Videoconferencing application Zoom was forced to settle an $85m lawsuit this week that focused on the app's privacy failures.
The agreement still has to be given the green light by U.S. District Judge Lucy Koh, with a hearing scheduled for Oct. 21 in San Jose, California.
Why is Zoom in trouble?
The current case against the videoconferencing company consolidated 14 different lawsuits that have been leveled at Zoom since the pandemic began in March 2020.
Zoom is in trouble for three reasons, and the company has also been accused of lying about its encryption protocols both on its website, as well as in a white paper that detailed the organisation's security strategy.
The court specifically focused on how easily people were able to join the Zoom calls of other users without authorization, a practise which has been dubbed 'Zoombombing' by the press. Trolls participating in this phenomenon would often change their backgrounds to offensive images and spam chats with slurs and profanities.
However, there's also the issue of Zoom selling user data to Facebook, LinkedIn and Google. This additional aspect of the case is yet another reason to treat Zoom's corporate ethics and consumer software with increasing suspicion.
In April 2020, Zoom faced a number of difficult accusations about its encryption standards after an investigation by The Intercept. Zoom was allegedly encrypting its video calls using TLS encryption, which is used to secure websites that have 'https' in their URL.
TLS encryption is different to end-to-end encryption, which is what we would expect a company like Zoom, that is facilitating millions of private discussions that could reference personal and corporate data, to be using. If Zoom used end-to-end encryption, only those with local encryption keys could gain access. TLS encryption would not stop a Zoom employee, for instance, viewing a Zoom call they didn't have permission to.
Another separate sting by Motherboard (Vice) revealed that Zoom was leaking people's email addresses. Zoom's "Company Directory" setting automatically adds other people to users' contact lists if it notices that their emails share the same domain. In reality, however, it culminated in users being pooled together with strangers as if they were working for the same organisation.
But these are only a few examples of the issues Zoom has been tackling since the pandemic began. There have been numerous privacy-related missteps, including the creation of an 'attendee tracking' function that lets the meeting host see if people are clicking off Zoom meetings.
What does Zoom have to pay?
According to Techcrunch, if the lawsuit ultimately ends up achieving class-action status, the US court system could force Zoom to pay back around 15% of the $25 customers pay for its full service.
The company has also said that it will modify how Zoom works to increase privacy and security standards, including sending alerts to meeting hosts when third-party apps are being used during meetings. The company said in a statement following the lawsuit that:
The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us... we are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.
In times of uncertainty, privacy comes last
Zoom rapidly transformed from a niche videoconferencing service to a vital resource for thousands – if not millions – of business all over the world. Both the company's stock price and revenue have skyrocketed over the past 18 months, and it's likely to grow even further as home working seems to have turned into a permanent fixture of so many employees' lives.
But it's not surprising that privacy was so far down the list of the company's priorities. Really, Zoom's cash injection should have been spent on making many of the false encryption claims they made into a reality. Admittedly, it's much more difficult to protect videoconferencing data with end-to-end encryption, but not impossible. Apple's Facetime function is end-to-end encrypted, for instance, and other videoconferencing applications also use end-to-end encryption.
One key takeaway from Zoom's legal troubles is that the online world would be a much safer place if there was more widespread knowledge about encryption protocols and security measures used by the sites we all trust our private information to. It's not like we're moving towards a world without the need for this knowledge – quite the opposite – so that these issues can be spotted quicker and by the average user, rather than tech savvy journalists or researchers.
If you don't want to rely on privacy-averse technology to connect you to friends, family, business partners and other employees in your organization, then check out our article about the top 5 videoconferencing apps; we've put privacy at the forefront of our analysis.