Amid FTC complaint against Zoom, UMN has reported no security breaches

The Federal Trade Commission urged Zoom to improve its data privacy, though some have criticized the settlement for lacking accountability measures.

by Nur B. Adam, Multimedia Reporter

The University of Minnesota’s Office of Information Technology (OIT) says the FTC’s complaint against Zoom will not necessarily spell problems for University users.

The Federal Trade Commission (FTC) announced in early November that it will require Zoom to take a series of security steps to ensure that the company meets the privacy standards it promised its users. The University has policies in place to prevent potential security issues, OIT said.

The University community makes up only a small portion of the 300 million daily participants of Zoom meetings worldwide, using the app for a variety of services from virtual classes to student activities to telehealth services at Boynton Health.

Zoom has been the subject of multiple lawsuits concerning data privacy since it started being widely used in late March as the need for video conferencing suddenly increased in response to the pandemic.

“It’s no surprise that the FTC ultimately dealt with this issue because [Zoom’s security and privacy vulnerabilities] wasn’t a great secret by any means,” said Scott Memmel, a postdoctoral associate at the Hubbard School of Journalism and Mass Communication.

Memmel has written and lectured about data privacy for the journalism school.

The FTC’s complaint is centered around Zoom’s failure to keep the promises it made to users, or, as mentioned in the complaint, deceptive claims regarding the level of data protection and more.

The University’s information technology-related policies regulate data usage on IT systems, including Zoom.

“The FTC settlement represents vulnerabilities that were brought to Zoom’s attention; however, the vulnerabilities do not necessarily result in security or privacy incidents. Additionally, the vulnerabilities in Zoom’s environment may not impact the University’s implementation and configuration,” OIT wrote in a statement emailed to the Minnesota Daily.

The University responded to security issues last spring by instructing the University community on securing Zoom meetings and temporarily requiring passcodes for meetings on the platform.

“Credit to the IT department: They’ve done things to try and improve the security and the privacy of our Zoom meetings and Zoom information. And they have a whole website about how to make your meetings secure,” Memmel said.

Some experts have questioned the effectiveness of the complaint as its accountability measures are not strong enough for the level and type of claims, according to Michael Zimmer, a computer science associate professor at Marquette University.

“It was still disappointing to see the FTC almost letting them get away with that,” Zimmer said. “It was an important claim [by Zoom] that was not true. And this wasn’t just, you know, misleading advertising on a cereal commercial or something else; this was video communication used by millions.”

Although the settlement involves some suggestions for Zoom to improve its data privacy, it does not include monetary fines like similar FTC complaints included for other major technology platforms like Facebook.

“It’s great that [the FTC is] kind of pushing Zoom to make these changes. But at some point, it is just [Zoom’s] words,” Memmel said. “The FTC only scraped the surface of its authority with this settlement.”