专栏首页technewsworld翻译专栏FTC的Zoom Deal表示对安全执法的承诺

FTC的Zoom Deal表示对安全执法的承诺

美国联邦贸易委员会正在完善一项决议,以加强其对电子商务交易中出现的安全缺陷的执法力度。该机构最近的行动涉及电话会议提供商Zoom Video Communications不当活动的指控,这是一个著名的例子。 在与Zoom达成和解后,FTC对与Zoom的服务相关的安全和隐私问题对公司提出了明确的特定要求。评论期于12月中旬到期后,2020年11月13日的和解协议正式生效。 美国联邦贸易委员会表示,与Zoom达成的协议要求该公司“实施强有力的信息安全计划,以解决有关视频会议提供商进行一系列欺骗性和不公平做法的指控,这些做法破坏了其用户的安全。” Zoom接受或接受委员会的指控后,既没有承认也没有否认委员会的指控。 广泛的电子商务涟漪效应 在电子商务世界中,重要的是,委员会在Zoom案中的行动所反映的不仅仅是内部政策,其目的是加强对电子商务问题的执行。根据Cleary Gottlieb的案例分析,FTC的行动还反映了联邦法院的裁决,该裁决导致委员会采取了更强有力和更有针对性的执法行动,而不是更一般的合规要求。 此外,FTC行动的影响远远超出了应用于视频会议服务的范围,并且影响了广泛的电子商务活动。 Alston and Bird的合伙人凯瑟琳·本威(Kathleen Benway)说:“缩放决定绝对适用。美国联邦贸易委员会(FTC)的决定“向所有以电子方式收集消费者个人信息的公司提供了教训。明智的做法是,此类公司应仔细审查Zoom投诉,并确保其系统和流程不会引起类似问题,”她对E-商业时报。 FTC在Zoom案中的指控的特殊性,为委员会关注并可能影响执法的电子商务交易类型提供了一些见解。 FTC在其投诉中表示,至少从2016年开始,Zoom声称其提供“端到端256位加密”来保护用户的通信,从而误导了客户,“事实上,它提供了较低的安全级别。” FTC解释说,端到端加密是一种确保通信安全的方法,因此,只有发送者和接收者(没有人,甚至平台提供商)也无法读取内容。 FTC表示,Zoom保留了实际上可以允许公司访问其客户会议内容的加密密钥,并以较低的加密级别来保证其电话会议的安全。根据Alston和Bird的案例分析,Zoom在2020年4月承认其服务通常无法进行端到端加密。 根据FTC的投诉,Zoom还错误地声称会议结束后立即加密了这些会议,从而误导了一些希望将记录的会议存储在公司云存储中的用户。取而代之的是,据称某些录音未加密地在Zoom的服务器上存储了长达60天,然后才转移到其安全的云存储中。 此外,Zoom部署了与Apple的Safari浏览器有关的操作机制,FTC将其描述为一种在没有充分通知或征得用户同意的情况下绕过Safari安全和隐私保护措施的方法。委员会认为,这种部署构成不公平的行为或作法。

原文:The U.S. Federal Trade Commission is making good on a resolution to strengthen its enforcement of security deficiencies occurring in e-commerce transactions. The agency's recent action involving allegations of improper activities by teleconferencing provider Zoom Video Communications is a notable example.

In a settlement with Zoom, the FTC imposed significantly specific requirements on the company regarding safety and privacy issues associated with Zoom's services. The Nov. 13, 2020 settlement became official after a comment period expired in mid-December.

The FTC said the agreement with Zoom requires the company "to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users."

Zoom neither admitted nor denied the Commission's allegations with its acceptance of the settlement.

Broad E-Commerce Ripple Effect

Importantly in the world of e-commerce, the Commission's action in the Zoom case reflected more than an internal policy of bolstering enforcement of e-commerce issues. The FTC's action also reflected a federal court decision which resulted in the Commission's move to issue stronger and more targeted enforcement actions, versus more general compliance requirements, according to a Cleary Gottlieb case analysis.

Additionally, the impact of the FTC's action goes far beyond application to video conferencing services and affects a broad range of e-commerce activities. "The Zoom decision absolutely applies broadly," said Kathleen Benway, a partner at Alston and Bird. The FTC decision "offers lessons to any company that collects consumers' personal information electronically. Such companies would be wise to closely review the Zoom complaint and order to ensure that their systems and processes don't raise similar issues," she told the E-Commerce Times.

