Zoom’s China problem may prove to be its Achilles heel

When US government agencies were warned last week that Zoom was vulnerable to being hacked by “foreign spies”, staff were quick to delete the app. The warning came from a Department of Homeland Security intelligence analysis which claimed the video-calling app’s Chinese workforce could work at the behest of the ruling Communist Party.

The claim was denied by a Zoom spokesman, who said it was “heavily misinformed, includes blatant inaccuracies about Zoom’s operations, and the authors themselves admit only ‘moderate confidence’ in their own reporting”.

It was just the latest in a series of criticisms levelled at US-listed Zoom, which has become a new front in tensions between Washington and Beijing.

Just a week before the intelligence memo, Nancy Pelosi told hundreds of thousands of viewers that Zoom was a “Chinese entity that we’ve been told not to even trust the security of” during an interview on MSNBC.

The Democratic House speaker, known for launching an impeachment drive against Donald Trump, is not the only political figurehead to suggest that Zoom, incorporated in the American state of Delaware and headquartered in San Jose, California, may be an arm of the Chinese state.

Charlie Kirk, a verified founder of conservative non-profit Turning Point USA, who has 1.7 million followers, recently claimed: “The Chinese Communist Party is using Zoom as a way to spy on our citizens.”

Most damaging was the revelation from Citizen Lab, a research group, that Zoom users’ data had been routed through Chinese servers in April, even when participants were outside the country.

Around 80pc of Zoom’s customers are in the US, with the remainder in the UK, China and Australia. This might open Zoom up to requests from authorities in China to disclose the necessary keys to intercept meetings, although there was no evidence to suggest this had happened, Citizen Lab claimed.

“There has been significant misinformation and blatant inaccuracies circulating about Zoom with regards to China, both in the press and being pushed by other parties. We are aware of no ‘connections’ to China that are meaningfully different from our peers who also operate and employ people there,” said a Zoom spokesman.

Eric Yuan, the founder and chief executive of Zoom, 50, moved to the US from China in 1997, aged 27, hoping to “embrace the first wave of the internet revolution”.

He now lives in Saratoga, one of the wealthiest neighbourhoods in Silicon Valley, with his wife and three children.

In an interview with The Telegraph, Yuan claimed never to have experienced xenophobia in the 23 years he had lived in the US, even when scrutiny over Huawei, ZTE and most recently TikTok, all technology companies registered in China, increased. “I’m so proud of how Silicon Valley is about embracing diversity and people from different backgrounds,” he said.

Eric Yuan – Matt Winkelmeyer  

Ironically, his favourite book, The Speed of Trust, has informed his leadership at Zoom: “You need to work to establish that trust.”

Yet the company is acutely aware of how its links to China might come back to bite it. After several blogs in which Zoom thanked cyber researchers who poked holes in its products, it is now aggressively responding to any claims that it has become a tool for espionage.

In February, Zoom warned investors that its more than 700 research and development workers in China may expose the company to market scrutiny regarding “the integrity of our solution or data security features”.

Zoom has 2,532 employees, including 1,396 in the US. Its operations in China, where intellectual property is loosely governed, might affect its future, it said.

Perhaps most concerning was the risk of “foreign government interference” with the software developed by its Chinese staff. The $41bn (£33bn) business finds itself in good company. Microsoft and Apple also have a workforce living in China on on their books, yet have escaped similar scrutiny.

Circling like hawks, it is competitors that might leverage any confusion over Zoom’s origins. “I think a competitor may have been the source of some of these stories. You see this a lot in technology; rivals leak stuff to hurt them,” says Jim Lewis, a senior vice-president at the Centre for Strategic and International Studies, a Washington DC think-tank.

Lewis dismisses the charges as “silly”, particularly the idea that employees in China will be deliberately designing vulnerable software at the behest of the Chinese government. “People who think that if they don’t use Zoom it will keep them more secure are deluded,” he says.

Now that it has become the place to be for weddings, living room raves and Boris Johnson’s Cabinet Office briefings, Zoom has been opened up to more media and regulatory scrutiny. Comparably, a security vulnerability discovered on Microsoft Teams, which hosts 200 million daily participants, was revealed last week to little fanfare.

Boris Johnson leading the government and taking Cabinet meetings via a Zoom video call  – UNPIXS (Europe)  

“Eric should be prepared for the potential of government hearings about decisions he has made as the chief executive of Zoom that I think legitimately provoke public policy questions,” says Klon Kitchen, head of technology policy at conservative think-tank Heritage Foundation.

“Without a doubt, its competitors will say to customers, ‘why even risk it? We don’t have any kind of a presence in China so go with us’,” Kitchen says.

“Companies are always going to say ‘our product is safer than the other guys’, and as broader concerns about China and its use of the private sector for spying grow, then the arguments are going to be increasingly effective.”

“While the rumours and false information about China have been disheartening and in many cases offensive, our focus is on supporting businesses, schools and others through this global health crisis,” a Zoom spokesman said.

Technology intelligence – newsletter promo – EOA

As Zoom’s usage soared, a leaked internal email from Google stated that employees were banned from using it for unspecified security reasons, prompting the question of why staff were not using Google’s version in the first place.

Jamil Jaffer, founder of George Mason University’s National Security Institute and vice-president of IronNet Cybersecurity, describes the negative Chinese connotations as “nativism”.

“Many start-ups are started by American citizens from another country,” he says.

Suggestions that Yuan, because of his Chinese roots, may be an embedded sleeper like those used by the Russians represent “xenophobia until there is evidence”, Jaffer says.

At the same time, Jaffer did highlight the concerns with Zoom relating to its use of homegrown encryption and routing of traffic through China, saying these issues did “raise legitimate concerns that need to be addressed.”

For now, the more pertinent problem lies in China, not with Zoom, he adds. “There is a legitimate concern that China sees the coronavirus as an opportunity to make inroads in policy using both overt and covert messaging to show how an authoritarian government works well,” Jaffer says.

“It needs to be called out for the very real concern that it is.”

Source Article