- EN
- 中文
Web conferencing company Zoom has done very well from the Coronavirus pandemic with millions of people confined at home and using their services to work and study. But serious questions have arisen over security issues and its subservient relationship with Beijing.
Here are six things that should worry us about Zoom.
It had said users could enjoy end-to-end encryption, but a little digging by The Intercept back in March found out that was not strictly true. Instead it offers transport encryption meaning Zoom, or anyone with access to Zoom’s servers (see below) can spy on a meeting. After the ensuing outcry, the company said it was planning to offer end-to-end encryption to paying users in “the near future”. Several class-action lawsuits have been launched against Zoom for overstating how secure it was.
An investigation by Citizen Lab found that Zoom calls held outside China were sometimes routed through servers in China with encryption keys issued by those servers. When called out on this, Zoom said it had been a “mistake” and promised it would never route any data from users outside of China. But it’s not inconceivable that if it hadn’t been caught out, it would still be routing calls through Beijing.
According to Article 37 of China’s new cybersecurity law, all personal information of Chinese citizens or important data handled by a tech company must be stored in China. The authorities then have access to that data through Article 49, which says: “Network operators shall cooperate with cybersecurity and informatization departments and relevant departments in conducting implementation of supervision and inspections in accordance with the law.” Various other vaguely-worded provisions in the law stipulate that firms must “accept supervision from the government” (Article 9) and will face penalties if they refuse “to provide technical support and assistance to public security organs and state security organs” (Article 69).
That investigation by Citizen Lab found that the Zoom app had been developed by three companies in China with at least 700 employees engaged in R&D. But having operations based in China means they are subject to pressure from Beijing to hand over data (see above.)
In early June, Zoom shut down meetings commemorating the Tiananmen Square Massacre hosted by users outside China. It explained this was because of an order from the Chinese government – but did not explain which authority – only after media enquiries. The company said China had warned it the meetings would take place earlier and ordered the company to shut them down, warning they were “illegal”. It argued it did not have technology to eject the Chinese-based participants from the meeting, so it had no choice but to close down the whole meeting.
Three of the hosts of those meetings also had their accounts suspended. Following intense criticism, Zoom apologized, re-instated the users’ accounts and said it would no longer cut accounts of users outside China. It is now working on technology that would allow it to remove individual members from a meeting. When asked what laws did the meetings break or the hosts (two in the US and one in Hong Kong) break, the company did not elaborate.
This latest too-close-to-China move by Zoom has raised a lot of concerns. Several US lawmakers are calling for the service to be investigated while scholars in the US are calling for alternatives to Zoom for classes they teach on China, worried that if they continue to use the platform, they could lose their accounts or students in China could be spied on.
The lawmakers want to know how many accounts has Zoom closed on Beijing’s orders; does it share data with the Chinese government; and whether there are any Party members working inside any of its facilities based in China (as is required by law for many companies).
The list is growing but among those who have banned or strongly urged not using it are:
With its connections to China and censorship of accounts outside of China at Beijing’s behest, it appears unwise to continue to use Zoom. There are lots of videoconferencing apps. Those with a better reputation include:
Of particular concern is that Zoom seems to respond only when under media pressure. It also maintains R&D staff in China, which clealry compromises the company's ability to resist pressure from Beijing.
In addition, in handling user accounts, there are the Santa Clara Principles on transparency and accountability in content moderation that have been proposed to offer minimum standards – or a starting point for Internet companies to support the right to free expression when they remove posts or accounts. They are: