Zoom’s early adoption missteps cost them $85M in class action lawsuit

Kareem Anderson

The United States District Court of Northern District of California is issuing a “Notice of Motion and Motion for Preliminary Approval of Proposed Class Action settlement” in the case of Zoom users vs Zoom.

As part of the settlement, the video conferencing company Zoom has agreed to pay out $85 million in settlement claims which could see users receive up to $25 in compensation. The settlement claim comes as the district court found Zoom was not only less than forth coming with its claims of end-to-end encryption but also fed user data to privacy pirates Facebook, LinkedIn, Firebase Analytics, and Google without users consenting to the exchange.

As ArsTechnica is reporting, the settlement comes, “nine months after Zoom agreed to security improvements and a ‘prohibition on privacy and security misrepresentations’ in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users.”

Zoom screen share

In March of 2020, New York attorney general Letitia James issued a letter to Zoom raising concerns about how the company was handling sensitive and privacy-related data as well as request for greater transparency. Part of James initial concerns arose as the company faced increasing occurrences of “Zoombombings” in which the screen sharing features were being abused and hijacked by uninvited attendees of meetings, with nefarious individuals displaying lewd imagery or white supremacist messaging.

Following public scrutiny, Zoom quickly announced additional security measures the platform would take to prevent “Zoombombings”, unfortunately, Zoom’s privacy and security issues weren’t isolated to just loopholes in screen sharing.

Four years prior to the pandemic, when Zoom was still a relatively unused conferencing tool, the company claimed in HIPAA compliance guides, white papers, and investors meetings to offer its users end-to-end encryption. However, the fine print in Zoom’s claims is that end-to-end encryption was reserved for its Connecter product and not the service that most people are using now.

In May of 2021, an additional class-action complaint uncovered more precisely how Zoom’s end-to-end encryption worked and that the company produced the encryption keys versus users which further diminishes the company’s claims of providing end-to-end encryption protection as it’s commonly understood.

Another aspect of today’s settlement also “requires Zoom to not reintegrate the Facebook SDK for iOS into Zoom meetings for a year,” while also asking Facebook to delete users in the US (for now) data that was gathered from the connected SDK.

Regarding the Zoom punishment for also giving away user information to LinkedIn, Firebase Analytics or Google, was not outlined in today’s settlement agreement.

For anyone interested, the payout details of today’s settlement, if approved, could include attorney fees of up to 25 percent and $200,000 of the total $85 million allocation, a handful of named plaintiffs seeking $5,000, and the eventual $25 for paid Zoom users and $15 to “class members who are not eligible to submit a Paid Subscription Claim.”

Zoom doesn’t have to immediately fork over $85 million to users, but soon.