Cullen, et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02155-SVK (N.D. Cal.). Class action complaint filed March 30, 2020.
Taylor, et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02170 (N.D. Cal.) Class action complaint filed March 31, 2020.
Motion to consider cases to be similar filed in the Cullen case on April 8, 2020.
Videoconferencing exploded exponentially with the COVID-19 pandemic, as a declaration of national emergency and state and local stay-at-home orders inspired ingenuity in communications for business, personal, health and other reasons.
“Zoom,” as the platform is known, emerged as a most popular platform, somehow almost immediately eclipsing other platforms such as Google Meet.
In signing on to use Zoom, Zoom represented to users that their privacy interests would be protected. For health care practitioners, Zoom permitted the creation of business associate agreements that would, ostensibly, aid in attaining compliance with the Health Insurance Portability and Accountability Act (HIPAA).
All to the good, one might think.
Except Zoom seems to have been incorrect in its privacy and data assurances.
Zoom’s application sent data identifying the user to Facebook every time the application was downloaded and every time the user logged in.
This discovery irked more than health care providers, for whom the federal government’s relaxation of compliance requirements for telehealth during the COVID-19 crisis did nothing to relieve providers of ethical obligations to clients to maintain confidentiality.
Likewise distressed were non-professionals whose functioning depends on assurances of confidentiality.
Along with disclosures about the software insecurity came a flood of pranksters practicing “zoom bombing,” interrupting online meetings with pornography and toxic messaging. Some churches were not amused.
Within days of discovery and disclosure two class actions were filed in federal court in the Northern District of California. The complaints allege violations of several consumer and privacy protection statutes and aver that even if Zoom Video Communications remedies its technology, it remains responsible for the damage incurred prior to that time.
Since disclosure, Zoom has launched a campaign to underscore its innocence, its concern, and its plans for repair. Many of the statements come quite close to admissions, perhaps reflecting the confidence of technology scions who are, in their own minds, intent on doing good and refraining from being evil.
Or perhaps Zoom believes that it has so captivated the market that all it needs to do is to appear contrite, fix the application, and move on.
Simple, but time-honored, security measures not prevalent in the past have come to be required, such as passwords.
And Zoom has hired Facebook’s former security chief to head Zoom’s mitigation maneuvers.
At this time, it does not appear that Facebook has acknowledged any relationship with Zoom nor is it known whether or how much money was paid to Zoom for user information.
At the same time, Facebook is taking steps to persuade some of the market to use Facebook’s platform rather than Zoom’s.
In addition to private lawsuits, it appears that the Federal Bureau of Investigation and state attorney generals have questioned Zoom’s practices.
Cyberspace privacy concerns and pointers for managing Zoom have been proffered by non-profits such as the Electronic Frontier Foundation.
The class actions are in their early stages. With courts either shuttered or (ironically) reliant on videoconferencing for proceedings, it is not known when or if the court will rule on the recently filed motion to treat the Cullen and Taylor cases as related. An initial case conference in Cullen is scheduled for June 30, 2020.
Northern District of California Case Information
Cullen, et al. v. Zoom Video Communications, No. 5:20-cv-02155-SVK (N.D. Cal.).
Taylor, et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02170 (N.D. Cal.)
iMore.com, March 27, 2020: Responding to Backlash, Zoom Stops Sharing User Data with Facebook
New York Times, March 30, 2020: Attorney General Looks Into Zoom’s Privacy Practices
Zoom Blog, April 1, 2020: A Message to Our Users
Forbes, April 2, 2020: Why Zoom Really Needs Better Privacy: $1.9M Orders Show the Government’s COVID-19 Response is Now Relying On It
Electronic Frontier Foundation, April 4, 2020: Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls
Motley Fool, April 4, 2020: Facebook Wants to Take a Bite Out of Zoom Video’s Growth
Wall Street Journal, April 4, 2020: Zoom CEO: “I really messed up,” on Security as Coronavirus Drove Video Tool’s Appeal
Boston.com, April 7, 2020: Massachusetts Schools, Churches, Have Been Targeted by Hackers on Zoom
Forbes, April 8, 2020: Zoom Brings on Former Facebook Security Head to Fix Privacy Problems