Democratic Senators call for official investigation into Zoom
Image credit: Dreamstime
The popular video conferencing service is facing pressure from officials as the US Federal Trade Commission has been urged to investigate its potential privacy infringements and the Taiwanese government forbids its agencies from using the service.
Zoom – which allows for large, free, easy-to-access video conferences – has exploded in popularity as the coronavirus pandemic has put an end to in-person gatherings of people. Its widespread use for social and professional video conferences has caused it to shoot to the top of the App Store and Play Store, and its share price to double since January.
However, with its meteoric rise has come intense scrutiny that the company appears to have been unprepared for. The service has been criticised for a raft of security and privacy issues, including data leaks; the routing of data through servers located in China; the potential exposure of private video calls, and the sudden arrival of a novel form of online harassment known as “Zoombombing”.
Given this “pattern of security failures and privacy infringements”, the Democratic Senator Richard Blumenthal has called on the Federal Trade Commission (FTC) to investigate Zoom. Blumenthal cited potential privacy infringements, such as the allegation that Zoom has lied about all its meetings being end-to-end encrypted; a report from The Intercept found that Zoom meetings are encrypted in a manner which not prevent Zoom from decrypting meeting data.
Writing on Twitter, Blumenthal announced: “I am calling on FTC to investigate [Zoom]. Zoom’s pattern of security failures and privacy infringements should have drawn the FTC’s attention and scrutiny long ago. Advertising privacy features that do not exist is clearly a deceptive act.
“The facts and practices unearthed by researchers in recent weeks are alarming – we should be concerned about what remains hidden. As Zoom becomes embedded in Americans’ daily lives, we urgently need a full and transparent investigation of its privacy and security.”
Although Blumenthal did not explicitly refer to Zoom’s encryption practices in his tweets, he mentioned this issues in a letter to Zoom CEO Eric Yuan sent last week, which demanded that Yuan explains how it protects its users’ data and meetings, including exactly when end-to-end encryption is used.
Blumenthal’s apparent support of end-to-end encryption of Zoom meetings is somewhat at odds with his backing of the EARN IT act (a bill intended to prevent child exploitation online), which may result in the introduction of encryption backdoors.
Blumenthal’s demands have been backed by several more Democratic Senators, including former Democratic presidential candidates Amy Klobuchar and Michael Bennet, as well as Senate House Energy and Commerce Committee Chair Frank Pallone, and its Consumer Protection Subcommittee Chair, Jan Schakowsky.
An FTC spokesperson has declined to comment on whether the agency is investigating Zoom already, although they pointed towards FTC chair Joe Simons’ statement that “any time you see a press report of a significant privacy issue, a potential privacy violation of our authority, it is safe to assume that we either are investigating it already or shortly after that media release, we will investigate it”.
Zoom’s Chief Legal Officer, Aparna Bawa, told Politico last week that the company will comply with any information requests from US officials. A memo from the US Cybersecurity and Infrastructure Security Agency and the Federal Risk and Authorisation Management program indicated that Zoom has been responsive to criticism.
Meanwhile, the Taiwanese government’s department of cybersecurity has concluded that when government agencies (and some private organisations) use video conferencing services they should not have “associated security or privacy concerns, such as the Zoom video communication service”. Although the order does not single out any of Zoom’s myriad security and privacy issues, it is likely to be at largely motivated by the news that Zoom has been routing data through servers based in China.
In spite of the explosive uptick in Zoom's growth and user base, there has also been a notable downturn regarding high-profile users. With SpaceX and Nasa already having implemented blanket bans on the use of Zoom by all staff, now Google has also confirmed a similar total rejection of Zoom.
For its part, Zoom is scrambling to shore up the security side of its flagship app (it also offers a telehealth app, amongst other more niche video conferencing solutions), introducing a new security menu to make accessing privacy tools easier for end users.
The company has also reportedly tapped former Facebook security chief Alex Stamos to act as an adviser, as it aims to curb the rising global backlash.
This story was updated on April 9 to reflect further developments, adding information about Google, Zoom updates and new security initiatives.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.