Additional Information
![Not BBB accredited](https://m.bbb.org/terminuscontent/dist/img/non-ab-icon__300w.png?tx=w_120)
Additional Information for Zoom Video Communications, Inc.
- Location of This Business
- 55 Almaden Blvd #600, San Jose, CA 95113-1612
- BBB File Opened:
- 9/17/2015
- Licensing Information:
- This business is in an industry that may require professional licensing, bonding or registration. BBB encourages you to check with the appropriate agency to be certain any requirements are currently being met.
- Type of Entity:
- Corporation
- Business Management
- Farshad Hashmatulla, Communications Specialist
- Mr. Eric Yuan, Founder/CEO
- Customer Service
- Contact Information
Principal
- Mr. Eric Yuan, Founder/CEO
- Customer Service
Customer Contact
- Mr. Eric Yuan, Founder/CEO
- Customer Service
- Additional Contact Information
Email Addresses
- Primary
- Additional Business Information
- Government ActionsGovernment Action: BBB reports on known government actions involving business’ marketplace conduct:Gov. Action
November 9, 2020 The following describes a settlement that has been formally brought by a government agency. The Federal Trade Commission, alleges and charges as follows:
The Federal Trade Commission today announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.
Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.
In its complaint, the FTC alleged that, since at least 2016, Zoom misled users by touting that it offered "end-to-end, 256-bit encryption" to secure users' communications, when in fact it provided a lower level of security. End-to-end encryption is a method of securing communications so that only the sender and recipient(s)--and no other person, not even the platform provider--can read the content.
In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.
Zoom's misleading claims gave users a false sense of security, according to the FTC's complaint, especially for those who used the company's platform to discuss sensitive topics such as health and financial information. In numerous blog posts, Zoom specifically touted its level of encryption as a reason for customers and potential customers to use Zoom's videoconferencing services.
"During the pandemic, practically everyone--families, schools, social groups, businesses--is using videoconferencing to communicate, making the security of these platforms more critical than ever," said Andrew Smith, Director of the FTC's Bureau of Consumer Protection. "Zoom's security practices didn't line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected."
According to the FTC's complaint, Zoom also misled some users who wanted to store recorded meetings on the company's cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom's servers before being transferred to its secure cloud storage.
The FTC also alleged that the company compromised the security of some users when it secretly installed software, called a ZoomOpener web server, as part of a manual update for its Mac desktop application in July 2018. The ZoomOpener web server allowed Zoom to automatically launch and join a user to a meeting by bypassing an Apple Safari browser safeguard that protected users from a common type of malware. Without the ZoomOpener web server, the Safari browser would have provided users with a warning box, prior to launching the Zoom app, that asked users if they wanted to launch the app.
The complaint alleges that Zoom did not implement any offsetting measures to protect users' security, and increased users' risk of remote video surveillance by strangers. The software remained on users' computers even after they deleted the Zoom app, and would automatically reinstall the Zoom app--without any user action--in certain circumstances. The complaint alleges that Zoom's deployment of the ZoomOpener, without adequate notice or user consent, was unfair and violated the FTC Act. Apple removed the ZoomOpener web server from users' computers through an automatic update in July 2019.
The complaint also alleges that Zoom's release notes for the July 2018 update were deceptive because they did not adequately disclose that the app update would install the ZoomOpener web server on users' computers, that it would circumvent a Safari browser safeguard, or that it would remain on users' computers even after users deleted the Zoom app.
As part of the proposed comprehensive information security program, Zoom must take specific measures aimed at addressing the problems identified in the complaint. For example, it must:
assess and document on an annual basis any potential internal and external security risks and develop ways to safeguard against such risks;
implement a vulnerability management program; and
deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network; institute data deletion controls; and take steps to prevent the use of known compromised user credentials.
In addition, Zoom personnel will be required to review any software updates for security flaws and must ensure the updates will not hamper third-party security features.
Under the proposed settlement, Zoom is also prohibited from making misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information; its security features; and the extent to which users can control the privacy or security of their personal information.
Finally, the company must obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the Commission if it experiences a data breach.
To access the full The Federal Trade Commission press release, please visit: https://www.ftc.gov/news-events/press-releases/2020/11/ftc-requires-zoom-enhance-its-security-practices-part-settlement - Service Type
- Business Categories
- Video Conference
BBB Business Profiles may not be reproduced for sales or promotional purposes.
BBB Business Profiles are provided solely to assist you in exercising your own best judgment. BBB asks third parties who publish complaints, reviews and/or responses on this website to affirm that the information provided is accurate. However, BBB does not verify the accuracy of information provided by third parties, and does not guarantee the accuracy of any information in Business Profiles.
When considering complaint information, please take into account the company's size and volume of transactions, and understand that the nature of complaints and a firm's responses to them are often more important than the number of complaints.
BBB Business Profiles generally cover a three-year reporting period. BBB Business Profiles are subject to change at any time. If you choose to do business with this business, please let the business know that you contacted BBB for a BBB Business Profile.
As a matter of policy, BBB does not endorse any product, service or business.