Zoom may have another major security worry

zoom video
(Image credit: zoom)

Earlier this year Zoom found itself in hot water over claims that its video conferencing service uses end-to-end encryption when it instead employs transport encryption instead.

Now, the company is facing a lawsuit from the US nonprofit advocacy group Consumer Watchdog.

The lawsuit, filed in a Washington DC court, alleges the company falsely told users that it offers full encryption which puts it in breach of the District of Colombia Consumer Protection Procedures Act (DCCPPA) that prohibits false advertising.

Back in April, The Intercept released a report which revealed that Zoom uses transport encryption as opposed to end-to-end encryption. Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. However, the main difference between transport encryption and end-to-end encryption is that while others won't be able to access your data, Zoom will still be able to.

Zoom lawsuit

In its complaint against the company, Consumer Watchdog alleges that Zoom continued to say that its video conferencing software used end-to-end encryption even though it didn't at the time, saying:

“Zoom repeated its end-to-end encryption claims throughout its website, in white papers—including in its April 2020 HIPAA Compliance Guide—and on the user interface within the app. Through these representations, Zoom established itself as a safe, secure, and reliable video conferencing platform for consumers, and targeted sectors that require highly secure communication systems. Further, there is no question that consumers—and businesses in the healthcare sector—have specifically relied on Zoom’s false end-to-end encryption representations.”

Consumer Watchdog's lawsuit is asking the DC court for an injunction against Zoom in order to prevent the company from misrepresenting its security measures. At the same time, the advocacy group is seeking statutory damages under the DCCPPA  which allows for fines of up to $1,500 per violation. This means that that the total possible fine levied against the company could add up very quickly depending on the number of consumers that the court deems were impacted in the DC-area.

In Zoom's defense, the company has been working hard to add end-to-end encryption to its platform and bolster the security of its video conferencing service. For instance, in May it acquired the secure messaging and file-sharing service Keybase to help with these efforts.

A spokesperson for Zoom reached out to TechRadar Pro with the following statement:

"We take privacy and security extremely seriously and are committed to continuous enhancements, including the timely beta testing and implementation of end-to-end encryption."

Via ThreatPost

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.