April 8, 2020

The Honorable Joseph Simons
Chairman
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

The Honorable Noah Phillips
Commissioner
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

The Honorable Rohit Chopra
Commissioner
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

The Honorable Rebecca Slaughter
Commissioner
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

The Honorable Christine Wilson
Commissioner
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Dear Chairman Simons, Commissioner Phillips, Commissioner Chopra, Commissioner
Slaughter, and Commissioner Wilson:
During the ongoing coronavirus pandemic, millions of Americans have become dependent on
online conferencing services for work, school, and contact with loved ones. Unfortunately, a
growing number of incidents over the past several weeks have revealed that these technologies
may expose their users to significant cybersecurity and privacy risks. I write to urge the Federal
Trade Commission (FTC) to help Americans address these dangers by issuing comprehensive
guidelines for companies that provide online conferencing services, as well as best practices for
users that will help protect online safety and privacy during this pandemic and beyond.
As Americans’ reliance on online conferencing grows, individuals are increasingly vulnerable to
cyber-attacks and inappropriate access of their personal data. For example, recent reports
indicate that cyber-criminals may be exploiting Zoom’s growing popularity to perpetrate
phishing scams and spread malware. 1 Users have also reported having their Zoom meetings

1

Danny Palmer, Cyber criminals are trying to exploit Zoom's popularity to promote their phishing scams, ZDNet
(Apr. 2, 2020), https://www.zdnet.com/article/cyber-criminals-are-trying-to-exploit-zooms-popularity-to-promote-

1

 hijacked by intruders spreading pornography and racist messages.2 Relatedly, Zoom video calls
containing personally identifiable information and intimate conversations have been stored in
publicly accessible places. 3 Although much of the recent reporting has focused on Zoom due to
its growing user base, and I would urge the FTC to conduct a thorough investigation into Zoom,
it is clear that no platform is immune from risks. Other services, including Cisco Webex, 4
Microsoft Teams,5 and Slack6 have all previously had security flaws exposed, raising the need
for the FTC to issue guidance generally “to help businesses understand their responsibilities and
comply with the law,” particularly during this pandemic. 7
I urge the FTC to issue guidance and provide a comprehensive resource for technology
companies that are developing or expanding online conferencing tools during the coronavirus
pandemic, so that these businesses can strengthen their cybersecurity and protect customer
privacy. At a minimum, this guidance should cover topics including:





Implementing secure authentication and other safeguards against unauthorized access;
Enacting limits on data collection and recording;
Employing encryption and other security protocols for securing data; and
Providing clear and conspicuous privacy policies for users.

I also request that the FTC develop best practices for users of online conferencing software, so
that individuals can make informed, safe decisions when choosing and utilizing these
technologies. At a minimum, this guidance should cover topics including:





Identifying and preventing cyber threats such as phishing and malware;
Sharing links to online meetings without compromising security;
Restricting access to meetings via software settings; and
Recognizing that different versions of a company’s service may provide varying levels of
privacy protection.

These cybersecurity and privacy concerns are an important and time-sensitive issue, as millions
of Americans now depend on online conferencing software for communication during this public

their-phishing-scams/; Kate Kozuch, Zoom attracting malware attacks: How to protect yourself, Tom’s Guide (Mar.
31, 2020), https://www.tomsguide.com/news/zoom-malware-attacks.
2
Valeria Strauss, FBI issues warning about ‘hijacking’ of online classes by intruders after schools report serious
disruptions, Washington Post (Mar. 31, 2020), https://www.washingtonpost.com/education/2020/03/31/fbi-issueswarning-about-hijacking-online-classes-by-intruders-after-schools-report-serious-disruptions/.
3
Drew Harwell, Thousands of Zoom video calls left exposed on open Web, Washington Post (Apr. 3, 2020),
https://www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/.
4
Lindsey O’Donnell, High-Severity Cisco Webex Flaws Fixed, Threat Post (Mar. 5, 2020),
https://threatpost.com/high-severity-cisco-webex-flaws-fixed/153462/.
5
Conor Reynolds, Squirrel Exploit Leaves Microsoft Teams Vulnerable to Privilege Escalation, Computer Business
Review (July 1, 2019), https://www.cbronline.com/news/microsoft-teams-vulnerability.
6
Lily Hay Newman, Hack Brief: A Slack Bug Could Have Been Everyone’s Worst Office Nightmare, Wired (Mar. 2,
2017), https://www.wired.com/2017/03/hack-brief-slack-bug-everyones-worst-office-nightmare/.
7
Federal Trade Commission: Guidance, https://www.ftc.gov/tips-advice/business-center/guidance, (last visited Apr.
7, 2020).

2

 health crisis. The FTC should act as quickly as possible to guide companies and educate the
public about how to best mitigate the risks that come with using online conferencing technology.
Thank you for your attention to this important matter.

Sincerely,

Edward J. Markey
United States Senator

3