The specificity of the FTC's allegations in the Zoom case provides some insights on the types of e-commerce transactions that are of concern to the Commission and could possibly affect enforcement.

In its complaint, the FTC said that at least from 2016, Zoom misled customers by claiming that it offered 'end-to-end, 256-bit encryption' to secure users' communications, "when in fact it provided a lower level of security." End-to-end encryption is a method of securing communications so that only the sender and recipient -- and no person, not even the platform provider -- can read the content, the FTC explained.

Zoom maintained the cryptographic keys that could actually allow the company to access the content of its customers' meetings, and secured its teleconference meetings, in part, with a lower level of encryption than promised, FTC said. Zoom acknowledged in April 2020 that its services were generally incapable of end-to-end encryption, according to a case analysis from Alston and Bird.

According to the FTC's complaint, Zoom also misled some users who wanted to store recorded meetings on the company's cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom's servers before being transferred to its secure cloud storage.

In addition, Zoom deployed an operational mechanism related to Apple's Safari browser which the FTC characterized as a method which circumvented a Safari security and privacy safeguard, without adequate notice or consent to the user. The Commission contended that the deployment amounted to an unfair act or practice.

原文链接:https://www.technewsworld.com/story/86962.html

原文作者:John K. Higgins • E-Commerce Times • ECT News Network

我来说两句

0 条评论
登录 后参与评论

相关文章

  • Zoom的人气飙升是一把双刃剑

    随着在美国冠状病毒大流行的加剧,Zoom Video Communications提供了免费使用其视频会议平台的服务,需求激增。 KnowBe4的安全意识倡导者...

    YH
  • 证明不可表达性

    无限单词上不同类别的自动机具有不同的表达能力。确定给定语言[数学处理错误]是否可以由所需类别的自动机表达,可以简化为确定Prover和Refuter之间的游戏:...

    YH
  • 移动购物应用的兴起

    在大流行中,移动购物应用程序已成为在线零售业务的中心,显然,它们将继续存在。实际上,到2021年,移动电子商务或移动商务的销售额预计将占所有零售电子商务销售额的...

    YH
  • Zoom的人气飙升是一把双刃剑

    随着在美国冠状病毒大流行的加剧,Zoom Video Communications提供了免费使用其视频会议平台的服务,需求激增。 KnowBe4的安全意识倡导者...

    YH
  • 使用合取语法和布尔语法描述编程语言的语法(CS)

    Floyd的一个经典结果(“关于algol60的短语结构语法的不存在”,1962)指出,任何有意义的编程语言的完整语法都不能用普通的形式语法来描述(Chomsk...

    用户8054111
  • 02.改善深层神经网络:超参数调试、正则化以及优化 W1.深度学习的实践层面(作业:初始化+正则化+梯度检验)

    笔记:02.改善深层神经网络:超参数调试、正则化以及优化 W1.深度学习的实践层面

    Michael阿明
  • 基于SDN网络的主动时延测量(CS NI)

    目前基于IP的网络支持广泛的延迟敏感应用,如网络游戏的实时视频流。 为这些应用程序提供足够质量的经验对于网络提供者至关重要。 提供的服务通常由严格的服务级别协议...

    栾博舒
  • SAP CRM settype的创建,背后发生了什么

    当我们在CRM系统里创建一个settype之后,其实系统后台悄悄的帮我们创建了很多ABAP对象,比如对应的database tables, other ABAP...

    Jerry Wang
  • 点云局部聚合描述子研究(CS)

    近年来,点云数据处理网络结构进步主要是由于新设计的局部描述子推动。然而,由于网络结构以及实施细节的不同,当前这些描述子对于网络性能的影响尚未有深入研究,同时,大...

    DDDDDaemon
  • Prism:基于多所有者外包数据库的私有可验证集合计算(CS)

    本文提出了Prism,一种基于秘密共享的方法来计算私有集操作(即交集和并集),以及聚合属于多个所有者的外包数据库。 Prism使数据所有者可以将数据预加载到非冲...

    Alfred_Yip

扫码关注云+社区

领取腾讯云代金券