Zoom has agreed to pay $85 million towards settlement claims for violating the privacy of its users. This settlement is in lieu of a rumour, which has since been confirmed to be true, that Zoom lied to its users about offering end-to-end encryption when they actually didn’t. They even gave the user data to Facebook and Google without the consent of the users.
As per the proposed settlement by Zoom, users would receive either $15 or $25 each for the breach of their privacy. This settlement filed on Saturday comes nine months after Zoom agreed to make security improvements after a settlement with the Federal Trade Commission (FTC), which included a “prohibition on privacy and security misrepresentations”. However, the settlement with the FTC did not include compensation for the users.
Contrary to this, actual end-to-end encryption would mean that only the users themselves could access the keys needed to decrypt the content. The new class-action settlement with compensation to the users applies to Zoom users across the US, regardless of whether they had a free or paid account.
You may also like: Air India sued multiple times over data leak
The initial Zoom settlement
Last year, a complaint was filed by the FTC against Zoom about the fact that, since at least 2016, Zoom had been “misleading users” by claiming that the offered 25-bit end-to-end encryptions when it was actually using a lower level of security to secure users’ communications. The FTC said that Zoom had claimed to offer this kind of encryption in its June 2016, as well as its July 2017 HIPAA compliance guidelines. Such a claim was also made by Zoom in direct response to customers on a blog in 2017, and in a white paper issued in January 2019.
All this information was conveyed to the public by the FTC in its statement issued on November 9th, 2020.
“In fact, Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom’s ‘Connecter’ product (which are hosted on a customer’s own servers), because Zoom’s servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers’ Zoom Meetings,”via the complaint made by the FTC against Zoom
In the same statement, the FTC also stated that Zoom misled users who wanted to store their recorded meetings on Zoom’s cloud by falsely claiming that those meetings were encrypted as soon as the meeting ended. Allegedly, a lot of the recorded meetings were stored without encryption on Zoom’s servers for up to 60 days before being transferred to a secure cloud.
To settle the allegations made by the FTC, Zoom agreed to set up a comprehensive security program, a prohibition on privacy and security misrepresentations, along with a few other details to protect its users. Just to give a better idea, ever since the time of the pandemic, Zoom’s user-base of 10 million daily users skyrocketed to 300 million daily users.
However, the problem with this initial settlement was that users received no compensation when it was their data that was left unprotected.
The current settlement
If the latest settlement, filed at the US District Court for the Northern District of California, is approved:
“class members who paid for an account will be eligible to receive 15% of the money they paid to Zoom for their core Zoom Meetings subscription during that time [March 30, 2016, to July 30, 2021] or $25, whichever is greater,” the settlement said. “Class members who are not eligible to submit a Paid Subscription Claim may make a claim for $15. These amounts may be adjusted, pro-rata, up or down, depending on claim volume, the amount of any fee and expense award, service payments to class representatives, taxes and tax expenses, and settlement administration expenses.”
In addition to this, the class lawyers will receive up to 25% of the $85 million in lieu of attorneys’ fees, and up to $200,000 as reimbursement for expenses. A dozen of the named plaintiffs are also seeking $5000 each as payment. A hearing for the plaintiffs’ motion has already been scheduled for the 21st of October, 2021.