Skip to main content

FTC's Rebecca Slaughter Unhappy With Zoom Settlement

An exterior view of the Federal Trade Commission building
(Image credit: Future)

Zoom may have dodged a tougher outcome from allegations of lax security, but the Federal Trade Commission's new acting chair clearly has issues with the company.

The FTC has released its settlement agreement with Zoom, which has become a go-to meeting site for governments, businesses, and virtual birthdays and holidays around the electronic hearth, and the new acting FTC chair is not happy with the decision, which was an 11th-hour vote by the Trump FTC.

Also Read: House Republicans Happy with Zoom Settlement

Zoom settled allegations by the FTC that it misled users about its level of security. 

The settlement requires Zoom to undertake a "comprehensive security program," guard against security flaws in software updates and make sure those updates don't interfere with third-party security and get biennial assessments of its security from an independent source over which the FTC had approval.

It must also notify the FTC of any data breaches.

The decision was 3-2 to finalize the settlement, an eleventh-hour vote Jan. 19--the settlement was released Monday (Feb. 1)--with the Republicans agreeing to the settlement and the Democrats, including now acting chair Rebecca Kelly Slaughter, dissenting.

Slaughter said the decision was "particularly troubling in light of the fact that the Department of Justice recently charged a Zoom employee with allegedly participating in a scheme to surveil, disclose, and censor political and religious speech of individuals located in the United States and around the world at the behest of the People’s Republic of China. These facts heighten my concern with Zoom’s ability to protect user privacy, and, for these reasons, I respectfully dissent from the Commission’s decision to finalize this order."

Also Read: Senators Seek DOJ Investigation of Zoom

Specifically, the FTC had alleged that Zoom misrepresented its level of security of its meeting platform  by calling it "end-to-end" encryption when it wasn't, claimed meetings stored on the cloud were encrypted when they were stored up to 60 days afterwards unencrypted, and undermined an Apple Safari browser safeguard that protected from some types of malware.