Purpose:
Understand the implications that resulted from Zoom Video’s false representations to Consumers.
Welcome Message:
My name is Peter Madoff. I am a graduate of Fordham Law School (1970). I have built an extensive career in the financial services industry as a senior executive; serving as a former Vice Chairman of the NASD, Executive board member of Nasdaq and several NYSE member firms. These industry leadership responsibilities provided me with comprehensive experiences with both self-regulatory and government agency compliance investigations. The consequences of such investigations may lead to violations, fines or even white-collar criminal actions. It is my intention to guide you in how to make appropriate and responsible compliance decisions that will protect you from such actions.
Objectives:
1.To describe companies’ vulnerabilities to punitive actions by regulatory agencies for false, misleading and deceptive marketing practices aimed at consumers.
2. To understand extra precautions necessary when offering products through numerous media platforms across interstate and global media platforms.
3. To identify liabilities and penalties that can extend to individuals; officers and employees and indirectly to shareholders and other stakeholders.
4. To explain how serious financial penalties as well as civil or even criminal actions may ensue from such false statements.
5. Explain the importance of “minority dissenting opinions”.
Intended Audience:
Individuals, sole proprietors, corporate officers and employees, third party wholesalers, vendors and media platforms and potentially injured competitors.
Common Terms:
FTC, Encryption, End-to-End, 256 Bit Encryption, Secure Cloud Servers.
Current State:
The concept of video conferencing remained in the realm of science fiction as recently as 25-to-30 years ago. Innovations in technology have made it ubiquitous. The Covid 19 pandemic made it a necessity for billions of people around the world now confined to their homes. Many companies quickly competed for this new market, including one relative upstart known as Zoom. Zoom made considerable statements about the security of its system, some of which turned out not to be accurate. Providing video conferencing services for a fee, also comes with obligations. Failure to correctly describe a product or service and to adequately protects users can lead to government investigations, fines and potential criminal penalties depending on the type of disclosures made to the public and breach involved.
Future State:
Looking forward into the future, it has become apparent that widespread use of video conferencing in our everyday life is here to stay. Companies such as Zoom will continue to benefit from exponential growth. This ongoing growth will be dependent on these video conferencing and multimedia platforms’ rapid adoption of even more enhanced bandwidth, speed, encryption security, and much more attention to the privacy requirements and demands of their clients’ statements and policy intentions. Customer awareness of their own vulnerabilities and data and privacy security needs will help keep those companies in check. Federal and state governments, and class action attorneys looking to score a big payday, can also be expected to weigh in heavily with consumer protection agendas. The demands on video-conferencing providers (as well as all tech providers, in general) will continue to evolve and grow as more sensitive data flows through these platforms.
Situation:
Covid 19 sent everyone running for cover in 2020, leading to prolonged lockdowns. The pandemic forced businesses and individuals to quickly adapt to changed circumstances in order to keep markets, schools and social lives flowing. Zoom, a relatively small and unknown upstart, quickly captured huge market share promoting its high-level encryption technology. Unfortunately, its promises fell short of reality, exposing personal information and video conferences to security breaches.
Background:
With the advent of the Covid 19 pandemic, the entire world experienced rapid exponential growth in the demand for and use of various video conferencing platforms. Zoom entered the field early along with several competitors, many of them big, well-funded companies such as Microsoft and Cisco, who already catered to large corporate and government agency users, requiring robust data security and privacy. Zoom focused primarily on small businesses, those with usually less than 10 employees. Prior to the pandemic they had approximately 600,000 paying customers, engaging 10 million participants daily, still a very meaningful group of small business and consumer clients.
By mid-summer of 2020, the pandemic effectively shut down entire countries and huge swaths of the economy, with “shelter in place” orders and government mandated medical advisory demands. Zoom’s business exploded to over 300 million daily participants’ interactions. Zoom also picked up many large corporate users, government agencies, and educational institutions, as well as millions of social and family participant consumers.
