Zoom, the U.S. video conferencing company, is one of the rare businesses that has flourished during the COVID-19 outbreak. Its product has become the go-to vehicle for meetings around the world as personal contact has been cut off by lockdowns and self-imposed isolation.
But as Uncle Ben gravely noted, with great power comes great responsibility and Zoom has failed some of its customers as its software has become ubiquitous. Some of those problems can be (and already have been) fixed; others, though, defy solution and highlight the tensions that companies face as they navigate the demands of various legal authorities — and remind users of the risks that they will face in an increasingly connected digital world.
Zoom founder Eric Yuan was born in China, studied mathematics and computer science at university and moved to the United States in 1997 to work for a U.S. digital conferencing firm. When his employer didn’t back his idea for a smartphone-based app, he and some friends left to found Zoom in 2011, which launched its first software two years later.
The company’s primary target was business, which pays for video-service subscriptions. Personal users can make calls of up to 40 minutes for free. Last December, the company reported 10 million daily meeting participants, but as COVID-19 infections spread and lockdowns and common sense prompted individuals to stay home, use exploded, reportedly peaking at 300 million daily users in April. It has since dropped down to “only” 200 million a day.
Each month, Zoom also calculates its annual run rate for meeting minutes. In January, that number was 100 billion; by April the annual run rate had reached 2 trillion meeting minutes — or the equivalent of nearly 4 million years.
Predictably, expansion that rapid has not been smooth. Three challenges have emerged as Zoom has zoomed into public consciousness. First, there are dark — and frankly irresponsible — speculations that Zoom is a Chinese company and the Beijing government has access to all that is said in Zoom meetings. The charge is fueled by Yuan’s personal history, even though he became a U.S. citizen in 2007 and the fact that the company has three research and development affiliates in China that employ at least 700 employees.
To suggest that his Chinese heritage is enough to make him suspect is racist, and the accusations ignore that the company is headquartered in the U.S., is listed on the Nasdaq exchange and virtually every IT company that serves the Chinese market — which Zoom does — has operations there.
Concerns about the China connection intensified after reports that Zoom conferences had been routed through servers in China even when the meetings had nothing to do with that country. The company acknowledged in its IPO filing that it had servers there but Yuan conceded that the routing problem was real: It was an accident resulting from overwhelming growth in demand for its product. That problem has since been fixed and customers can now opt out of servers in particular regions.
That routing problem was part of a second challenge that Zoom faces — charges that its security in general is substandard. Even before the COVID-19 outbreak, researchers identified vulnerabilities in the company’s software that allowed third parties to hijack users’ cameras. Efforts to make it easier for nonregular users to join meetings introduced a new word to the lexicon — zoombombing — or uninvited third parties who invaded and disrupted meetings.
And company officials admitted that their “end-to-end encryption,” available only to paid subscribers, was not that usually afforded by the term; there was a “discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.” Yuan admitted that decision was a feature, not a bug: The company did not intend to offer complete end-to-end encryption as that would prevent it from cooperating with law enforcement.
That cooperation is the third challenge. Zoom, like any multinational company, is subject to multiple legal authorities and must obey the laws of each. That responsibility generated accusations that it bowed to the Chinese government earlier this month when it suspended the accounts of individuals that Beijing considers criminals and much of the rest of the world calls pro-democracy activists. Zoom shut down the accounts when the Chinese government declared certain activities — online commemorations of the 1989 Tiananmen Square killings — illegal.
Because the company could not screen meeting participants on a country by country basis, it suspended the accounts even though one was in Hong Kong and two were in the United States. Zoom acknowledged that the decision was a mistake, said that it will no longer allow the Beijing government to impact individuals outside China and promised to develop the capability to screen participants based on geography.
That raises as many questions as it answers. How will national authorities know about such meetings in advance to demand such screening? How will Zoom be able to monitor those meetings to enforce national restrictions?
By all accounts, Zoom is genuinely wrestling with these problems with a renewed focus on security and privacy. No matter what it does, however, its popularity will create tensions as it subjects itself to multiple and sometime contradictory legal frameworks. Nevertheless, the company must do more to win back confidence. Security must be improved. It should publish a regular transparency report that explains its interactions with governments around the world.
Consumers must also be more alert to the risks as they embrace new forms of digital interaction. The use of Zoom in schools — the company has allowed elementary schools to use the platform for free during the COVID-19 crisis, and it is now in more than 90,000 schools in nearly two dozen countries — has accelerated the introduction of such software into homes (although the use of smart speaker technology should have raised alarms as well). Bill Bishop, an incisive analyst of Chinese business and politics, notes that today Zoom software is a greater security risk than Huawei, reasoning that Huawei is a future concern while Zoom is a problem now.
Privacy advocates have bluntly warned users with a heightened need for security and confidentiality — companies that worry about espionage, governments, health care providers with sensitive patient information, or activists, lawyers and journalists working on sensitive topics — that they should use other means of communication. (Several governments have already banned Zoom for use in their internal communications.) That is one more layer of anxiety in an already unnerving time.
Brad Glosserman is deputy director of and visiting professor at the Center for Rule Making Strategies at Tama University as well as senior adviser (nonresident) at Pacific Forum. He is the author of "Peak Japan: The End of Great Ambitions."