According to IT Home on November 28, the video conferencing platform Zoom paid $85 million in 2021 due to misleading users about encryption technology (IT Home notes: currently about 616 million RMB). Recently, the company proposed to pay $18 million in fines to the U.S. Securities and Exchange Commission (SEC) to settle an investigation into the same security and privacy issues, which Zoom disclosed in regulatory filings.
As early as 2020, Zoom claimed that video calls on its platform were protected by end-to-end encryption (E2EE) technology, which means that no one except the participants can decrypt the video stream.
End-to-end encryption has three main advantages:
The company itself cannot view calls on the platform
Hackers cannot view the video even if they breach the Zoom system
Even government agencies authorized by Zoom cannot access it
This is also the reason why many messaging services, such as Apple's iMessage and FaceTime, use end-to-end encryption.
However, Zoom's E2EE claims are false. While sessions are encrypted, they are not using E2EE, so the above protections do not apply. This issue was exposed in 2020, and Zoom admitted to false advertising.
Users filed a class action lawsuit against Zoom for misleading behavior and reached a settlement of $85 million in 2021.
Zoom has made several security and privacy improvements to its service, but initially did not include E2EE. Subsequently, the company did offer an option for E2EE, but choosing that option disables many Zoom features.
The SEC launched an investigation into Zoom when its false statements were exposed, accusing the company of making misleading statements about the use of its services. Zoom hopes to settle this matter quickly and therefore proposed to pay an $18 million fine, but the SEC has not yet indicated whether it will accept this proposal.
Search$ACT