As part of a class action lawsuit settlement, Zoom says it will pay $85 million to users for misleading them about offering end-to-end encryption on its videoconferencing service.
According to ArsTechnica, the company was accused of lying about its encryption description on its website and in a security white paper, as well as providing user data to Facebook and Google without users’ permission.
Filed at the U.S. District Court for the Northern District of California, the proposed settlement will give Zoom users around $15 or $25 each, depending on whether they had a free or paid subscription between March 30, 2016 and July 30, 2021. Assuming the settlement is approved by the court, the payments will apply to Zoom users nationwide.
In addition to payments, Zoom agreed to over a dozen major changes to its practices, “designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data,” according to the settlement. A hearing on the plaintiffs’ motion for preliminary approval of the settlement is scheduled for October 21, 2021.
In April 2020, Zoom faced accusations of misleading encryption claims after an investigation by The Intercept revealed that Zoom was securing video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites.
TLS encryption is different to end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.
For Zoom meetings to be truly end-to-end encrypted, calls would need to be encrypted in such a way that ensured only the participants in the meeting had the ability to decrypt them through the use of local encryption keys. But that level of security was not what the service offered at the time.