Senator Asks FTC To Investigate Zoom's 'Deceptive' Security Claims

Enlarge this image toggle caption Olivier Douliery/AFP via Getty Images Olivier Douliery/AFP via Getty Images

A powerful Senate Democrat is asking the Federal Trade Commission to investigate Zoom for deceptive practices, adding to the growing chorus of concerns over the popular video chat software's privacy and security flaws.

Several state attorneys general are also probing Zoom, after users, including government officials, reported harassment, known as "Zoombombing," on the platform.

Ohio Sen. Sherrod Brown, the ranking member of the Banking, Housing and Urban Affairs Committee, sent a letter Friday to the FTC.

In the letter, obtained by NPR, Brown said Zoom had made "deceptive" claims to users that their communications would remain private. Brown said Zoom incorrectly suggested its service offered end-to-end data encryption, which means that communications couldn't be accessed by anyone other than the sender and the recipient at any point.

Zoom walked back on Wednesday its claim of end-to-end encryption. In a statement, it said, "While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it."

Brown also wrote to Zoom CEO Eric Yuan on Friday asking for details on the company's encryption and security practices by April 10.

With so many people stuck at home during the coronavirus pandemic, Zoom has become the go-to venue for millions to connect with co-workers, friends, family, teachers and students. The company says 200 million people used its video conferencing service daily last month, up from the previous peak of 10 million in December.

But the sudden popularity has highlighted the software's shortcomings. Zoombombing, in which intruders hijack meetings with hate speech and offensive images, has become a new form of harassment. Software flaws have left users vulnerable to hackers.

Connecticut Attorney General William Tong said Friday that he and Connecticut's lieutenant governor, Susan Bysiewicz, were "Zoombombed" early this week during a virtual town hall. Trolls posted racist, sexist and pornographic comments in the meeting's chat section.

On Friday, he became the latest attorney general — along with those in New York, Florida and other states — to seek information on Zoom's privacy and security practices.

"I'm joining with other attorneys general across the country in calling on Zoom to provide information about what it's doing to keep all of us safe," Tong said at a press conference.

A Zoom spokesperson said of the inquiries from the attorneys general: "We appreciate the outreach we have received on these issues from various elected officials and look forward to engaging with them."

Bysiewicz said several other town halls she held this week were also attacked. She said she asked the U.S. attorney for Connecticut — the top federal prosecutor in the state — to work with the Federal Bureau of Investigation to stop Zoombombing.

The FBI warned schools in particular to be careful using Zoom, after receiving multiple reports of attacks.

Sen. Richard Blumenthal, D-Conn., has also asked Zoom for information on how it handles users' data.

Zoom says it has taken steps to fix the security flaws that have been uncovered and is educating users on how to safeguard their meetings. On Wednesday, the company said it would halt work on new features for 90 days to focus on security and privacy.

Editor's note: Zoom is among NPR's sponsors.