Watchdogs are criticizing the Federal Trade Commission's proposed
settlement with Zoom over potential security risks, calling the deal “unacceptable” because it doesn't address allegations that the company mishandled users' data.
“The
Commission should include new privacy safeguard requirements in its consent order with Zoom,” the Electronic Privacy Information Center and other groups write in comments filed with the FTC this
week. “A failure to do so now would only create the opportunity for Zoom to avoid monetary penalties in the future if it fails to protect users’ privacy. That is simply
unacceptable.”
The comments were also signed by the Center for Digital Democracy, Campaign for a Commercial-Free Childhood, Parent Coalition for Student Privacy and Consumer Federation
of America.
The proposed settlement, approved 3-2 by the FTC, requires
Zoom to implement an information security program, refrain from misstating its practices in the future, and undergo biennial audits for 20 years.
If finalized, the deal will resolve
allegations that Zoom deceived users over some security and privacy practices, including claims that Zoom misled users by falsely stating meetings were end-to-end encrypted.
But the settlement
doesn't directly address several privacy issues that emerged earlier this
year, particularly at the start of the pandemic, when many people began working from home.
For instance, it emerged this spring that an integration between Zoom and LinkedIn may have allowed
LinkedIn to gather data about Zoom users. Also, Zoom reportedly sent data about some users to Facebook. Additionally, hackers were able to “zoombomb” video conferences -- hijacking
meetings and often bombarding them with porn or hate speech.
“Zoom’s unlawful business practices created substantial privacy and security risks for consumers and gave the company
an unfair advantage at a time when millions of companies, institutions, and individual users were forced to communicate and interact with their teachers, coworkers, friends, family, and others through
videoconferencing services,” the groups write.
The Electronic Privacy Information Center and other groups are now urging the FTC to add new privacy terms to the settlement, including a
requirement that Zoom implement a comprehensive privacy program (as opposed to a security program), make privacy assessments publicly available, provide redress to its paying consumers, and limit data
collection about children.
The agency's two Democrats dissented from the settlement last month, writing that it doesn't go far enough to protect users' privacy.
Commissioner Rebecca
Kelly Slaughter stated the proposed deal “fails to require Zoom to address privacy as well as security,” and also “fails to require Zoom to take any steps to correct the deception we
charge it perpetrated on its paying clients.”
Commissioner Rohit Chopra added that the proposed deal “includes no help for affected parties, no money, and no other meaningful
accountability.”