FTC Issues Settlement Requiring Zoom to Implement Robust Information Security Program in Response to Years of Deceptive Security Practices

FTC Issues Settlement Requiring Zoom to Implement Robust Information Security Program in Response to Years of Deceptive Security Practices

On November 9, 2020, the Federal Trade Commission (FTC) announced a settlement agreement with Zoom Video Communications, Inc. (Zoom) that arose from alleged violations that Zoom engaged in a series of deceptive and unfair practices that undermined user security.

The FTC found that Zoom made several representations across its platform regarding the strength of its privacy and security measures used to protect users’ personal information that were untrue and provided users with a false sense of security. Specifically, the FTC found that Zoom made multiple statements regarding “end-to-end” and “AES 256-bit” encryption used to secure videoconference communications. However, Zoom did not provide end-to-end encryption for any Zoom meeting conducted outside of Zoom’s “Connecter” product. And, Zoom used a lower level of encryption that did not provide for the same level of security as “AES 256-bit” encryption. The FTC also found that Zoom stored meeting recordings unencrypted and for a longer period than Zoom claimed in its Security Guide. And, Zoom circumvented browser privacy and security safeguards through software updates without notice to users and without establishing replacement safeguards.

Read more.

FTC Investigation of Twitter for Alleged Privacy Violations Reinforces Need for Strong Privacy Policies and Practices

FTC Investigation of Twitter for Alleged Privacy Violations Reinforces Need for Strong Privacy Policies and Practices

On August 3, 2020, Twitter disclosed in a regulatory filing that it is under investigation by the Federal Trade Commission (FTC) for allegations that the company used user phone numbers and email addresses for targeted advertising in violation of a 2011 Consent Agreement. Twitter estimates that it could face $150 to $250 million in losses due to legal fees and enforcement penalties resulting from this matter.

The 2011 Consent Agreement resolved charges that Twitter violated the Federal Trade Commission Act (FTC Act) when hackers obtained administrative control of Twitter allowing them access to non-public user information, private tweets, and the ability to send out fake tweets from any user’s account. The FTC found that Twitter’s actions neither upheld statements in its privacy policy, nor provided reasonable and appropriate security to prevent unauthorized access to nonpublic user data and honor the privacy choices of its users.

Read more.