• by Wendy Davis , Staff Writer @wendyndavis, May 14, 2020

It's probably not an exaggeration to say Zoom has become so popular during the COVID-19 crisis, that its name is now nearly synonymous with virtual meetings.

But as the video conferencing company's popularity has skyrocketed, its privacy and security woes have mounted. Now it's facing multiple lawsuits, not to mention a potential investigation by the Federal Trade Commission, for allegedly violating users' expectations about data sharing and cybersecurity.

The most recent lawsuit was brought by Saint Paulus Lutheran Church in San Francisco, which says it was Zoombombed on May 6 by a hacker who hijacked a bible-study class and posted pornographic videos, as well as videos depicting child sex abuse.

“Because of Zoom’s utter failure in providing security, Saint Paulus’s bible study class was Zoombombed twice within minutes,” the church alleges in a class-action complaint filed Wednesday in U.S. District Court in San Jose.

The complaint by the church also alleges that Zoom wrongly disclosed users' data to Facebook and falsely promised to use end-to-end encryption.

The allegation regarding Facebook first surfaced in late March, when the publication Motherboard reported that Zoom's iOS app transferred some data to Facebook. Several days after that report was published, Zoom updated its app to stop the data transfers, and said it was taking steps "to ensure this does not happen again."

News of Zoom's questionable use of the phrase “end-to-end encryption” also came to light in late March, when the The Intercept reported that Zoom uses “transport” encryption. Unlike end-to-end encryption, transport encryption allows Zoom to access audio and video content.

Separately from the court cases, lawmakers including Sen. Richard Blumenthal (D-Connecticut) have asked the Federal Trade Commission to investigate Zoom, as has advocacy group Electronic Privacy Information Center.

“Each day that passes presents a new report of a previously undisclosed problem with Zoom,” EPIC executives said in a letter sent to the FTC in April.

For its part, Zoom has vowed to beef up security practices. Last week, the company purchased Keybase as part of a move toward building end-to-end-encryption.

In the future, the encrypted meetings “will be tightly controlled by the host, who will admit attendees,” the company says.

Zoom adds: “These end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host.”