A shareholder has sued Zoom Video Communications Inc, accusing it of fraud amid mounting security concerns over the popular video-conferencing app.
In a complaint filed on Tuesday in San Francisco federal court, the company and its top officers were accused of concealing the truth about shortcomings in the app’s software encryption, including its alleged vulnerability to hackers, as well as the unauthorised disclosure of personal information to third parties, including Facebook Inc.
Investor Michael Drieu, who filed the suit as a class action, claims a series of public revelations about the app’s deficiencies starting last year have dented Zoom’s stock price – though the shares are still up 67 percent this year as investors bet that the teleconferencing company would be one of the rare winners from the coronavirus pandemic.
Zoom Chief Executive Officer Eric Yuan has apologised for the lapses, acknowledging in a blog post last week that the company had fallen short of expectations over privacy and security.
The United States Department of Homeland Security (DHS), however, said in a memo seen by Reuters news agency that Zoom has been responsive to concerns over its software.
The memo – drafted by DHS’s Cybersecurity and Infrastructure Security Agency and the Federal Risk and Authorization Management Program, which screens software used by government bodies – sounded a positive note about the teleworking solution, which has been beset by security worries.
DHS and FedRAMP said Zoom Video Communication Inc was responding to the criticisms and understood how serious they were – a contrast with the formal advice against using the product issued on Tuesday by Taiwan’s cabinet, which told government agencies on Tuesday to stop using Zoom due to security concerns.
The island’s education ministry later said it was banning the use of Zoom in schools.
Former White House Chief Information Officer Theresa Payton noted that while the message applied to the version of Zoom marketed to US officials – Zoom for Government – it was still “good news” for the San Jose, California-based company.
“I see it as a pragmatic memo,” Payton, who is chief executive of cybersecurity firm Fortalice Solutions, told Reuters. She said the General Services Administration, which helps run FedRAMP, “had to say something” given the mounting disquiet over Zoom’s issues.
That is in part because the company’s new popularity as a main way to connect to colleagues, classes, friends and family while stuck at home has meant newfound scrutiny.
Most recently, University of Toronto-based internet watchdog Citizen Lab said it found “significant weaknesses” in the encryption protecting the confidentiality of Zoom meetings as well as evidence that encryption keys – key bits of code whose possession could enable a hostile power to eavesdrop on conversations – were sometimes being sent to servers in China, even when the meeting’s participants were in North America.
Some schools and businesses have stopped using the service, among them Elon Musk’s rocket company SpaceX, which Reuters reported last week had banned its employees from Zoom.
Zoom did not comment on the memo, instead pointing to previous comments made by the company’s CEO, Eric Yuan, who has publicly pledged to do better.
“We’ll double down and triple down on privacy and security,” Yuan recently told CNN.
DHS and FedRAMP said in a joint statement the memo was a best practice guide for government users, who it said were advised to use the Zoom for Government over the company’s free or commercial offerings.