In order to be even more competitive and credible to a larger client base, Zoom made several statements and representations about its encryption being more robust, with “end-to-end 256-bit encryption”. It also gave further assurances that upon conclusion of their clients’ meetings, there would be an almost immediate uploading to “secure cloud servers” to protect the data security requirements (statements deemed necessary to remain fully competitive with more expensive products offered by competitors). Crack’s in Zoom’s security system (whether known or unknown to management), however, led to those statements being inaccurate. Furthermore, they also inappropriately disabled another platform’s (Apple) security application to enable Zoom’s clients a more user friendly, one keystroke connection, without the user’s consent.
Many customers paid to use Zoom’s services, relying upon the company’s security representations and without any idea that a material security protection had been disabled in their smartphone. Zoom’s failures exposed private and personal information of both companies and individuals alike.
The FTC and several state agencies caught wind of this and stepped in, after numerous complaints from consumers and competitors of Zoom, alleging that the company, since at least since 2016, deceived consumers about the level of security for users of Zoom’s video conference meeting platform, touting their end-to-end 256-bit encryption to ensure and secure user communication. It was also alleged that Zoom had overridden and undermined a browser security feature of another technology competitor’s platform, giving those platform’s users of Zoom services, a false sense of ongoing data security and privacy that had been imbedded by that competing platform and inappropriately removed.
Zoom quickly agreed to a settlement with the FTC, especially since the FTC’s settlement offer proved to be fairly lenient in light of the unusual world circumstances going on at the time. The company also, it seems, got the benefit of the doubt as to whether its inaccurate statements were purposeful or not. The FTC merely ordered the company to review and implement a more robust information security program and prohibited further false or misleading privacy and security representations. Zoom also, voluntarily and for business purposes, fixed its gap in security, bringing it fully up to the standards it projected to the general public.
Analysis:
Zoom’s was certainly not the inventor of videoconferencing. Yet, it managed to become one of those unique companies whose name is used as a verb to explain use of its service, much like Google and Uber. It quickly built itself up from a relatively small but successful consumer and small business technology platform into a powerhouse by misleading with public.
The onset of the Covid 19 pandemic and its impact on everyday personal interactive activity, had companies like Zoom running at full speed trying to keep up, leading them to get sloppy on both security and ensuring that all statements and representations made by the company proved accurate. It allowed Zoom to more effectively compete with much larger, more secure platforms, without the immediate and expeditious expenditures that would have been required, had they been more willing to make the necessary commitments to substantiate their claims.
The FTC’s investigation was inevitable, but its relatively lenient settlement much less so. The FTC’s decision resulted from a very close vote of 3-to-2, with two very strong individual “dissenting opinions”. Both dissenting opinions contrasted greatly with the “majority decision,” insisting on imposing material penalties and sanctions for the inappropriate actions. Zoom evidently had a very close call with a decision that very well have impacted and even upended the company due to its failure to act as a good corporate citizen.
Recommendations:
One simple lesson learned from most case studies remains that having appropriate compliance in place can help most companies avoid the liability they eventually find themselves in. It’s really not so much a question of 20/20 hindsight. It’s more an almost inevitable result that comes from a lack of a corporate culture reflecting compliance at its core.
While in this case, Zoom managed to avoid material repercussions, the end result was far from certain, especially given the close vote. With Zoom now serving as a cautionary tale, the next company(ies) caught acting likewise should expect harsher treatment. Everyone has been put on notice.
A shift in regulatory agency leadership, along with growing consumer activism and aggressive competitive counter complaints, will provide further potential traps and pitfalls for those who choose to act indiscriminately. It behooves all market participants to be mindful of the consequences for inappropriate, possibly illegal and injurious statements, representations and actions.
Sources:
- www.ftc.gov/news-events/press-releases/2020/11/ftc-requires-zoom-enhance-its-security-practices-part-settlement
- www.ftc.gov/enforcement/cases-proceedings/192-3167/zoom-video-communications-inc-matter
- https://www.investopia.com/terms/e/encryption.asp
- https://en.wikipedia.org.wiki/End-to-end_encrption
- https://www.tomsguide.com/news/zoom-security-privacy-woes