A Zoom executive worked with Chinese authorities to provide data on users located outside of China and ensure the U.S. video-call giant retained market access in the country, according to recently unsealed court documents filed by U.S. federal prosecutors.
The documents detailed internal communications between Zoom employees, which showed that Chinese security authorities made numerous requests to the company for data on users and meetings that discussed political and religious topics Beijing deemed unacceptable. Zoom complied with most of these requests, at times involving users outside of China.
The revelations highlight how users outside of China’s shores are increasingly being caught in the crosshairs as the Chinese Communist Party (CCP) steps up its demands on companies like Zoom to surveil and censor users both at home and abroad. Zoom is a San Jose-based company, whose software is developed in China.
The claims arose in a prosecution announced on Dec. 18 against Jin Xinjiang, also known as Julien, a China-based Zoom executive. Jin was charged over his role in disrupting a series of meetings this year commemorating the 31st anniversary of the Tiananmen Square Massacre—an event deemed taboo by the Chinese Communist Party (CCP).
Jin worked as Zoom’s main liaison with Chinese law enforcement and intelligence officials. Prosecutors allege Jin was directed by the CCP to shut down at least four Zoom meetings about the Tiananmen Square Massacre, most of which were hosted by Chinese dissidents based in the United States.
At the time, the company attracted widespread criticism after it suspended the accounts of a group of U.S.- and Hong Kong-based Chinese activists who hosted meetings commemorating the anniversary. The company said at the time that it took action because participating in such events was considered “illegal in China.”
In an updated statement issued on Dec. 18 after the federal case was made public, Zoom said it “fell short” by taking actions against users outside of mainland China, including suspending the accounts and shutting down meetings. It added that it would no longer allow requests from the Chinese regime to affect anyone outside the mainland.
Jin also took part in a scheme to infiltrate several meetings in May and June hosted by U.S.-based Chinese activists to remember the Massacre, according to prosecutors. He and co-conspirators allegedly fabricated evidence, to make it appear as if the meetings or participants engaged in conduct that breached Zoom’s terms of service, such as by inciting violence, supporting terrorist organizations, or distributing child pornography. They then used this concocted evidence to convince U.S.-based Zoom executives to cancel the meetings and suspend the accounts of the U.S. activists, prosecutors alleged.
Jin’s case did not appear isolated. The court complaint details a series of other incidents from June 2019, when the company complied with data or censorship requests from Chinese authorities—notably in relation to accounts outside of China. A constant theme underlying these requests was that Zoom would be shut out of the Chinese market if they did not cooperate.
Zoom, in another statement on Friday, said the company has cooperated with federal investigators and has launched an internal investigation. The company said that Jin shared a “limited amount of individual user data with Chinese authorities,” as well as data on less than 10 users based outside of China. Jin was fired, the company said, while other employees have been placed on administrative leave pending the internal investigation.
Working With the Party
Jin, 39, held the position of “security technical leader” at Zoom’s offices in eastern China’s Zhejiang Province. He led the company’s efforts to comply with the CCP’s censorship directives, prosecutors said.
The regime requires all communications companies operating in China to monitor and censor speech deemed unacceptable to the CCP, including on topics critical of the regime and about religious groups persecuted by the Party. It also requires foreign companies to store data for Chinese users on servers located inside China. A company that fails to comply will risk being blocked from the Chinese market.
As Zoom’s main liaison with Chinese authorities, Jin received directives from several bodies within China’s censorship and security apparatus, including the Cyberspace Administration of China (CAC), the regime’s internet regulator; the Ministry of State Security (MSS), China’s top intelligence agency; and Ministry of Public Security (MPS), the regime’s law enforcement body, according to the court complaint.
Jin was responsible for proactively monitoring meetings on Zoom for discussions deemed “illegal” by the regime. For instance, in August 2019, Jin singled out a Christian group hosting meetings on Zoom’s U.S. servers, an FBI agent said in the complaint. Jin told a U.S.-based colleague that the group was a “Chinese cult” and its account should be blocked due to its discussion of Christian content. In response, the colleague directed Jin to put the account on “quarantine” status, an action that limits its features, in the hopes that this would force the user to drop the platform.
In early September 2019, the Chinese regime blocked Zoom from operating in the country. To resume operations, Zoom was required to submit “rectification” plans to Chinese authorities, the complaint said. In the plan, Zoom agreed to proactively monitor communications for discussion of topics, including political views, deemed unacceptable to the CCP, migrate the storage of around 1 million China-based users’ data to China from the United States, and provide Chinese security authorities special access to Zoom’s systems, according to the FBI agent.
Zoom’s China service was eventually reinstated in November 2019.
Growing CCP Controls
After Zoom’s popularity exploded amid the COVID-19 pandemic, Chinese authorities imposed tighter controls on the company, the complaint said. They demanded Zoom develop the capability to shut down “illegal” meetings or accounts within one minute of receiving a direction from authorities—known as the “one minute processing requirement.”
This requirement extended to discussions by overseas users. In an April 29 exchange with the U.S. colleague mentioned in the complaint, Jin explained that the “requirement is that [the Zoom employee] must have the authority to directly handle it, and it must be handled within one minute…otherwise will be [rated] as security non-compliant.”
Censorship and other demands by Chinese security agencies were also to be kept secret, Jin explained to his U.S. colleague, according to the court paper. In the April exchange, Jin referred to a previous conversation with Zoom’s chief operation officer, general counsel, and head of compliance. The three execs said that they were obliged to report the Chinese processing requirement with Zoom’s U.S.-based compliance team. Jin told the U.S. colleague that “this did not comply with the principle of confidential processing required by” Chinese agencies.
