In late October 2019, Zoom CEO Eric Yuan traveled to China on a high-stakes mission. A month earlier, Chinese authorities blocked the videoconferencing platform, saying it hadn’t done enough to suppress anti-government speech. It was a massive crisis for Yuan. With both clients and large portions of his development team there, he desperately needed to get Zoom up and running again in China.
To make that happen, Zoom rolled over for Chinese officials and promised to comply with Beijing’s demands to suppress speech on the platform, according to court documents. A proposed “rectification plan” pledged to monitor user communications for political views the Chinese Communist Party deemed unacceptable, any talk of the Tiananmen Square massacre, commentary about political unrest in Hong Kong and rumors disparaging Chinese political leaders.
Ten weeks after it was banned, Zoom’s service returned to China. An updated criminal complaint unsealed last month detailed the company’s efforts to comply with Beijing’s censorship demands. That complaint updates charges U.S. prosecutors first brought in 2020 against a Zoom employee named Julian Jin and names several Chinese government officials as his co-conspirators.
U.S. prosecutors allege Jin cooperated with these government officials to use the platform to harass dissidents based in the United States and suppress their speech. While Jin and his co-conspirators concealed large parts of their plot from Zoom’s senior leadership, the updated complaint reveals that at key points, Jin informed executives about his work to suppress speech. The complaint suggests that company executives were aware of Jin’s work to a degree previously not known.
At a time when government officials in Washington are trying to address the risks posed by Chinese companies operating in the United States — TikTok being the most prominent example — and write more stringent rules governing the relationships between American and Chinese businesses, Zoom’s experience in China illustrates the compromises required of firms doing business there to ensure that they don’t fall afoul of censorship demands.
“Companies operating in China must understand that they do so only by the grace of the Chinese Communist Party, and the party will exploit and abuse their products, employees and access,” said Rep. Mike Gallagher, R-Wis.,who leads the House of Representatives’ select committee on China.
“Zoom’s failure to appreciate this risk allowed the CCP to exploit the company’s reach to silence Americans on American soil who wanted to commemorate the Party’s victims,” Gallagher said. “American businesses need to take off their golden blindfolds and become clear-eyed about the moral, legal, and financial risks of dealing with the Chinese Communist Party.”
Bringing tech companies to heel
American tech companies operating in China have made peace with the realities of doing business there. Apple stores Chinese user data on servers located inside the country — as does Tesla. Microsoft’s Bing search engine complies with Chinese censorship laws. Amazon provided cloud technology to local companies in order to maintain its presence in China. And while many large U.S. companies are reassessing their relationship with China amid heightened tensions between Washington and Beijing, they are constrained by a basic reality: At a time of slowing growth, their companies need the Chinese market.
A trio of Chinese laws passed in recent years — the Cybersecurity Law, the Personal Information Protection Law and the Data Security Law — have granted the Chinese government expansive power over how data is stored, where it can flow and when it can be accessed. The calculation for U.S. firms is a simple one. “You’re either complying with Chinese government law or you’re not operating in China,” said Dakota Cary, a China-focused consultant at the Krebs Stamos Group, an advisory firm.
While Zoom is an American company, its links to China, where it maintains a sizable development team, has raised concerns about whether it can maintain independence vis-a-vis the Chinese state — concerns that echo those associated with TikTok.
“The price the party-state exacts for market access is compliance with their repressive approach to politics, and the more your business depends on China, the more leverage they have to make you comply,” said Matthew Schrader, the China adviser at the International Republican Institute. “The DOJ charging documents show an excellent example of the kind of pressure foreign companies face every day in China, and democratic governments everywhere need to do a better job ensuring that pressure can’t succeed.”
When Yuan, Zoom’s CEO, arrived in Beijing in October of 2019 with the goal of restoring access to the platform in China, he attended a series of meetings that demonstrate how Chinese authorities exercise power over foreign technology companies.
One of these meetings, where Yuan was accompanied by Jin, the man at the center of the scheme to suppress speech, was Tian Xinning of the Ministry of Public Security’s Network Security Bureau. The MPS plays a major role in China’s domestic security and has contributed to Chinese law enforcement’s embrace of large scale data collection in its public security mission. Its Network Security Bureau enforces restrictions on online speech, and just last month the bureau announced that it would carry out a 100-day sprint to combat online rumor mongering.
