• by Wendy Davis  @wendyndavis, December 4, 2020

Videoconferencing app Zoom, which surged in popularity this year, has asked a judge to throw out a potential class-action lawsuit alleging wide-ranging security and privacy lapses.

In papers filed this week with U.S. District Court Judge Lucy Koh in San Jose, Zoom argues that the users who brought the case haven't outlined any injury as a result of the alleged security and privacy practices, and therefore can't proceed with a lawsuit.

“No plaintiff alleges that Zoom jeopardized any of their own personal data through alleged sharing with a third party,” the company writes.

“Plaintiffs fail to allege facts sufficient to show cognizable harm,” Zoom adds.

Zoom's argument comes in response to a series of privacy and security lawsuits brought earlier this year by users. The complaints, initially filed separately, were later consolidated into one potential class-action that includes allegations relating to “zoombombing,” encryption and data-sharing.

As Zoom usage ballooned this year due to the COVID-19 pandemic, alleged privacy and security glitches also emerged. Most famously, trolls began “zoombombing” meetings -- breaking into other people's conferences and bombarding them with porn or offensive speech.

Other potential privacy issues first came to light in the press.

For instance, Motherboard reported in March that Zoom's iOS app was sending some data to Facebook. Soon after Motherboard published its report, Zoom updated its app to stop the data transfers.

Also, the publication The Intercept reported in April that Zoom incorrectly represented that it used “end-to-end encryption,” when it actually used “transport” encryption. (Zoom recently settled with the Federal Trade Commission over allegations relating to encryption.)

Zoom says in its new court papers that it “has worked tirelessly since the pandemic’s onset to keep its services operational and secure, while developing and deploying extensive privacy and security enhancements to address new challenges caused by the massive uptick in non-corporate usage.”

In addition to arguing that Zoom users didn't suffer the kind of injury that would warrant a privacy lawsuit, the company also says Section 230 of the Communications Decency Act shields it from liability for zoombombing by hackers.

That law says companies that offer interactive services aren't responsible for content posted by outside parties.

“Section 230 applies because plaintiffs’ meeting disruption claims seek to hold Zoom liable as a publisher of content supplied by the disrupters,” Zoom argues.

The Zoom users who sued are expected to respond to the company's arguments by the end of this month, and Koh is expected to hold a hearing on the matter in February.