Zoom has been hit with a third federal class-action complaint over its security and privacy practices.
“Zoom consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the product,” Los Angeles resident Lisa Ohlweiler alleges in the newest complaint, brought late last week in U.S. District Court for the Central District of California.
Ohlweiler alleges that the newly popular video conferencing company shared data about users with Facebook, falsely advertised that its service uses end-to-end encryption, and failed to fix security vulnerabilities.
Claims regarding data sharing with Facebook stem from a March 26 Motherboard report that detailed how Zoom's iOS app sent some data to the social networking platform. After the report appeared, Zoom updated its app to stop the data transfers.
Allegations regarding falsely advertising end-to-end encryption appear to have first surfaced late last month, when The Intercept reported that Zoom uses “transport” encryption, and not end-to-end encruption. Transport encryption, unlike end-to-end encryption, allows Zoom to access audio and video content.
The complaint also alleges that Zoom has a vulnerability that allows hackers to join video meetings. “This has led to serious invasions of privacy and allows hackers to target users with specific advertisements,” the lawsuit states.
The newest case joins two other class-action complaints filed last week in the Northern District of California. Those earlier cases focused on allegations that Zoom's iOS app shares some data with Facebook.
In addition to the lawsuits, Zoom could find itself under scrutiny by the Federal Trade Commission.
On Tuesday, Sen. Richard Blumenthal (D-Connecticut) said he was seeking an FTC investigation of the company.
“Advertising privacy features that do not exist is clearly a deceptive act,” Blumenthal said on Twitter. “The facts & practices unearthed by researchers in recent weeks are alarming -- we should be concerned about what remains hidden. As Zoom becomes embedded in Americans’ daily lives, we urgently need a full & transparent investigation of its privacy & security.”
His tweets came one day after the advocacy group Electronic Privacy Information Center renewed its request for the FTC to investigate the company.
Zoom has said it's taking steps to address privacy issues.
“We recognize that we can do better with our encryption design,” CEO Eric Yuan said last week in a blog post.
He said in a separate post that Zoom is freezing its features in order to shift resources “to focus on our biggest trust, safety, and privacy issues.”