Zoom, the company that provides a popular video conferencing platform, recently shut down a U.S.-based human rights organization’s account when the organization was hosting an online event to commemorate the 1989 Tiananmen Square massacre. Zoom has faced many security concerns in the past, but this latest incident raised fresh questions about its relationship with the Chinese Communist Party (CCP) and whether Americans should rely on Zoom so much in our day-to-day lives.
Humanitarian China, a U.S.-based nonprofit organization that focuses on human rights issues in communist China, was founded by Zhou Fengsuo, a participant of the 1989 pro-democracy movement in Tiananmen Square. According to the organization’s statement, it held its first ever Zoom conference to commemorate the 31st anniversary of the Tiananmen massacre on May 31 using the organization’s paid Zoom account.
According to the organizers, “More than 250 people worldwide joined the conference on ZOOM, while more than 4000 streamed through Social Media. A significant proportion of attendees were from China.” Attendees represented various human rights organizations, both overseas and within China, one of which was the Tiananmen Mothers, whose sons and daughters tragically perished in the massacre caused by the CCP’s violent military confrontation against student protesters.
Then on June 7, Humanitarian China found its Zoom account terminated. Initially, Zoom refused to give the organization an explanation. Only after U.S.-based Axios reported the incident did Zoom acknowledge the human rights organization’s account was shut down to “comply with the local law.”
“Local law” is a reference to the Chinese Communist Party’s law that outlawed any mention of the 1989 Tiananmen massacre in China. Each year, the CCP explicitly harasses and detains human rights activists near the anniversary to prevent them from commemorating the event. So Zoom, a U.S.-based company, essentially declared it had to shut down a U.S.-based user account in obedience to China’s laws.
According to Humanitarian China, Zoom also shut down the account of Lee Cheuk-yan, chairman of the Hong Kong-based rights organization Hong Kong Alliance, as well as the account of Wang Dan, one of the student leaders of the 1989 pro-democracy movement. Because of all the media attention, Zoom finally admitted it did so at the request of the Chinese government.
While Zoom has now restored all these accounts, Humanitarian China expressed that if Zoom is prone to act in this manner under pressure from the Chinese government, “ZOOM is complicit in erasing the memories of the Tiananmen Massacre in collaboration with an authoritarian government.”
Zoom Has Faced Security and Privacy Issues from the Start
Since the pandemic compelled us to stay home, Zoom meetings, happy hours, and even parties have become an integral part of our lives. Even Queen Elizabeth II made her first appearance on Zoom recently to chat with a group of British health-care workers. The number of Zoom users has exploded from 10 million to more than 100 million in just two months, and Zoom’s share price appreciated by 220 percent.
As Zoom grows more popular by the day, many concerns have been raised with regard to the platform’s security and its connection with the Chinese government.
In its own SEC filings, Zoom acknowledged that in 2018, it was made aware of “a vulnerability in the Zoom Meeting client for Windows that could result in potential exposure of a Zoom user’s password.” In that same year, a cyber security company discovered a vulnerability in Zoom’s software that hackers could exploit to take over certain meeting controls.
University of Toronto’s Citizen Lab in April this year reported various other security issues and privacy concerns it found on Zoom, including instances of Zoom “installing a hidden web-server on Mac computers to circumvent a Safari popup that users had to click through before they joined a Zoom meeting [and] a Zoom feature that removes a password prompt during the installation process.” Features like these are designed to speed up the meeting process, but they also significantly reduce privacy and security.
The biggest security issue Citizen Lab found concerned Zoom’s ambiguous claim about encryption, which gave users the impression that their meetings are “end-to-end” encrypted. The industry defines such end-to-end encryption to mean that “only the parties to the communication can access it (and not any middlemen that relay the communication).”
It turns out, however, that Zoom allows itself to access unencrypted video and audio from meetings. The company mines files and messages shared in Zoom meetings for its targeted advertising. After a number of publications challenged Zoom’s claim about its end-to-end encryption, Zoom offered a clarification, basically saying it uses its own definition of end-to-end encryption, which differs from industry standards.
Users should beware that Zoom does not support end-to-end encryption for video and audio content the way we commonly understand. Zoom CEO Eric Yuan also clarified in early June that the company does not provide end-to-end encryption for free calls.
Zoom’s Operation Relies on China
Zoom’s business operation model presents yet another source of potential security and privacy risks. Zoom is headquartered in the United States, but its business operation heavily relies on China.
In its Securities and Exchange Commission filings, Zoom acknowledged that it operates research and development centers in China and employed more than 700 Chinese workers as of Jan. 31, 2020. Since Yuan emigrated from China, he has been instrumental in recruiting research and development talent in China, where labor costs about a third of what it would in the United States. This hiring of cheap labor ensures Zoom is one of the few high-flying tech companies that is profitable, but it also could expose Zoom to security risks.
Citizen Lab found that Zoom routed some calls made in North America to communist China, along with encryption keys used to secure those calls. Zoom quickly explained that in the process of ramping up server capacity to accommodate the massive influx of users during the peak of the Wuhan virus pandemic, it “mistakenly” routed calls made in North America to its Chinese data centers.
This is deeply concerning, given that users share sensitive information, including business intelligence, health-care data, and government policies over Zoom. The data collected from Zoom meetings is a gold mine for cyber thieves and spies.
Then there is China’s 2018 cyber security regulation, which allows Chinese authorities to walk into any China-based internet company or data center to access and take any data at will — without a warrant. Authorities can also legally conduct remote surveillance of these companies and their facilities.
The truth is, Chinese authorities already compelled companies to share their data with the government long before this new cybersecurity law. This law has merely given the Chinese government’s censorship and surveillance a legal fig leaf. Should the Chinese authorities demand that Zoom hand over meeting data and encryption keys, the company is in no position to decline. The recent incident of the temporary termination of U.S.-based human rights user accounts confirms Zoom will comply with the Chinese government’s demands in order to keep its business functioning in China.
It’s Time to Diversify Away from Zoom
Zoom is easy to navigate and helps keep many of us productive while we work from home. Almost all universities in the United States are using Zoom to teach online classes. Still, we must recognize the limitation of this technology and the security and privacy issues it presents. Zoom’s latest incident of shutting down U.S.-based users to comply with Chinese law should ring an alarm bell for all of us.
Sen. Josh Hawley, R-Mo., recently sent a letter to Zoom CEO Eric Yuan, reminding Yuan that “trading American values for Beijing profits never ends well. … When you censor for the Communist Chinese Party, you may think it benefits you, but the only one who will benefit in the long run is the Chinese Communist Party. … I reiterate today that it is time for you to pick a side: American principles and free-speech, or short-term global profits and censorship?”
We, too, need to pick a side. We can choose from numerous other video conference software; PC Magazine just released its top 10 picks for 2020. If you must use Zoom, use it only for online happy hours or for checking in with Grandma. You should think twice before sharing any confidential personal, business, or government information over Zoom.