Zoom must adhere to strict security standards to satisfy an agreement with the Federal Trade Commission, the commission announced Monday.

The video conferencing company and an omnipresent fixture of the COVID-19 lockdowns has had a string of security controversies dating back to last year, including services it advertised, but did not offer. In May, it was discovered the app was not end-to-end encrypted as advertised. Other discoveries included video recordings not being immediately encrypted and, between 2018 and 2019, installation of a "ZoomOpener" webserver module on Macs that bypassed Apple's security.

The agreement between the FTC and Zoom will soon be published in the Federal Register before undergoing a 30-day public comment period. As it currently stands, Zoom agrees not to mislead the public about security features and regularly audit its security in a variety of ways. It also agrees to follow standardized processes for video file naming, personal data deletion, and investigating security events.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.