Little is known about Tian beyond that he is an officer with the MPS’s Network Security Bureau stationed in Beijing. Last month’s updated indictment charges him with one count of conspiracy to commit interstate harassment, yet the DOJ lists his age as “unknown.” Tian appears to be an expert in facial-recognition technology — he is thanked for his contributions to a Chinese think tank publication describing how to ensure compliance in the processing of facial-recognition data.
Yuan has described Zoom’s presence in China as a matter of course for a large technology company, but critics say his decision to meet with an official at the heart of the Chinese surveillance state raises red flags.
“The CEO of Zoom has always distanced himself from the Chinese government and has professed to be completely independent and autonomous of the Chinese government. Here in the indictment we see him allegedly attending a meeting hosted by the Ministry of Public Security,” said Jacob Helberg, a commissioner of the U.S.-China Economic and Security Review Commission.
At their meetings in October, Chinese government officials instructed Yuan and Jin about the steps Zoom needed to take in order to be unblocked in China, according to the complaint. The company drafted a “rectification report” that would be submitted to Chinese authorities detailing the types of content deemed illicit by the CCP and that the company would monitor for. The plan designated Jin as the MPS’s contact person within Zoom to address takedown requests.
On Oct. 25, 2019, Jin wrote to Yuan and a group of other Zoom employees to update them on his work with the MPS to bring the company into compliance with Chinese law, according to the DOJ complaint. Following a meeting he attended at the MPS office in Hangzhou, Jin wrote that the MPS wants “a list of some details on our routine monitoring; such as Hong Kong protests, illegal religions, fundraising, and multi-level marketing.” Jin added that “they will help with the determination of issues that we find difficult to determine whether they are illegal” and that he planned to visit the unit “often” to “give live demonstrations.”
After Chinese authorities lifted the block on Zoom on Nov. 17, Jin wrote to Tian to thank him and the MPS Network Security Bureau for their guidance in resolving access to the service in China, according to emails cited in the complaint. The key to maintaining the availability of Zoom in China going forward, Tian told Jin, was to rigorously enforce know-your-customer rules. Jin said the company planned to strictly follow the rectification report.
A spokesperson for Zoom declined to answer a list of detailed questions about the degree to which Zoom executives were aware of Jin’s actions and the content of communications between Yuan and Jin. The spokesperson said in a statement that Zoom has fully cooperated with U.S. investigators and that it supports the “U.S. Government’s commitment to protecting American companies and citizens from foreign coercion or influence.”
When the charges against Jin were first announced in 2020, Zoom said in a statement that aspects of the “rectification plan” cited in the DOJ charging documents were not carried out, “such as working with a local Chinese partner to develop technology that would analyze the content of meetings hosted in China to identify and report illegal activity and shut down meetings that violate Chinese law.”
Shutting down Tiananmen vigils
Had Zoom’s efforts to suppress speech on the platform remained constrained to its Chinese users, it would have remained largely in line with how U.S. tech companies operating in China moderate content. But after access to Zoom was restored in China, Jin and his co-conspirators embarked on an aggressive campaign to snuff out dissent on the platform much of which senior company executives were unaware, according to the Justice Department’s account of their efforts.
That campaign coincided with Zoom’s astronomic growth. When Yuan traveled to China in 2019, the San Jose-based company was a very different organization. It went public in April of that year but had not yet been transformed by the pandemic’s turn to remote work. At the end of 2019, Zoom had 10 million daily meeting participants. By April 2020 — when the world went into lockdown — the platform had 300 million daily meeting participants, according to a profile of the company published by Sequoia Capital, one of its investors.
The company’s skyrocketing success was a dream come true for Yuan. Born in China, he was inspired to create video conferencing software after being forced to commute 10 hours to see his then-girlfriendas an 18-year-old. “I thought it would be fantastic if in the future there was a device where I could just click a button and see her and talk to her,” he told Forbes in 2017.
The service he built did just that, but with popularity came scrutiny. In the spring of 2020, a series of articles raised questions about the technical infrastructure of Zoom’s products and whether the company was living up to its security promises. In late March — as the full implications of the pandemic were coming into view — investigative journalists at the Intercept revealed that Zoom’s claims to offer end-to-end encryption were not quite true. The following month, the company was forced to admit that some calls on the platform were being inappropriately routed through China.
