By Bowen Xiao
Video-conferencing app Zoom, which has surged in popularity amid the global CCP virus pandemic, is facing mounting privacy and security concerns after research reports and the CEO’s disclosure revealed its encryption keys were being transmitted to servers in China in some cases.
The backlash reached a crescendo recently with Taiwan’s recent banning of any government use of Zoom, citing security concerns. The April 7 measure marked the first time a government had imposed a formal action against the company.
In the United States, a similar picture is emerging. Experts told The Epoch Times that concerns related to Zoom’s alleged ties to the Chinese Communist Party are absolutely warranted.
Watchdog group Citizen Lab recently examined Zoom’s encryption during multiple test calls in North America, in which they found keys for encrypting and decrypting meetings were “transmitted to servers in Beijing.” The report stated that Zoom used “non-industry-standard cryptographic techniques with identifiable weaknesses.”
“An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China [that] handle meeting keys, presents a clear target to reasonably well-resourced nation-state attackers, including the People’s Republic of China,” the authors wrote in their April 3 report.
The app has gained immense popularity in recent weeks as millions of Americans under lockdown are required to work from home. Headquartered in San Jose, California, Zoom reached more than 200 million daily users worldwide in March, a massive increase from the 10 million daily participants at the end of December.
Zoom also appears to own three companies in China, the report states, adding that according to a recent SEC filing, the company, through its Chinese affiliates, “employs at least 700 employees in China that work in ‘research and development.’” This arrangement, researchers noted, “may make Zoom responsive to pressure from Chinese authorities.”
Casey Fleming, chairman and CEO of intelligence and security strategy firm BlackOps Partners, said Americans should be very wary of any software or hardware created or manufactured in China.
“The Chinese Communist Party (CCP) completely controls all production and exploits every opportunity to steal intellectual property and innovation through every means possible,” Fleming told The Epoch Times. “Economic espionage is part of the CCP’s grand strategy of Hybrid Competition (Warfare) to defeat the United States, capitalism, and democracy to ultimately control the world.
“The world is waking up to how ruthless and evil the Chinese Communist Party really is and their true intentions,” he said. “Recent CCP actions and statements reveal this point. The CCP is very much like a nefarious and dysfunctional crime family running a nation-state.”
The Epoch Times reached out to Zoom for comment but didn’t receive a response.
Meanwhile, the Department of Homeland Security said in a positively worded memo that the company had been responsive to the concerns raised about its software, according to Reuters. The memo was recently distributed to top government cybersecurity officials.
Zoom CEO Eric Yuan admitted in an April 3 blog post that the company “mistakenly” added servers for the app in China.
“In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly—starting in China, where the outbreak began,” Yuan said. “In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect.”
In February, to handle an increase in demand, Yuan said Zoom added two of its Chinese data centers “to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to—under extremely limited circumstances—connect to them (namely when the primary non-Chinese servers were unavailable).”
He added that Zoom “immediately took the mainland China data centers off of the whitelist of secondary backup bridges for users outside of China” after learning about the oversight.
In an October 2017 interview with Medium, Yuan said he decided to move to the United States in the mid-1990s because of the growing internet wave, which he said had not taken off in China. He said he got his U.S. visa on his ninth attempt.
“The first time I applied for a U.S. visa, I was rejected,” Yuan said. “I continued to apply again and again over the course of two years, and finally received my visa on the ninth try.”
The FBI also warned about Zoom’s security vulnerabilities in a March post saying there were reports of video calls being hacked with “pornographic and/or hate images, and threatening language.” The Justice Department also issued a similar release.
Experts said the criticisms they have seen against the app are similar to the ones about the Chinese-owned video-sharing app TikTok, which is facing a national security review.
On April 3, a group of 19 House lawmakers sent a letter to Yuan asking him to “shed light” on the company’s data collection practices, including information on attendee attention tracking, cloud recording, and automatic transcriptions of conferences.
And according to The New York Times, New York Attorney General Letitia James asked Yuan in a letter about the new security measures that Zoom has put in place. The New York City Department of Education has also banned teachers from using the app.
Zoom is dealing with a heavy load of backlash against a “multi-faceted and often mind-boggling shortsightedness with regard to user privacy and the overall security of its platform,” Attila Tomaschek, data privacy expert at ProPrivacy, told The Epoch Times.
“Beijing theoretically could demand that the encryption keys for those calls be handed over for decryption by Chinese authorities, allowing them full access to the contents of those calls and the ability to listen in on supposedly private conversations,” he said.
Meanwhile, Zoom was hit with a class-action lawsuit by shareholder Michael Drieu, who accused the company of overstating its privacy standards and failing to disclose that its service wasn’t end-to-end encrypted.
Also, Google on April 8 banned the use of Zoom on employee computers, citing security concerns. A spokesperson told The Hill the move was part of Google’s longstanding policy of not allowing the use of “unapproved apps for work.”
The fact that Zoom effectively gave Chinese authorities access to the call data of users in North America, well outside the normal reach of the communist regime, “raises the alarm to a whole new level,” Tomaschek said.
“[Zoom] represents a particularly attractive target for government agencies in gathering intelligence,” he added. “When the company quite literally hands over the keys to an authoritarian government, it presents massive issues with regard to user trust and its overall security practices.”
From The Epoch Times