FTC says Zoom misled users on its security for meetings

WASHINGTON — Federal regulators are requiring Zoom to strengthen its security in a proposed settlement of allegations that the video conferencing service misled users about its level of security for meetings.

The settlement was announced today by the Federal Trade Commission. A complaint filed by the agency accused Zoom of deceiving users over security since at least 2016. It said the company held on to cryptographic keys that allowed it to access content from its customers’ meetings, and secured meetings with a lower level of privacy encryption than it promised customers.

The regulators alleged that Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.”

Zoom Video Communications Inc., based in San Jose, Calif., would be required under the settlement to take specific measures, such as establishing a program for resolving privacy vulnerability. Company personnel would be required to review any software updates for security flaws.

The vote was 3-2 to propose the agreement, with the FTC’s two Democratic commissioners, Rohit Chopra and Rebecca Kelly Slaughter, dissenting because it doesn’t require refunds or other redress for affected customers. The proposal will be opened to public comment for 30 days, after which the agency will decide whether to make it final.