ICYMI, the @FTC proposed a settlement addressing allegations that @zoom_us undermined the #security and #privacy of its users. I dissented because the settlement failed to recognize and solve for the privacy implications of the security failures at issue. ftc.gov/public-stateme…
Too often we treat data security and privacy as distinct concerns that can be separately
preserved. In reality, protecting a consumer’s privacy and providing strong data security are
closely intertwined, and when we solve only for one we fail to secure either.
preserved. In reality, protecting a consumer’s privacy and providing strong data security are
closely intertwined, and when we solve only for one we fail to secure either.
This case provides a perfect example of how things that might seem superficially to be security failures (here, encryption levels and overriding 3rd-party security features) are really about privacy as well.
We must recognize the reality that the reason customers care about the security of their Zoom calls is because they want to protect the privacy of the sensitive information they share over the service.
The @FTC’s proposed settlement requires @zoom_us to establish an information-security program and submit to third-party audits—good steps. But the settlement requires no direct improvements, transparency, or oversight of Zoom’s approach to #consumer privacy.
A more effective order would require a review of the risks to #consumer privacy posed by @zoom_us
products and services, procedures to routinely review such risks, and privacy-risk mitigation before implementing any new or modified product, service, or practice.
products and services, procedures to routinely review such risks, and privacy-risk mitigation before implementing any new or modified product, service, or practice.
I highlight the security/privacy issue here because I think it implicates an important part of a larger policy debate over data abuse in the US. But I had other objections, including the fact that the settlement provided no recourse for affected customers.
And my colleague @chopraftc lays out an excellent list of additional ways the @FTC can improve enforcement efforts in the #tech sector here: ftc.gov/public-stateme…
Of course I understand that settlements are rarely perfect, and I readily support accepting a settlement that is less than ideal to preserve resources and avoid lengthy litigation, but *only if* the proposed settlement provides meaningful and adequate relief.
For more on why the majority thought this settlement met that test, their statement is available here: ftc.gov/public-stateme…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