While Jin did not have access to data on Zoom’s U.S. servers, the FBI agent said that the U.S.-based colleague endeavored to allow Jin access to such data for compliance with the Chinese regime’s instructions. In one discussion in April, the U.S. employee suggested that another U.S.-based worker could provide Jin access to a “remote” machine in the United States hooked up to the U.S. servers and systems. Jin replied that the matter needed to be handled confidentially outside of usual company procedures, and that he wouldn’t be able to document his actions in a report.
In the lead-up to the Tiananmen anniversary on June 4, Jin warned the U.S. colleague that Chinese security agencies were dialing up scrutiny of the platform. On May 19, Jin told the colleague that “Internet Police” were tracking all “cn [Chinese] users” on Zoom’s U.S.-based servers, according to the complaint.
In the same exchange, Jin said that the MSS and MPS have been coming to the company more frequently, and that the MSS has asked Zoom to sign a non-disclosure agreement to keep requests secret. They also discussed banning mainland Chinese users from registering free accounts on the platform, to which the U.S. employee replied that they would release a “web package to fix” the issue the next day.
Jin replied: “From net security’s [MPS] perspective, as long as it is a CN user, we need to handle it no matter where it is; if we don’t handle it, they will initiate gfw or other methods to ban it,” referring to an acronym meaning Great Firewall, the Chinese regime’s internet censorship apparatus.
The exchange showed Chinese authorities’ pressure behind Zoom’s move to suspend free user registrations in China in May. It later shifted to a “partner-only” model in China, canceling direct sales to all customers in the mainland.
Handing Over Overseas Users’ Data
In May, Jin on several occasions got his American counterparts to provide data of users located outside of mainland China, including the United States, and close their accounts to comply with Chinese censorship demands, the complaint showed.
For instance, on June 1, Jin relayed to his U.S. colleagues a request from the MSS to provide user information on “Chinese” participants to a meeting hosted a day earlier by a U.S.-based Chinese dissident marking the Tiananmen anniversary, according to the complaint. In response, U.S.-based employees provided Jin with the U.S. account holder’s details, including their name and email address. They also shut down the account, and provided Jin with the names and IP addresses of all participants of the May 31 meeting, including those in the United States.
In another case, Jin asked U.S.-based employees to provide data of “Xinjiang users” as requested by MPS, including for “global” accounts not hosted on Chinese servers. The northwestern region of Xinjiang is where the CCP has launched a mass detention and surveillance program against the local Muslim population. In response, a U.S. employee sent over a spreadsheet of about 23,000 accounts, with account IDs and user IDs.
Zoom’s statement said that this data was anonymized and it did not have “reason to believe that it was shared with the Chinese government.”
Holding Companies Accountable
Zhou Fengsuo, founder of U.S.-based advocacy group Humanitarian China, hosted the May 31 event described above, which had some 4,000 participants tune in around the world. He recalled that many scheduled speakers from China sent pre-recorded messages that day due to pressure from authorities. Many were detained nonetheless.
The prosecution is “the first step toward upholding justice” and should serve as a warning to other companies that sacrifice values for profit, he said in an interview with The Epoch Times.
That Jin allegedly acted under the directive of Chinese intelligence officials was also telling, he added. When U.S. companies go to China, “it’s no longer a kind of business cooperation, but a direct collaboration with the regime,” he said. “They become a part of the regime’s machinery in suppressing pro-democracy activists and encroaching on human rights.”
Companies such as Zoom wield formidable economic sway in U.S. industries, making it even more crucial to step up scrutiny and hold them accountable over such complicity with Beijing, he said.
“Any company—doesn’t matter if you are based in the United States or China—you have to submit to the will of the regime,” Zhuo said.
John C. Demers, assistant attorney general for national security, in a statement, echoed this point, saying that “no company with significant business interests in China is immune from the coercive power of the Chinese Communist Party.”
The CCP’s efforts to stifle free speech of Chinese people around the world may result in company executives “being coopted to further repressive activity at odds with the values that have allowed that company to flourish here,” Demers said.
Zoom earlier this year courted controversy after researchers found that it had routed encryption keys for U.S. calls through servers in Beijing. The company later admitted that it had “mistakenly” added Chinese servers for the app as calls surged during the pandemic.
The Trump administration this summer ordered the wildly popular short video app TikTok to find American buyers, following concerns that its Beijing-based parent company Bytedance would share user data with Chinese authorities. The company is currently negotiating a deal with Walmart and Oracle to shift its U.S. data into a new entity.
In another example highlighting challenges facing American companies operating in China, the former chief trust officer of Airbnb abruptly resigned last year over concerns about how much data the rental platform was sharing with China, Wall Street Journal recently reported.
Sean Joyce, a former deputy director with the FBI hired by the company in May 2019, became alarmed that the company was not transparent about how much data Airbrb shared with the CCP, including Americans traveling to China. In a conversation with the company’s top leaders outlining his concerns, co-founder Nathan Blecharczyk told Joyce that “we’re not here to promote American values,” the outlet reported.
William Evanina, director of the National Counterintelligence and Security Center, at a panel discussion earlier this month, said that Americans should be more aware of this issue.
“When we sign up for these companies … these apps, are we okay with our data going over to a communist country for utilization by the intelligence services?” Evanina said.
Eva Fu contributed to this report.