While headquartered in California, Zoom’s suspicious ties to China have called the company’s loyalty into question.
Zoom is one of the few US tech companies that outsource their R&D to China.
At least 30% of Zoom’s engineers are currently based in China, and Eric Yuan the company’s CEO was born in China and still has family there.
So What?
Well, if the story ended there I don’t think this article would exist, but recently, Zoom.us added fuel to the flames.
- They deactivated the accounts of US citizens at the request of the Chinese government
- Suspiciously routed data through Chinese servers
- Generated encryption keys for international calls in China.
Is anyone else seeing a pattern here?
Zoom Ended Three Out of Four Meetings at The Request of the Chinese Government.
The CCP contacted Zoom a couple of months before the anniversary of the Tiananmen Square Massacre and said: “hey we might need some meetings blocked”.
Zoom obliged.
Four calls -that we know about- were cut off midstream and the hosts had their accounts suspended.
The hosts were not Mainland Chinese citizens. Three were US citizens and one was based in Hong Kong.
This resulted in a lot of criticism.
A “US” company blocking the accounts of US citizens over something that’s illegal in China isn’t exactly ethical.
Their justification was that there were Chinese citizens attending the meeting, and that reasoning seemed to have scored well in the PR department because now the company is working on a tool to geo-block Chinese citizens from attending risky meetings.
Suspicious — but on the other hand, maybe Zoom is doing the CCP’s bidding because they’ll have their access to over a billion people revoked by the Great Firewall of China if they don’t.
Or maybe, Eric’s mum gets suspicious phone calls late at night and she fears for her organs?
Who knows?
And does it really matter? With billions of dollars of intellectual property and the unencrypted secrets of nations traversing Zoom’s servers, enterprise and definitely parliament shouldn’t be using it. The platform has a long list of security issues in its past and now potential ties to the Chinese Government.
Zoom is A Window Into The Great Firewall of China…But Why?
Along with Winnie the Pooh and the letter N, All western social media is blocked by China’s Great Firewall.
To access Facebook, Twitter, Instagram, Snapchat, YouTube and pretty much any other platform you can think of you need a VPN.
Zoom, however, has been granted access to this market of over 1.5 billion people. A privilege that historically only locally grown tech subservient to the Chinese censorship is granted.
Zoom was blocked for two months inside China’s internet firewall in September 2019, before the service was let back in. Was the re-education a success?
You can make the case that Zoom isn’t really a social media platform, and international business is too reliant on the platform for the government to block it but still…It’s suspicious.
Zoom’s Routing Traffic Through Chinese Servers and Creating Encryption Keys In China
Toronto-based internet watchdog Citizen Lab said in April it had found evidence some calls made in North America, as well as the encryption keys used to secure those calls, were routed through China.
In a statement, Zoom CEO Eric Yuan admitted the company had mistakenly routed calls via China.
It’s worth noting that Eric Yuan was comfortable keeping quiet about the issue until a 3rd party brought it up.
And the timing is also a little suspicious.
While coronavirus had the governments of the UK, South Africa, Canada, the US and dozens of other countries all using Zoom to communicate, it just so happens that their traffic was “accidentally” routed through Chinese servers.
For all we know, it was an accident, and all this blunder really proved is that Zoom is bad at security and politicians around the world are technologically inept, and they will trust national security to whatever app is trending.
Why Is Zoom Routing Traffic Through China A Problem?
China does not enforce strict data privacy laws.
The CCP could demand that Zoom decrypt calls.
Being a centrally planned economy with state-owned industry, there’s an incentive to steal technology and spy on large businesses to secure a competitive advantage.
Decrypt? How can they decrypt encrypted traffic?
Zoom meetings are not encrypted end-to-end. Instead, they use TLS (Transport Layer Encryption)
TLS — a plaintext message gets encrypted at your end and decrypted at the server encrypted again and then sent on to the final recipient.
End-to-end encryption — plaintext message gets encrypted at your end and gets decrypted only after reaching the recipient’s device.
Backdoors And The Freedom To Say No
Since Zoom outsources a lot of engineering and IT work to mainland China, if approached by authorities, these employees wouldn’t have much choice but to build backdoors into the software and allow authorities access.
The company employs 700 people in China, up 40% from last year.
And the icing on the cake.
Zoom’s (recently updated) Privacy Policy notes that: “In certain limited circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.”
When Is It Safe To Use Zoom?
If you’re chatting with the family or even just communicating about non-sensitive information inside a company, then Zoom is as good an option as any.
Should state secrets be passed around that platform or trade secrets discussed openly? I mean you can, but it takes so little effort to just eliminate any possibility your security is compromised.
Without proper end-to-end encryption, your trusting Zoom and all the individuals in Zoom not to spy on you.
You’re trusting that their security is sufficient and that no malicious actor has gained access to their server where everyone’s data is unencrypted temporarily before it’s re-encrypted for transit.
