Pages

Wednesday, August 4, 2021

Anything in it for UC?

The UC system - as did other universities - shifted to a heavy reliance on Zoom during the coronavirus pandemic. Even if the fall reopening goes as planned, there are still likely to be hybrid and remote classes. (And, of course, there is now the Delta Variant and lots of other Greek letters beyond delta.) So, did UC get anything out of the settlement described below? The settlement, as described, seems mainly focused on individual retail customers. UC was a major "wholesaler."

Zoom to pay $85M for lying about encryption and sending data to Facebook and Google

Jon Brodkin, 8/2/2021, Ars Technica

Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant "Zoombombings." The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations" in a settlement with the Federal Trade Commission, but the FTC settlement didn't include compensation for users.

As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, "Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC said. In real end-to-end encryption, only the users themselves have access to the keys needed to decrypt content.

The new class-action settlement applies to Zoom users nationwide, regardless of whether they used Zoom for free or paid for an account. If the settlement is approved by the court, "class members who paid for an account will be eligible to receive 15 percent of the money they paid to Zoom for their core Zoom Meetings subscription during that time [March 30, 2016, to July 30, 2021] or $25, whichever is greater," the settlement said. "Class members who are not eligible to submit a Paid Subscription Claim may make a claim for $15. These amounts may be adjusted, pro rata, up or down, depending on claim volume, the amount of any fee and expense award, service payments to class representatives, taxes and tax expenses, and settlement administration expenses."

The class lawyers would get attorneys' fees of up to 25 percent of the $85 million and up to $200,000 for reimbursement of expenses. About a dozen named plaintiffs are seeking approval of payments of $5,000 each. A hearing on the plaintiffs' motion for preliminary approval of the settlement is scheduled for October 21, 2021. 

In addition to payments, Zoom "agreed to over a dozen major changes to its practices, designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data," the settlement said. With the pandemic boosting its videoconferencing business, Zoom more than quadrupled its annual revenue from $622.7 million to $2.7 billion in the 12 months ending January 31, 2021. Zoom also reported $672 million in net income for the 12-month period, up from $25.3 million the previous year. Zoom is on pace for even better results this year, having reported Q1 (February-April) revenue of $956.2 million and net income of $227.5 million...

Full story at https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-for-lying-about-encryption-and-sending-data-to-facebook-and-google/.

No comments: