The company agreed to pay $85 million to resolve claims that it lied about its end-to-end encryption and gave user data to other companies without their consent. A proposed settlement was filed Saturday in the US District Court for the Northern District of California, which covers security problems that led to the "Zoombombings". In a settlement with the FTC, Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations," but it didn't include compensation for users.
The end-to-end encryption that was provided for any Zoom Meeting that was not hosted on a customer's own server was not true. The new class-action settlement applies to users regardless of whether or not they paid for an account. If the settlement is approved by the court, class members who paid for an account will be eligible to receive 15 percent of the money they paid for their core Zoom Meetings subscription.
If you are not eligible to submit a paid subscription claim, you can make a claim for $15. The amounts may be adjusted, pro rata, up or down, depending on claim volume, the amount of any fee and expense award, service payments to class representatives, taxes and tax expenses, and settlement administration expenses A group of people are trying to get approval for payments of thousands of dollars. A hearing on the motion for preliminary approval of the settlement will be held on October 21, 2021.
Net income for the year was up to $672 million, up from $25.3 million the previous year. An amended class-action complaint filed in May 2021, said that, despite Zoom's false promises of end-to-end, they did not deliver. Transport encryption is different from end-to-end encryption because the service itself can access the video and audio content of the meetings.
In a meeting using this technology, the video and audio content will stay private from anyone who spies on it, but will not stay private from the company, or anyone with whom the company shares its access voluntarily. With true E2E encryption, the keys are generated by the client devices, and only the participants in the meeting have the ability to decrypt it. The class-action lawsuit said that Zoom wasn't entitled to its own definition of end-to-end encryption.
According to the complaint, the definition of end-to-end encryption is not up for interpretation. "Zoom's misrepresentations are a stark contrast to other videoconferencing services, such as Apple's FaceTime, which have undertaken the more challenging task of implementing true E2E Encryption for a multiple party call." The lawsuit said that the Zoom application used to include the term "end-to-end", even though it did not use the industry-accepted definition of E2E.
While we never intended to deceive any of our customers, we know that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it. According to the company's website, the offering is still in the technical preview stage, disabling several other features, so it's only recommended for meetings where additional protection is needed. Class members did not know thatZoom would collect and share personal information with third parties, including Facebook and Google, and allow third parties to access it and combine it with content and information from other sources to create a unique identifier.
The Facebook SDK has been removed by Zoom, but they still share valuable user data with other companies, such as Google, through their app. Third parties were not given permission to use the data, even though they were aware of the transmission. The lawsuit said that Zoom blamed users for a rash of Zoombombings even though the problem was enabled by the company's security flaws.
It's possible to have limited meeting disruptions by unauthorized participants with relatively simple technical solutions. Rather than change security protocols and default features, however, Zoom turned its back on its users, asserting they were to blame through their inability to properly use the program," the complaint said. To better educate users about the security features available to protect meeting security and privacy, a dedicated space on the website would be required.
The website will have to include centralized information and links for parents whose children are using school-provisioned K-12 accounts. "The privacy and security of our users are our top priority, and we take seriously the trust our users place in us," the company said. We look forward to continuing to innovate with privacy and security at the forefront, and we are proud of the advancements we have made to our platform.