Zoom Will Pay $86m (£62.9m) In a Settlement In A US Class Action Privacy Lawsuit

Sunday, August 15, 2021

Zoom, the video-conferencing company that has gained huge popularity in the last two years, has settled a US based class action privacy lawsuit. The settlement fee is reportedly $86 million.

As part of the lawsuit, it was alleged that Zoom passed on millions of peoples’ personal data with social media sites Facebook, Google, and LinkedIn. Alongside this breach of privacy, the lawsuit also proposed that Zoom misled people that thought it provided end-to-end encryption, as well as not providing strong enough security to stop hackers from attending zoom sessions uninvited, also called ‘zoombombing’.

Zoom has denied that it did anything wrong, however it has said it will improve the security practices around its app. Alongside the settlement that Zoom will pay, there is also a clause that requires Zoom to train its staff specifically in privacy and handling sensitive data. However, this hasn’t yet been approved and is waiting for the go ahead from Lucy Koh, a US District Judge in San Jose, California.

On this subject, a Zoom spokesman said, ‘The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us. We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.’

Zoom has come under increased scrutiny recently, with multiple legal complaints being filed against it. The class-action lawsuit we are referring to in this article was filed in the US District Court, in the Northern District of California in March 2020. The people represented in the lawsuit are the paid subscribers and free users of Zoom Meetings across the US. Zoom made $1.3 billion in revenue in the US from their subscribers alone.

If the settlement gets a final approval, people who subscribe to Zoom that are covered in the class action could qualify for a 15% refund on their subscription, or $25 - depending on what is the larger sum. Alongside this, the people bringing the case against Zoom in the courts are seeking $21.3m in legal fees from Zoom.

In March, Zoom asked the court to dismiss the motion. Judge Koh allowed only the parts to continue that were to do with contracts Zoom had with third parties. The section of the lawsuit that related to invasion of privacy and negligence were dismissed.

For a long time, Zoom has faced a level of criticism around its security protocols. One of the most significant flaws that has pushed some companies to use alternative platforms to Zoom is ‘Zoombombing’. This is where people who were not invited to a meeting crash the virtual get together and cause an issue. There have been several reports of activists disrupting meetings to protest, as well as hackers entering rooms and playing pornography to the people attending the meetings.

Other security floors that have been exposed by hackers is a way to remove attendees from different rooms and meetings, send fake messages from users, as well as taking over screen shares. A further flaw allowed hackers to force people into calls that they were not scheduled to take and they were unaware of the meeting taking place.

One of the biggest points that the lawsuit focused around though was that Zoom didn’t properly represent its encryption protocol, called transport encryption, by stating it was end-to-end encryption. End-to-end encryption prevents a provider from accessing video and audio of virtual meetings, it is only accessible by the people within the meeting. However, because Zoom did not actually have end-to-end encryption the data that is shared over its platform was available.

One month after this lawsuit was filed In March 2020, it is believed that Zoom made a considerable effort to address the issues around privacy and security. It released a series of updates to the app which rectified flaws, as well as 100 more features that improved security, safety and privacy. One key part of this update was that they finally brought in end-to-end encryption.

With the global pandemic of the last year and a half people were forced to lockdown and isolate. This caused Zoom to rise hugely in popularity. While it is concerning that the flaws in Zoom were there in the first place, the fixes that were implemented certainly helped with improving security.