By Ryan J. Farrick, LEGAL READER
August 14, 2020
Lawsuit: Zoom Lied About Security Measures, End-to-End Encryption
The lawsuit claims that Zoom never had end-to-end encryption, despite it telling customers that it did.
Zoom is facing another lawsuit alleging that the video communications company has deceived consumers by making false claims about its privacy measures.
FOX Business reports that the most recent lawsuit was filed by Consumer Watchdog on behalf of Washington, D.C., consumers. In a Monday filing, Consumer Watchdog claimed that Zoom has made false representations about the platform’s security, such as its being equipped with “end-to-end encryption.”
Such encryption, says the lawsuit, was one way in which Zoom touted its privacy features as a way to “distinguish itself from competitors and attract new consumers.”
“The consequences of Zoom’s false pretenses of end-to-end encryption are far-reaching and incredibly concerning,” Consumer Watchdog staff attorney Benjamin Powell said in a Tuesday press release. “Clients in the medical field, for example, were assured by Zoom that its platform was secure enough to transmit confidential medical information between physician and client.”
“That just isn’t the case,” Powell stated.
Consumer Watchdog says there are likely “tends of thousands of Zoom users in Washington, D.C.,” many of whom were misled by the company’s assurances of adequate security.
Building off its medical example, Consumer Watchdog said that professionals in other industries trusted that what they said and sent over Zoom could not easily be intercepted.
“In certain industry sectors, this level of data security is not just desired, but also necessary to protect vulnerable populations and comply with regulatory privacy laws,” the suit claims. “For example, the healthcare industry takes particular care in selecting communications platforms that are secure enough to comply with the Health Insurance Portability and Accountability Act.”
According to FOX Business, papers associated with the lawsuit show Zoom representatives telling prospective clients that their data cannot be intercepted.
“Zoom’s solution and security architecture provides end-to-end encryption and meeting access controls so data in transit cannot be intercepted,” one screenshotted message says.
But Consumer Watchdog alleges that Zoom does not have end-to-end encryption, and simply used the term as a way to attract more customers.
“Zoom only used the phrase ‘end-to-end encryption’ as a marketing device to lull consumers and businesses into a false sense of security,” the suit says. “The reality is that Zoom is, and always has been, capable of intercepting and accessing any and all data that users transmit on its platform—the very opposite of end-to-end encryption.”
“Nonetheless,” the complaint continues, “Zoom relied on its end-to-end encryption claim to attract customers and build itself into a publicly traded company with a valuation of more than $70 billion.”
Zoom, adds Bloomberg Law, appears to have recognized shortcomings in its security architecture and has pledged to resolve them.
“We take privacy and security extremely seriously and are committed to continuous enhancements, including the timely beta testing and implementation of end-to-end encryption,” the company said in a statement.