The latest proposed class action lawsuit centered on security issues with Zoom’s video conferencing platform alleges the company’s assurance that it cares for users and their privacy is outright false given Facebook and LinkedIn’s apparent efforts to “eavesdrop” on Zoom users in an effort to harvest their personal information for profit.
According to the 70-page complaint, Facebook and LinkedIn have secretly listened in on those using Zoom while attempting to read and learn “the contents and meaning of” the communications between Zoom users’ devices and the company’s server.
Further, the 17-count lawsuit, echoing a case filed earlier this month, alleges Zoom and LinkedIn have unlawfully disclosed users’ identities to third parties “even when those users actively took steps” to keep themselves anonymous while using Zoom’s software. As the lawsuit tells it, a user’s privacy on Zoom is effectively non-existent the minute the video conferencing app is opened.
Zoom has plainly misrepresented to users the nature and strength of the safeguards supposedly in place to keep their information and communications private, the suit says. At the same time, the company, in order to protect its business, has “concealed, suppressed and omitted” the myriad security flaws with its video conferencing product until such information is brought to light by third parties, the suit alleges.
Bad company? Two Three peas in a pod
According to the suit, Zoom offers users the capability to integrate into its video platform certain third-party apps, such as LinkedIn’s Sales Navigator and Facebook’s “Login with Facebook” feature. Though the ability to connect with third-party companies exists, Zoom, the lawsuit points out, has “consistently represented” that it does not allow outsiders to access the personal user data that’s collected in the course of using the video conferencing service.
Concerning for users, according to the picture painted by the complaint, is Zoom’s increasingly prominent place among the likes of Facebook and LinkedIn, wildly successful companies with far below-stellar track records as far as user privacy is concerned. The lawsuit, running down a series of incidents since the company went public last year, notes that despite its relatively young age, Zoom has already come face to face with concerns around its privacy, data protection and information security practices.
Per the lawsuit, Zoom’s third-party app integration has allowed Facebook (with more than a decade of data protection red flags, a seemingly blatant disregard for user privacy and billions in settlements under its belt) and LinkedIn (no stranger itself to data breaches, unauthorized user contact harvesting, and other privacy intrusions) to essentially use the inescapable video conferencing platform as a recording device with which to eavesdrop on and otherwise read, collect and understand the meaning of communications between a Zoom user’s device and the company’s server.
Ultimately, through their apps’ integration with Zoom, Facebook and LinkedIn have been able to harvest a trove of user data in order to build “increasingly detailed profiles” from which each defendant can respectively profit through advertising, the case alleges.
An individual hosting a Zoom meeting while utilizing LinkedIn’s Navigator app can view the LinkedIn details of those participating in the meeting, “even when those participants sought to keep their personal details anonymous,” the suit says. According to the complaint, LinkedIn engaged in this conduct “in an unauthorized manner and without the meeting participants’ knowledge or consent,” and was able to learn “the contents of all sign-in communications of all Zoom users” even if a meeting host was not utilizing the Navigator app.
“None of Defendant Zoom’s privacy policies disclosed that Defendant LinkedIn was able to obtain users’ personal information in the manner alleged above,” the suit reads, claiming both companies “unjustly enriched themselves” on the back of the undisclosed collection of user data.
Similarly, the lawsuit continues, Facebook, through its iOS Login feature, can surreptitiously collect the personal information of Zoom users—even those who do not have a Facebook account and do not use the iOS Login feature.
According to the case, the personal information gathered from Zoom users by Facebook without consent includes:
iOS advertiser IDs and time zones;
devices’ disk space details;
the iOS versions on which the devices operate; and
users’ application bundle identifiers, instance IDs and versions.
The suit says that though any of this information on its own is merely a string of numbers, it can be exploited when linked to other data points about a particular individual.
In obtaining such a trove of device- and therefore user-specific data, Facebook is able to identify specific Zoom users—even those who have taken steps to keep their identities private, the lawsuit says. Essentially, the case claims, Facebook “could render the concept of anonymized data a nullity.” According to the suit, Facebook has the capability to identify a particular Zoom user in multiple ways, “even if he took steps to keep his identity anonymous,” thereby exponentially boosting its targeted advertising business.
“Defendant Facebook’s surreptitious collection of the personal information described above allowed it to amass increasingly detailed profiles on Zoom users showing how, when and why they used Zoom, along with other inferences that could be drawn therefrom,” the case alleges.
Who’s covered by this lawsuit?
The plaintiff looks to represent the following Zoom users:
All persons and businesses in the United States whose personal or private information was unlawfully collected, disclosed and/or used by Zoom, Facebook and/or LinkedIn upon the installation, opening, closing or use of the Zoom App.”
Further, the case aims to represent separate groups of consumers in Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Texas, Utah, Vermont, Washington and West Virginia whose personal or private information was collected, disclosed and/or used by the defendants upon opening, closing or using the Zoom app.
Stay current with COVID-19 class action litigation—sign up for ClassAction.org’s newsletter here.