Zoom is now subject of probes by the U.S. Securities and Exchange Commission and a pair of U.S. Attorney's offices, the company claims, with the investigations focusing on the company's interactions with China and other governments around the world.
On Friday, a corporate blog post revealed Zoom had caught the attention of the SEC and U.S. Attorneys, and had been investigated for a number of months. The investigations, launched over the summer, examined how the company conducted itself with foreign governments and political parties, with close scrutiny over its handling of Chinese government requests.
This included requests for information relating to security and privacy, encryption, usage metrics, and disclosures. A subpoena from the Northern District of California also wanted details of contacts between Zoom employees and the Chinese government, and attempts by foreign governments to influence Zoom's policies in relation to its US users.
The probes are linked to an unsealing of a complaint and arrest warrant on the same day by the Eastern District of New York, charging Xinjiang "Julien" Jin, a now-former employee for Zoom based in China. Jin was alleged to have disrupted a series of Zoom meetings in May and June commemorating the June 4, 1989 Tiananmen Square massacre in China.
The complaint claimed Jin "willingly committed crimes, and sought to mislead others at the company," in a bid to "help PRC authorities censor and punish U.S. users' core political speech merely for exercising their rights to free expression."
Zoom's blog post mentions how China turned off its service without warning in September 2019, in a bid to get the company to comply with Chinese law. This included designating an in-house contact for law enforcement requests and transferring China-based user data to a data center in China.
Opening a data center in China and moving user data to it is an action performed by many companies, including Apple, to appease local government rules. While this risks the possibility of increased surveillance and easier access of Chinese user data by the Chinese government, it is seen as a cost of doing business with the major market.
The Department of Justice cited a "rectification plan" in its complaint, which included measures to appease China, including measures to comply with real ID and data localization, as well as items that were not carried out. These unperformed elements included working with a Chinese company to "develop technology that would analyze the content of meetings hosted in China to identify and report illegal activity."
By October 2019, Jin was appointed as the government contact, who went on to take actions that violated the company's policies, including "circumventing certain internal access controls," and terminating Zoom meetings relating to Tiananmen Square as well as those featuring religious or political subject matter.
Zoom's own investigation determined Jin had shared or directed the sharing of some user data with Chinese authorities, but it appears that the vast majority of shared data was for Chinese users rather than for those based elsewhere in the world.
For the June and July subpoenas from the SEC and the two Attorneys' offices, Zoom is "fulling cooperating with all of these investigations, and have been conducting our own thorough internal investigation."
Since the probes, Zoom has implemented a number of extra features and policies, including instigating end-to-end encryption across free and paid user accounts, strict geofencing procedures preventing travel through its mainland China data center, and employee training. It has also created a Government Requests Guide, that it will use to "subject any governement request to a careful and thorough review, prioritizing the privacy, security, and safety of our users at all times."
3 Comments
Critics of Apple like to refer to Apple supporters as Apple Fanbois. Critics of Zoom should come up with a term for Zoom supporters, perhaps Zoom Bozos?
There they go again, spending valuable time and taxpayer money on “critical investigations” like this instead of, y’know... something important like vote fraud.