Cullen, et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02155-SVK (N.D. Cal.). Class action complaint filed March 30, 2020.
Taylor, et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02170 (N.D. Cal.) Class action complaint filed March 31, 2020.
Motion to consider cases to be similar filed in the Cullen case on April 8, 2020.
Videoconferencing exploded exponentially with the COVID-19 pandemic, as a declaration of national emergency and state and local stay-at-home orders inspired ingenuity in communications for business, personal, health and other reasons.
“Zoom,” as the platform is known, emerged as a most popular platform, somehow almost immediately eclipsing other platforms such as Google Meet.
In signing on to use Zoom, Zoom represented to users that their privacy interests would be protected. For health care practitioners, Zoom permitted the creation of business associate agreements that would, ostensibly, aid in attaining compliance with the Health Insurance Portability and Accountability Act (HIPAA).
All to the good, one might think.
Except Zoom seems to have been incorrect in its privacy and data assurances.
Zoom’s application sent data identifying the user to Facebook every time the application was downloaded and every time the user logged in.
This discovery irked more than health care providers, for whom the federal government’s relaxation of compliance requirements for telehealth during the COVID-19 crisis did nothing to relieve providers of ethical obligations to clients to maintain confidentiality.
Likewise distressed were non-professionals whose functioning depends on assurances of confidentiality.
Along with disclosures about the software insecurity came a flood of pranksters practicing “zoom bombing,” interrupting online meetings with pornography and toxic messaging. Some churches were not amused.
Within days of discovery and disclosure two class actions were filed in federal court in the Northern District of California. The complaints allege violations of several consumer and privacy protection statutes and aver that even if Zoom Video Communications remedies its technology, it remains responsible for the damage incurred prior to that time.
Since disclosure, Zoom has launched a campaign to underscore its innocence, its concern, and its plans for repair. Many of the statements come quite close to admissions, perhaps reflecting the confidence of technology scions who are, in their own minds, intent on doing good and refraining from being evil.
Or perhaps Zoom believes that it has so captivated the market that all it needs to do is to appear contrite, fix the application, and move on.
Simple, but time-honored, security measures not prevalent in the past have come to be required, such as passwords.
And Zoom has hired Facebook’s former security chief to head Zoom’s mitigation maneuvers.
At this time, it does not appear that Facebook has acknowledged any relationship with Zoom nor is it known whether or how much money was paid to Zoom for user information.
At the same time, Facebook is taking steps to persuade some of the market to use Facebook’s platform rather than Zoom’s.
In addition to private lawsuits, it appears that the Federal Bureau of Investigation and state attorney generals have questioned Zoom’s practices.
Cyberspace privacy concerns and pointers for managing Zoom have been proffered by non-profits such as the Electronic Frontier Foundation.
The class actions are in their early stages. With courts either shuttered or (ironically) reliant on videoconferencing for proceedings, it is not known when or if the court will rule on the recently filed motion to treat the Cullen and Taylor cases as related. An initial case conference in Cullen is scheduled for June 30, 2020.
Northern District of California Case Information