Videoconferencing platform Zoom and the Federal Trade Commission have reached a settlement over “misleading claims” about Zoom’s security that spanned over 4 years, according to the FTC.
The agency announced in a recent statement that Zoom incorrectly claimed its video calls were protected by end-to-end encryption, and that Zoom engaged in “deceptive and unfair practices that undermined the security of its users.”
Zoom said in March that the phrase “end to end” was “in reference to the connection being encrypted from Zoom end point to Zoom end point,” that “content is not decrypted as it transfers across the Zoom cloud,” and that it only collected user data needed to improve its services.
However the FTC is saying that Zoom had the cryptographic keys the could make it possible for Zoom to access customers’ meetings. According to the FTC’s complaint, Zoom gave users a false sense of security, making those who used the company’s platform to discuss sensitive topics such as health and financial information less secure than they were led to believe.
Zoom recently introduced the first of four phases of its end-to-end encryption in October for free and paid users in meetings with up to 200 participants. The next phase of encryption will have better identity management and support for single sign-on, Zoom has said.