Zoom May Have Another Major Security Worry

Published on

By Anthony Spadafora, TECH RADAR

August 14, 2020


US advocacy group alleges Zoom’s end-to-end encryption claims were false advertising

Earlier this year Zoom found itself in hot water over claims that its video conferencing service uses end-to-end encryption when it instead employs transport encryption instead.

Now, the company is facing a lawsuit from the US nonprofit advocacy group Consumer Watchdog.

The lawsuit, filed in a Washington DC court, alleges the company falsely told users that it offers full encryption which puts it in breach of the District of Colombia Consumer Protection Procedures Act (DCCPPA) that prohibits false advertising.

Back in April, The Intercept released a report which revealed that Zoom uses transport encryption as opposed to end-to-end encryption. Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. However, the main difference between transport encryption and end-to-end encryption is that while others won’t be able to access your data, Zoom will still be able to.

Zoom lawsuit

In its complaint against the company, Consumer Watchdog alleges that Zoom continued to say that its video conferencing software used end-to-end encryption even though it didn’t at the time, saying:

“Zoom repeated its end-to-end encryption claims throughout its website, in white papers—including in its April 2020 HIPAA Compliance Guide—and on the user interface within the app. Through these representations, Zoom established itself as a safe, secure, and reliable video conferencing platform for consumers, and targeted sectors that require highly secure communication systems. Further, there is no question that consumers—and businesses in the healthcare sector—have specifically relied on Zoom’s false end-to-end encryption representations.”

Consumer Watchdog’s lawsuit is asking the DC court for an injunction against Zoom in order to prevent the company from misrepresenting its security measures. At the same time, the advocacy group is seeking statutory damages under the DCCPPA  which allows for fines of up to $1,500 per violation. This means that that the total possible fine levied against the company could add up very quickly depending on the number of consumers that the court deems were impacted in the DC-area.

In Zoom’s defense, the company has been working hard to add end-to-end encryption to its platform and bolster the security of its video conferencing service. For instance, in May it acquired the secure messaging and file-sharing service Keybase to help with these efforts.

Consumer Watchdog
Consumer Watchdoghttps://consumerwatchdog.org
Providing an effective voice for American consumers in an era when special interests dominate public discourse, government and politics. Non-partisan.

Latest Videos

Latest Releases

In The News

Latest Report

Support Consumer Watchdog

Subscribe to our newsletter

To be updated with all the latest news, press releases and special reports.

More Releases