This caused a major headache for the Chinese operatives trying to suppress speech on the platform. In response to these articles, Zoom restricted access to U.S. user data by employees based in China, according to the DOJ complaint, and this made it far more difficult for Chinese operatives to ascertain information about meetings involving Chinese dissidents based in the United States.
In theory, these rules should have prevented Jin and his co-conspirators from harassing U.S.-based Chinese dissidents on the platform, but this depended on Zoom employees effectively enforcing them. On at least three occasions, the DOJ complaint alleges, Zoom employees handed over data stored on U.S. servers to Jin that he did not have access to — simply because he asked for it.
As the anniversary of Tiananmen approached, Jin and his fellow operatives stepped up their efforts, according to the DOJ. On May 19, 2020, Jin wrote to a group of Zoom executives, including Yuan, the CEO, that the upcoming anniversary required extra vigilance: “June 4th is coming, which is a sensitive date for China Cybersecurity. They’re very strict on this period.”
In the run-up to the anniversary, Chinese tactics to suppress speech on Zoom grew even more aggressive, according to the DOJ complaint. After one U.S.-based dissident hosted several practice meetings on Zoom, police in China showed up at the residence of potential participants in China and took away their electronics or threatened them with jail time. The father of another dissident carrying out meetings on Zoom was harassed so frequently by police that he asked his child whether they wanted him dead.
On June 3 and 4, Chinese dissidents based in the United States planned to gather on Zoom to commemorate the signal anniversary for the Chinese democracy movement — meetings that Jin and his handlers were monitoring.
As the attendees of the meetings signed on, the MPS officials charged alongside Jin were monitoring events and using email accounts created for this purpose sent bogus claims to Zoom’s hotline for online abuse. These emails claimed that the meetings devoted to the Tiananmen anniversary featured flags of the Islamic State, images of violence and child pornography — causing them to be shut down.
Watch what you say
Chinese dissidents challenging the state have long known that they face a threat of surveillance, and the lack of clarity regarding the relationship of firms such as Zoom and TikTok with the Chinese government means that the choice of platform ends up shaping political speech for critics of the regime. “They have to be a bit careful when they say anything on these platforms,” said Maya Wang, the associate director in the Asia division at Human Rights Watch.
While she generally tries to avoid using Zoom for China-related meetings, Wang said, the platform’s convenience and the lack of viable alternatives means it is once more hosting meetings of potential interest to the Chinese government.
But evaluating the risks posed by platforms is all but impossible due to a lack of transparency requirements for companies, she argues. “The problem in the U.S. is that there are so few rules with regard to transparency that everyone’s rights are really quite at risk,” Wang says. Platforms face no real standards when it comes to freedom of expression, and that creates a space for speech to be silenced.
The coercion of individuals in China to suppress the speech rights of individuals outside China raises troubling implications for technology companies trying to operate in China, argues Helberg from the U.S.-China Economic and Security Review Commission. At a time when U.S. policymakers are considering how to address the security concerns raised by TikTok, the events described in the updated indictment provide “an extraordinary justification for why the United States should take action against Chinese software in the United States,” he said.
The Chinese government makes no distinction between Chinese people living in China and members of the diaspora, and in using its access to Zoom employees in China, the government was able to enforce its speech laws far beyond its borders. Zoom is a high-profile example of how one platform can be leveraged by the Chinese state to carry out censorship abroad, but there may be other, less prominent platforms that are also at risk.
“Are there other instances of tech companies operating in China that are facilitating access to users’ data overseas?” Cary, the Krebs Stamos consultant, wonders. That’s a question with no clear answer.
More than three years after their access to their platform was blocked in China, kicking off the scheme to suppress speech on the platform, Zoom executives concede that the company’s presence in China remains a risk.
In a section of its annual report filed with the Securities and Exchange Commission that describes risks to its business, the company observes that “the Chinese government has at times turned off our service in China without warning and requested that we take certain steps prior to restoring our service, such as designating an in-house contact for law enforcement requests and transferring China-based user data housed in the United States to a data center in China.”
The post Zoom executives knew about key elements of plan to censor Chinese activists appeared first on CyberScoop.