report that detailed how Zoom's iOS app sent some data to the social networking platform. After the report appeared,
Zoom updated its app to stop the data transfers.
Allegations regarding falsely advertising end-to-end encryption appear to have first surfaced late last month, when The Intercept reported that Zoom uses “transport” encryption, and not end-to-end encruption. Transport encryption,
unlike end-to-end encryption, allows Zoom to access audio and video content.
The complaint also alleges that Zoom has a vulnerability that allows hackers to join video meetings. “This
has led to serious invasions of privacy and allows hackers to target users with specific advertisements,” the lawsuit states.
The newest case joins two other class-action complaints
filed last week in the Northern District of California. Those earlier cases focused on allegations that Zoom's iOS app shares some data with Facebook.
In addition to the lawsuits, Zoom could
find itself under scrutiny by the Federal Trade Commission.
On Tuesday, Sen. Richard Blumenthal (D-Connecticut) said he was seeking an FTC investigation of the company.
“Advertising privacy features that do not exist is clearly a deceptive act,” Blumenthal said on Twitter.
“The facts & practices unearthed by researchers in recent weeks are alarming -- we should be concerned about what remains hidden. As Zoom becomes embedded in Americans’
daily lives, we urgently need a full & transparent investigation of its privacy & security.”
His tweets came one day after the advocacy group Electronic Privacy
Information Center renewed its request for the FTC to investigate the company.
Zoom has said it's taking steps to address privacy issues.
“We recognize that we can do better with
our encryption design,” CEO Eric Yuan said last week in a blog post.
He said in a separate post that Zoom is freezing its features in order to shift resources “to focus on our
biggest trust, safety, and privacy issues.”