Zoom sued over misleading security claims Zoom

Earlier this year Zoom found itself in hot water over claims that its video conferencing service uses end-to-end encryption when it actually uses transport encryption instead and now the company is facing a lawsuit from the US nonprofit advocacy group Consumer Watchdog.

The lawsuit, filed in a Washington DC court, alleges the company falsely told users that it offers full encryption which puts it in breach of the District of Colombia Consumer Protection Procedures Act (DCCPPA) that prohibits false advertising.

Back in April, The Intercept released a report which revealed that Zoom uses transport encryption as opposed to end-to-end encryption. Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. However, the main difference between transport encryption and end-to-end encryption is that while others won’t be able to access your data, Zoom will still be able to.

Consumer Watchdog lawsuit

In its complaint against the company, Consumer Watchdog alleges that Zoom continued to say that its video conferencing software used end-to-end encryption even though it didn’t at the time, saying:

“Zoom repeated its end-to-end encryption claims throughout its website, in white papers—including in its April 2020 HIPAA Compliance Guide—and on the user interface within the app. Through these representations, Zoom established itself as a safe, secure, and reliable video conferencing platform for consumers, and targeted sectors that require highly secure communication systems. Further, there is no question that consumers—and businesses in the healthcare sector—have specifically relied on Zoom’s false end-to-end encryption representations.”

Consumer Watchdog’s lawsuit is asking the DC court for an injunction against Zoom in order to prevent the company from misrepresenting its security measures. At the same time, the advocacy group is seeking statutory damages under the DCCPPA  which allows for fines of up to $1,500 per violation. This means that that the total possible fine levied against the company could add up very quickly depending on the number of consumers that the court deems were impacted in the DC-area.

In Zoom’s defense, the company has been working hard to add end-to-end encryption to its platform and bolster the security of its video conferencing service. For instance, in May it acquired the secure messaging and file-sharing service Keybase to help with these efforts.

Via ThreatPost

social experiment by Livio Acerbo #greengroundit #techradar https://www.techradar.com/news/zoom-sued-over-misleading-security-claims