EPIC Urges FTC to Investigate Zoom, Issue Best Practices for Online Conferencing
In a letter to FTC Chairman Joe Simons, EPIC urged the FTC to “open an investigation of Zoom’s business practices and to issue, as soon as practicable, Best Practices for Online Conferencing Services.” The EPIC letter followed a 2019 complaint from EPIC warning that Zoom had “placed at risk the privacy and security of the users of its services.” EPIC also explained to the FTC that Zoom had “exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack.” In the April 2020 letter to the Commission, EPIC reminded the Commission that it acted on similar complaints from EPIC concerning Facebook and Google but failed to act on the Zoom complaint. EPIC cited widespread reports of privacy and security flaws with the online conferencing service. EPIC wrote, “Now more than ever, the Federal Trade Commission has a responsibility to safeguard American consumers. We urge you to act.”
DOJ Responds to EPIC FOIA on Location Data
In response to EPIC’s Freedom of Information Act request to the Justice Department for information about the use of location data, including cell phone records, to counter the pandemic the DOJ wrote there are no “responsive records.” EPIC had asked for “all legal memos, analysis, communications, and guidance documents, in the possession of the Department of Justice, concerning the collection or use of GPS data and cell phone location data for public health surveillance.” The DOJ forwarded EPIC’s request to its Office of Legal Counsel to see if responsive records exist in that office. EPIC will continue to seek information about the DOJ’s views on the use of location data, and particularly phone records. After 9-11, the Justice Department supported the warrantless surveillance of Americans, a program that was later terminated after the New York Times broke the story, and EPIC pursued a FOIA lawsuit and then a Supreme Court petition.
State Attorneys General Investigate Zoom
The Attorneys General from several states including New York, Connecticut, and Florida are investigating Zoom’s privacy and security practices. The New York AG stated that she was “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network.” Last year, EPIC filed a complaint about Zoom security practices with the Federal Trade Commission. EPIC explained that Zoom had “placed at risk the privacy and security of the users of its services.” EPIC’s 22-page analysis detailed how Zoom had “exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack.” The Federal Trade Commission failed to act on EPIC’s 2019 Zoom complaint.