Today's Regulatory Mix: FCC to Hold Consumer Protection Webinar, FTC Requires Zoom to Enhance its Security Practices in Settlement
FCC to Hold Consumer Protection Webinar
The FCC’s Consumer and Government Affairs Bureau (CGB), along with its partners, the Better Business Bureau (BBB) and Federal Trade Commission (FTC), announced they will be hosting a webinar highlighting tips and resources to protect consumers this upcoming holiday season. The webinar will take place on Friday, November 20 starting at 2:00 p.m. EST and can be viewed live at fcc.gov/live. The free webinar will provide consumer protection information on various topics, including online shopping, avoiding charity scams, and mobile device and public Wi-Fi safety tips.
FTC Requires Zoom to Enhance its Security Practices in Settlement
The FTC today announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.
Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.
In its complaint, the FTC alleged that, since at least 2016, Zoom misled users by touting that it offered “end-to-end, 256-bit encryption” to secure users’ communications, when in fact it provided a lower level of security. End-to-end encryption is a method of securing communications so that only the sender and recipient(s)—and no other person, not even the platform provider—can read the content.
In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.
“During the pandemic, practically everyone—families, schools, social groups, businesses—is using videoconferencing to communicate, making the security of these platforms more critical than ever,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected.”
As part of the proposed comprehensive information security program, Zoom must take specific measures aimed at addressing the problems identified in the complaint. For example, it must:
- assess and document on an annual basis any potential internal and external security risks and develop ways to safeguard against such risks;
- implement a vulnerability management program; and
- deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network; institute data deletion controls; and take steps to prevent the use of known compromised user credentials.
Recent Briefings from Inteserra!
The Regulatory Mix, Inteserra’s blog of telecom related regulatory activities, is a snapshot of PUC, FCC, legislative, and occasionally court issues that our regulatory monitoring team uncovers each day. Depending on their significance, some items may be the subject of an Inteserra Briefing.