Languages

  • EN
  • 中文
16 Jun 2020
news

Zoom under fire for cowing to China

Web conferencing company Zoom has done very well from the Coronavirus pandemic with millions of people confined at home and using their services to work and study. But serious questions have arisen over security issues and its subservient relationship with Beijing. 

Here are six things that should worry us about Zoom.

(1) Zoom misled users that meetings were end-to-end encrypted

It had said users could enjoy end-to-end encryption, but a little digging by The Intercept back in March found out that was not strictly true. Instead it offers transport encryption meaning Zoom, or anyone with access to Zoom’s servers (see below) can spy on a meeting. After the ensuing outcry, the company said it was planning to offer end-to-end encryption to paying users in “the near future”.  Several class-action lawsuits have been launched against Zoom for overstating how secure it was.

(2) Zoom re-routed calls through China; when caught out said it was a ‘mistake’

An investigation by Citizen Lab found that Zoom calls held outside China were sometimes routed through servers in China with encryption keys issued by those servers. When called out on this, Zoom said it had been a “mistake” and promised it would never route any data from users outside of China. But it’s not inconceivable that if it hadn’t been caught out, it would still be routing calls through Beijing.

(3) Zoom has at least five servers in China, where laws mean that the company has to hand over user data if requested including access to the meeting

According to Article 37 of China’s new cybersecurity law, all personal information of Chinese citizens or important data handled by a tech company must be stored in China. The authorities then have access to that data through Article 49, which says: “Network operators shall cooperate with cybersecurity and informatization departments and relevant departments in conducting implementation of supervision and inspections in accordance with the law.” Various other vaguely-worded provisions in the law stipulate that firms must “accept supervision from the government” (Article 9) and will face penalties if they refuse “to provide technical support and assistance to public security organs and state security organs” (Article 69).

(4) Zoom is US headquartered and listed, yet product development is “largely based in China”; it maintains a staff of 700 in China

That investigation by Citizen Lab found that the Zoom app had been developed by three companies in China with at least 700 employees engaged in R&D. But having operations based in China means they are subject to pressure from Beijing to hand over data (see above.)

(5) Zoom closes meetings hosted by users OUTSIDE China on orders FROM China

In early June, Zoom shut down meetings commemorating the Tiananmen Square Massacre hosted by users outside China. It explained this was because of an order from the Chinese government – but did not explain which authority – only after media enquiries. The company said China had warned it the meetings would take place earlier and ordered the company to shut them down, warning they were “illegal”. It argued it did not have technology to eject the Chinese-based participants from the meeting, so it had no choice but to close down the whole meeting.

(6) Zoom cuts the accounts of users OUTSIDE China on orders FROM China

Three of the hosts of those meetings also had their accounts suspended. Following intense criticism, Zoom apologized, re-instated the users’ accounts and said it would no longer cut accounts of users outside China. It is now working on technology that would allow it to remove individual members from a meeting. When asked what laws did the meetings break or the hosts (two in the US and one in Hong Kong) break, the company did not elaborate.

The Backlash Against Zoom

This latest too-close-to-China move by Zoom has raised a lot of concerns. Several US lawmakers are calling for the service to be investigated while scholars in the US are calling for alternatives to Zoom for classes they teach on China, worried that if they continue to use the platform, they could lose their accounts or students in China could be spied on.

The lawmakers want to know how many accounts has Zoom closed on Beijing’s orders; does it share data with the Chinese government; and whether there are any Party members working inside any of its facilities based in China (as is required by law for many companies).

Governments & Groups who have banned Zoom

The list is growing but among those who have banned or strongly urged not using it are:

  • the Taiwanese government
  • NASA
  • SpaceX
  • Australian Defence Force
  • German Ministry of Foreign Affairs
  • The Pentagon
  • Google
  • US Senate
  • Singapore’s Ministry of Education
  • Schools in New York

Alternatives to Zoom

With its connections to China and censorship of accounts outside of China at Beijing’s behest, it appears unwise to continue to use Zoom. There are lots of videoconferencing apps. Those with a better reputation include:

  • Facetime (max 32 participants but only good for mac and IOS users)
  • Wire (only paid version)
  • Cisco Webex
  • Jami
  • Google Duo
  • Microsoft Teams
  • Whereby
  • BlueJeans
  • Signal (although only one-on-one)

What should Zoom do?

Of particular concern is that Zoom seems to respond only when under media pressure. It also maintains R&D staff in China, which clealry compromises the company's ability to resist pressure from Beijing.

In addition, in handling user accounts, there are the Santa Clara Principles on transparency and accountability in content moderation that have been proposed to offer minimum standards – or a starting point for Internet companies to support the right to free expression when they remove posts or accounts. They are:

  • Publish the all statistics on posts and accounts removed – and give a detailed breakdown of this data
  • Give every user affected a reason for the action.
  • And give them a meaningful and timely way for them to appeal that decision.