Zoom sued for overstating, not disclosing privacy, security flaws

Zoom sued for overstating, not disclosing privacy, security flaws

FILE PHOTO: The Zoom Video Communications logo is pictured at the NASDAQ MarketSite in New York
FILE PHOTO: The Zoom Video Communications logo is pictured at the NASDAQ MarketSite in New York. (Photo: Carlo Allegri/Reuters)

SAN JOSE, CALIFORNIA: Zoom Video Communications Inc was slapped with a class action suit by one of its shareholders on Tuesday (Apr 7), accusing the video-conferencing app of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.

Shareholder Michael Drieu claimed in a court filing that a string of recent media reports highlighting the privacy flaws in Zoom's application have led to the company's stock, which had rallied for several days in the beginning of the year, to plummet.

The company's shares closed down about 7.5 per cent at US$113.75 on Tuesday. They have lost nearly a third of their market value since touching record highs in late-March.

Zoom Chief Executive Officer Eric Yuan apologized to users last week, saying the company had fallen short of the community's privacy and security expectations, and was taking steps to fix the issues.

READ: Zoom shares slip over security concerns, rising competition

Zoom has been trying to plug security issues, as it signs up millions of new users from across the world as people are forced to work from home after lockdowns were enforced to slow the spread of COVID-19.

The company has also been responsive to concerns over its software, the US Department of Homeland Security (DHS) said in a memo recently distributed to top government cybersecurity officials and seen by Reuters.

Former White House Chief Information Officer Theresa Payton noted that while the message applied to the version of Zoom marketed to US officials - Zoom for Government - it was still "good news" for the San Jose, California-based company.

"I see it as a pragmatic memo," said Payton, who is chief executive of cybersecurity firm Fortalice Solutions. She said the General Services Administration, which helps run FedRAMP, "had to say something" given the mounting disquiet over Zoom's issues.

That is in part because the company's new popularity as a main way to connect to colleagues, classes, friends and family while stuck at home has meant newfound scrutiny.

However, the company is facing a backlash from users worried about the lack of end-to-end encryption of meeting sessions and “zoombombing”, where uninvited guests crash into meetings.

Recently, University of Toronto-based internet watchdog Citizen Lab said it found "significant weaknesses" in the encryption protecting the confidentiality of Zoom meetings as well as evidence that encryption keys - key bits of code whose possession could enable a hostile power to eavesdrop on conversations - were sometimes being sent to servers in China, even when the meeting's participants were in North America.

Elon Musk's rocket company SpaceX recently banned its employees from using Zoom, citing “significant privacy and security concerns,” while Taiwan's cabinet has told government agencies to stop using the app.

Zoom did not respond to a Reuters request for comment, after market hours.

The case number is 5:20-cv-02353 and it was filed in the US District Court for the Northern District of California.

Source: Reuters/lk