Since the onset of the COVID-19 pandemic, video conferencing platforms have soared in popularity. Zoom has become one of the most widely used applications in the country. By facilitating face-to-face interactions between millions of individuals, Zoom has served as a lifeline to businesses forced to transition their employees to work from home. While initially praised for its ability to connect so many people, Zoom has come under increased scrutiny for the privacy and security issues associated with its platform.
Recently, Zoom has been hit with a wave of class action lawsuits alleging concerns ranging from failure to provide adequate encryption services to susceptibility to virtual hacking, also commonly referred to as “Zoom-bombing.” The following update provides a brief overview of the allegations put forth in the recent class action lawsuits filed against Zoom, and serves to inform Buchanan clients as to certain security concerns that may arise given the increased need and use of platforms such as Zoom.
Misleading investors and consumers on its encryption capability
In Consumer Watchdog v. Zoom Video Communications, Inc., a consumer advocacy group alleges that Zoom falsely promised that it was using end-to-end encryption software—which is an electronic process intended to make the communicated data unreadable to anyone except the sender and intended recipient of that data. The Complaint states that Zoom made false promises specifically to boost its image amid the COVID-19 pandemic. The advocacy group claims that the communication platform’s representations regarding end-to-end encryption were false and also suggests that Zoom’s servers are located in China where its users’ personal and other confidential information may be stored. The lawsuit seeks financial damages and an order from the court prohibiting Zoom from misrepresenting the level of security it offers to consumers using its platform.
Unauthorized sharing of consumer data
In Cullen v. Zoom Video Communications, Inc., consumers in California alleged that Zoom shared their personal data with Facebook and other third parties without adequate or proper notice. In this class action, the plaintiffs stated that, upon installing the application, Zoom collected their personal information and subsequently disclosed it without authorization to third parties. In sharing consumer data, the plaintiffs alleged that Zoom invaded the protected privacy rights of millions of users.
Zoom is not the only video conferencing application that is facing legal trouble for unauthorized sharing of consumer data. A lawsuit similar to Cullen has been filed against the group video app Houseparty also alleging unauthorized sharing of personal data. It will be quite interesting to see if the courts interpret California unfair trade practice and other consumer protection laws to give plaintiffs the right to bring a legal action against a business that did not obtain their consent— or even disclose its intention—to share a person’s personal information with a third party.
“Zoom-bombing” is the hacking of Zoom video conferences. This can include someone listening into the video conference, attending without permission, or actually placing unwanted content or “bombs” into the conference. Often these bombs take the form of pornographic or lewd content.
According to the complaint filed in the recent class action lawsuit, Johnston v. Zoom Video Communications, Inc., the FBI has issued a warning to Zoom over multiple reports that pornography, hate speech, and other disruptive content is being inserted by unknown third-parties into Zoom meetings. In Johnston, the plaintiffs alleged that “Zoom-bombings” have been made possible due to failures in Zoom’s inadequate encryption capabilities. The plaintiffs allege that Zoom made misrepresentations to consumers regarding its ability to disseminate protected information on its platform.
Zoom’s response to privacy and security concerns
In an April blog post to Zoom users around the world, Chief Executive Officer and Zoom Founder Eric Yuan acknowledged that the company had fallen short of meeting the community’s expectations for privacy and security in its platform. Yuan apologized to consumers and outlined a plan to address security issues in the future. In a subsequent interview, Yuan stated, “In ten to twenty years, when people write the history of COVID-19, I want them to write that Zoom did the right thing for the world.” As Zoom continues to be hit with consumer lawsuits, only time will tell whether users will feel comfortable with sharing their protected information on the Zoom platform.