Hey, would you look at that: A company is actually facing consequences for its actions.
Monday’s announcement comes almost three months after Zoom agreed to the settlement terms, and marks the beginning — not the end — of an ongoing commitment to improve the security of its videoconferencing software.
“The final order requires Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features,” explains the FTC announcement. “The company must also obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the Commission if it experiences a data breach.”
Zoom’s rise to household name dovetailed with the devastating coronavirus pandemic. The company’s problems soon followed.
In late March, the Intercept reported that, despite suggesting the contrary, Zoom meetings were not end-to-end encrypted. Other privacy and security concerns followed. It was the encryption issue, however, that appears to have landed Zoom in the most trouble.
“Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected,” Andrew Smith, the director of the FTC’s Bureau of Consumer Protection, said in a November press release when the settlement was first announced.
Zoom neither admitted nor denied the FTC’s claims. According to FTC spokesperson Juliana Gruenwald, “[if] Zoom violates the order, the FTC could seek monetary penalties as well as other relief.”
Such action by the FTC wouldn’t be unprecedented. In 2019, Facebook was hit with a US$5 billion fine after it violated a 2011 settlement with the FTC.
Notably, Zoom has since added end-to-end encryption to its product, but you have to manually turn it on yourself.
UPDATE: Feb. 1, 2021, 2:11 p.m. PST: This story was updated to include comment from an FTC spokesperson.
ที่มา : Mashable