In recent years, China’s 5G giants Huawei and ZTE have come under intense scrutiny by the US and other countries claiming them to be threats to national and economic security. Huawei and ZTE are the subject of numerous criminal investigations and sanctions worldwide. A new case involving Zoom and its relationship with China’s intelligence and law enforcement agencies raises similar concerns.
Communications companies with access to personal, government, and business networks are emerging as one of the most important security issues for our times. The Covid-19 pandemic continues to act as a catalyst by increasing the use of virtual meetings and document sharing to an unprecedented level. Because of this increased use, businesses and individuals are entrusting more sensitive data to telecommunications companies.
In November 2020, the FBI released a sealed criminal complaint alleging that American telecommunications corporation Zoom Video Communications’ employees participated in China’s espionage and covert actions against US citizens. Zoom is expected to reach $2.6 billion in revenue in 2021 and has US and China based offices with significant market share of video communications, worldwide.
Article seven of China’s 2017 National Intelligence compels “Any organization and citizen” in the PRC or Chinese national abroad to “support, provide assistance, and cooperate in national intelligence work”. The law also requires organizations and individuals to maintain secrecy and not disclose their efforts on behalf of the PRC. There are similar laws in place to support China’s counter espionage efforts. These laws apply whether or not the citizen is in China.
Therefore, it should come as no surprise that the FBI now alleges that Zoom employees actively supported China in its intelligence efforts against US residents. Those efforts included Zoom working on behalf of Beijing to “censor political and religious discussions in the United States disfavored by the PRC government and the CCP”. The leader of this effort was allegedly Xinjiang Jin, (AKA Julien Jin) Zoom’s “Security Technical Leader”. Jin served as the company’s liaison to China’s premier law enforcement and intelligence services, the Ministry of Public Security (MPS) and the Ministry of State Security (MSS). Jin had been employed by Zoom since 2016 and worked in the company’s offices in Zhejiang, PRC where approximately 700 employees conduct research and development for the app.
Zoom claims it fired Mr. Jin and placed several other employees on administrative leave. It also claims it is cooperating fully with the FBI’s investigation. But these administrative actions only occurred after the FBI approached Zoom’s San Jose office with its criminal investigation. Up until that time, Zoom employees violated the privacy rights of Americans, collecting information and conducting actions on behalf of China’s global intelligence apparatus. Mr. Jin is now on the FBI’s cyber most wanted list.
Analysis of the FBI’s affidavit and Zoom’s blog post on the incident reveal the following operationally related key findings.
- At the direction of the Ministry of Public Security, (First Bureau, Counterintelligence) Jin and other Zoom employees collected information on US persons and terminated video meetings hosted on Zoom’s networks. These meetings were to commemorate the thirty-first anniversary of the Tiananmen Square massacre.
- Jin and his co-conspirators fabricated evidence of Terms of Service violations to provide justification for terminating the meetings, as well as certain participants’ accounts.
- Jin created Zoom cover accounts for five MPS officers from the Hangzhou office. Zoom also agreed to provide law enforcement and intelligence officials with “special access” to its systems.
- Zoom pledged to migrate the data storage of the accounts of approximately one million “overseas Chinese users” from the United States to the PRC, thereby subjecting these accounts to PRC law and process.
- About this same time, the University of Toronto’s Citizen Labs issued a report identifying global data going to servers in China. Zoom claimed it was a mistake and that it would not happen again.
- The MSS stated its preference not to terminate meetings of target users immediately. (* note this is likely to gain intelligence on religious and democracy advocates opposed to the Chinese Communist Party (CCP).
- Jin explained to the MPS’ Hangzhou office, Network Security Department that Zoom had discussed with “the supervision of hot illegal incidents” and committed to “proactively report and give them early warning on a regular basis.”
- MPS officials subsequently requested Zoom to provide detailed lists of daily monitoring of Hong Kong demonstrations, illegal religions, fund-raising, etc.
Understanding the Situation in Context
There are certain facts of this case that can be extracted from the publicly available data. The significance of the case, however, is most appropriately understood through analyzing contextual data surrounding the alleged criminal act.
Zoom is a multibillion dollar American company with extensive ties and companies in China. All the research and development of its app is done in China, affording no insights into capabilities and vulnerabilities – intentional or not.
Throughout early 2020, several cyber security researchers identified Zoom as having poor security and encryption, inaccurate claims about security standards, numerous vulnerabilities, and questionable practices. The company admitted to these failings and pledged to correct them.
The Covid-19 pandemic vaulted Zoom to its multibillion dollar status with thousands of government entities, companies, and individuals. The MSS APT teams conduct cyber-attacks against many of the foreign companies and governments that routinely use Zoom.
Internal emails from the Jin case quoted by the FBI indicate Zoom had rules in place to protect the identities and data of users in the US, but that company employees willfully circumvented those rules to support the MPS and MSS.
China’s National Intelligence and Counter Espionage laws compel companies (including foreign ones) operating in China (or Chinese companies operating abroad) to support the PRC’s intelligence gathering efforts. In the case of communications companies, failure to comply with the PRC censorship requirements risk being excluded from the country’s market. The MPS emphasized this policy to Zoom officials.
If the facts described in the FBI’s criminal complaint and Zoom’s own blog are correct; then Zoom employees and managers collaborated to violate US laws and actively support China’s intelligence collection efforts.
Truth, Lies, and Plausible Deniability
Zoom maintains that it was unaware of several of its employees’ actions in support of China’s intelligence and law enforcement services. They also claim that they promptly fired their Security Technical Leader and put several other employees on administrative leave when they became aware of the FBI’s investigation. These events occurred roughly the same time as Zoom was publicly exposed for sending personal data to servers in the PRC violating all its earlier promises never to do exactly that.
In espionage there exists the concept of ‘plausible deniability’. It means that collection activities and covert operations are designed from the onset so that if discovered, the orchestrating entity can deny any knowledge or involvement. Employees, like pawns on a chess board, can be sacrificed to protect more important leadership. Is this the case with Zoom? The company has proactively publicly disclosed this case and some details about their response. They did this even as the FBI was identifying them as “Company-1” in a criminal complaint. This marketing tactic is often used to influence the public narrative and minimize public criticism of the company. At the center of this case lies the questions of how much Zoom knew, who knew it, when they knew it, and what actions the company took?
A seasoned counterintelligence officer would say ‘of course Zoom actively and knowingly worked at the behest of the Chinese government as a matter of company policy. The evidence is all there’. According to the emails circulated in Zoom, the company passed the personal data of a small number of users outside China. They also agreed to pass the data of a million more ‘overseas Chinese’ and agreed to develop a plan to identify planned meetings of democracy and religious advocates to the MPS within one minute of discovery. Even if one were to believe the story that senior Zoom officials had no idea what was happening; then how trustworthy is this company when its China and US based employees repeatedly violate its own policies to work at behest of China’s intelligence services?
Similar circumstances surround Chinese 5G tech giants Huawei and ZTE. Are these companies worthy of public trust to keep personal and company data secure? Or are they beholden to the Chinese Communist Party regardless of public statements to the contrary? The stakes are high. Academic research, corporate technology, and government secrets are all at risk. National and economic security may rest in the balance.
More articles, videos, and podcasts on Chinese Intelligence Operations: https://www.shinobienterprises.com/publications