There is a lot of information about whether or not Zoom is safe to use. EMDC.online is not "locked into" using Zoom. A presenter doing a workshop or a webinar can choose to use different platforms based on their comfort level.  But for the "Interactive Experience" classes that are using breakout rooms, Zoom is one of the main platforms that offers that feature in an easily usable way. We have looked at other options, but nothing seems to fit quite as well as Zoom right now.  


That said, we did look to get some answers to a set of common questions. The following was provided by a security expert for a large organization. So for now at least, these are our guidelines. If you don't feel comfortable logging on via Zoom, you may need to wait until the session is over and view the recording.


Questions Asked by Users


  1. In a report today,  Zoom US has admitted it suspended the accounts of human rights activists at the behest of the Chinese government and suggested it will block any further meetings that Beijing complains are illegal. https://www.theguardian.com/world/2020/jun/12/zoom-admits-cutting-off-activists-accounts-in-obedience-to-china
  4. Zoom does not implement true end-to-end encryption, they have the theoretical ability to decrypt and monitor Zoom calls. https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
  5. “Any organization or citizen,” reads Article 7 of China’s National Intelligence Law, “shall support, assist with, and collaborate with the state intelligence work in accordance with the law, and keep the secrets of the national intelligence work known to the public.” This includes most of their engineering team. CEO of Zoom is a former Chinese citizen and has seemingly complied with this obligation. His family members still live in China. And their app is developed in China. (see Citizen Lab link in #4) In China, there is not a separation of public and private company obligations like in the US.
  6. The US Military, the US and other governments, Tesla/SpaceX many others have banned Zoom. https://mobile.reuters.com/article/amp/idUSKBN21J71H https://www.techrepublic.com/article/who-has-banned-zoom-google-nasa-and-more/
  7. Some Zoom calls made by U.S. and Canada users were routed through these key management systems in China despite having no China-based participants. https://www.foxbusiness.com/technology/zoom-china-ties-security


Reply from Security Expert:


Thanks for your questions about Zoom. Along with Zoom's meteoric rise from niche corporate app to essential for many businesses, schools and so forth, came increased scrutiny. That increased scrutiny has found the errors which they have corrected and provides us greater security. As Zoom increased their infrastructure by 100x in just a few days/weeks, Zoom grew sloppily and again the increased scrutiny found the errors of their ways quickly and have been resolved. Here are my thoughts along the numbers you listed below:

These concerns with the exception of number 1 have all been addressed numerous times as we keep a close eye on what is going on. Some of this email response is extracted from the comments we have published on internal documents about Zoom as well.

  1. Zoom Suspending Accounts - Zoom screwed up pretty bad on this one. Blocking attendees from China would have been fine, but suspending the accounts of non-Chinese based people was wrong. Again the scrutiny prevailed on this one and they have rectified it. - Again this is a lower risk problem. We never anticipated closing accounts in the USA - blocking services we did anticipate.
  2. Engineering team based in China - This is the one thing that does bring some level of concern for us however the many of the other big companies do as well. Zoom has around 700 in China. Back in 2010, Cisco touted having over 2200 engineers based in China working on their products. So this is not exactly a unique to Zoom issue.
  3. Imprisoned members of a church in China that used Zoom - Nothing is evidenced that they were compromised by a security issue/leak in the Zoom software. The same could have happened with any software they may have used. In fact one of the articles you sent, pointed out several other services they were using that got people in trouble with that government. Also any one computer used in the Zoom call could have had malicious software on it that was monitoring the screen, which would bypass any end to end encryption of any conference software.
  4. Zoom doesn't do end to end encryption - For the most part neither does anyone else for meetings over 8 people (Whatsapp just increased from 4 to 8 allowed in a conference call but again is supposedly blocked in China among other places) . All do encryption between the client and a server, thus allowing a theoretical compromise to be placed on the server. Cisco Webex does offer an end to end encryption option that must be set up on a per user basis ahead of the conference call which we have just had 1 person experiment with in the past month. We do know that Cisco Webex with end to end does disable a large number of features including the use of any conference room based equipment, phone calls in for audio, and cloud based recording of the meeting. Again, monitoring the screen gets around end to end encryption so even that shouldn't be trusted in all places.
  5. China laws - Cisco, Amazon and Microsoft also employ data centers and engineers in China as well. Google closed their office and data center there in the past but do not know their current status. We strive to keep any traffic from going through any of those datacenters. For example inside our Zoom settings on our contract, we have stated that we do not allow the use of their China data center.
  6. Gov use of Zoom: The US government has a separate Zoom infrastructure dedicated to themselves. That system has never been questioned and is still very actively in use. A number mentioned by you banned because of Zoom bombing which has largely been dealt with already. We made changes to our corporate account to stop it as well as have published steps to prevent it on Workplace.
  7. Key servers in China - Yes that happened and was dealt with. As I said above, the increased scrutiny made it safer for all of us. Additionally Zoom has stated their intentions of allowing corporate contracts like ours the ability to install our own Zoom Key servers which in theory should keep the data private all around.


Other Things to Note:

  • The Breakout rooms - These are such in line with what we as an organization all are used to- ie turn in small groups and pray! This feature alone is one reason we use Zoom over others. No other software offers this on their normal meetings
  • Zoom has much better video quality on low bandwidth connections - especially when compared to Google Meet - vital for meeting with people in developing world
  • Again the increased scrutiny has provided us a better product - Note we are continually watching and monitoring if our decision needs to change
  • Not all use Zoom. Zoom is just one that we use along with others. ie Google Meet is highly used across the board.
  • We have policies in place for secure areas and their Zoom use
  • One concern, no matter which product we use, is working with students that were attending in the USA but have gone back to their home countries. That is a delicate one for which we are not certain Zoom is a good option and have recommended looking at some other options. Primarily this is in line with your number 1 concern above. Though we hadn't feared our accounts being suspended but of the service being blocked. That could still happen as well as it could happen with any product. 

Please note that the above stated perspective is a guideline that EMDC uses. It is not to be interpreted as an official policy of EMDC or any of our sponsoring organizations.  This is not a legal position.