A China-based former employee of Zoom undermined the security of users and told lies to prevent them using the video conferencing platform to discuss the anniversary of the Tiananmen Square Massacre, according to the US Department of Justice (DoJ). Xinjiang Jin, also known as Julien Jin, worked in Zhejiang Province as a security technical leader and was responsible for liaising with Chinese law enforcement. An FBI affidavit says Jin disrupted a series of meetings in May and June 2020 that were going to commemorate the 4th June 1989 Tiananmen Square massacre in the People’s Republic of China (PRC).
Seth DuCharme, Acting United States Attorney for the Eastern District of New York, stated:
The allegations in the complaint lay bare the Faustian bargain that the PRC government demands of US technology companies doing business within the PRC’s borders, and the insider threat that those companies face from their own employees in the PRC. As alleged, Jin worked closely with the PRC government and members of PRC intelligence services to help the PRC government silence the political and religious speech of users of the platform of a US technology company. Jin willingly committed crimes, and sought to mislead others at the company, to help PRC authorities censor and punish US users’ core political speech merely for exercising their rights to free expression.
The prosecutors also thanked the comms provider for assisting with their investigation, without naming the business in their indictment or any of their announcements. However, Zoom identified themselves as the comms provider involved in this scandal through a blog post on their corporate website. This stated that Jin’s appointment was motivated by the Chinese authorities interrupting their service in 2019.
As we worked to resolve the shutdown, China requested that Zoom confirm it would comply with Chinese law, including designating an in-house contact for law enforcement requests and transferring China-based user data housed in the United States to a data center in China. With the goal of restoring our service, Zoom personnel, including our CEO, met in China with government authorities in October 2019. We outlined steps we could take to address the Chinese government’s reasons for shutting down our service. This is the “rectification plan” that the DOJ cited in its complaint. The plan included measures to comply with real ID and data localization requirements applicable in China, in a manner that is capable of audit and verification, as well as establishing a legal entity in China to meet China’s local legal and regulatory requirements. The plan also references measures that we did not carry out, such as working with a local Chinese partner to develop technology that would analyze the content of meetings hosted in China to identify and report illegal activity and shut down meetings that violate Chinese law. The plan also contains information about actions Zoom previously took to adhere to Chinese law, including shutting down certain types of political, religious, and sexually explicit meetings. The goal of the rectification plan was to get our service restored, and the Chinese government ultimately unblocked Zoom on November 17, 2019.
In October 2019, Zoom appointed the now-former employee to serve as the government contact in China. This former employee’s job included responding to the Chinese government’s requests for account terminations, meeting terminations, and user data. While the DOJ did not share with us its factual allegations in advance of the public release of the complaint, we learned during the course of our investigation that this former employee violated Zoom’s policies by, among other things, attempting to circumvent certain internal access controls. We have terminated this individual’s employment. We have also placed other employees on administrative leave pending the completion of our investigation.
Jin is accused of terminating at least four Zoom meetings commemorating the thirty-first anniversary of the Tiananmen Square Massacre, most of which were organized and attended by participants in the USA, such as dissidents who had survived the 1989 protests. To accomplish the task Jin infiltrated meetings to gather evidence about purported misconduct but then fabricated evidence that Zoom’s terms had violated. His lies were passed to a Zoom employee in the US to effect the termination of meetings and the suspension and cancellation of user accounts.
Some of the faked evidence included bogus email and Zoom accounts in the names of others, including PRC political dissidents, that implied his targets were supporters of terrorism or distributors of child pornography. If Jin is convicted he could be sentenced to up to 10 years in prison. However, it is unlikely he will be arrested whilst he remains in China.
Zoom has previously defended their actions in trying to comply with Chinese law, though they have also admitted mistakes were made. In particular, they promised to develop the capacity to selectively manage users depending on their country. This would allow them to follow Chinese law within China without allowing it to conflict with the legal rights of users elsewhere.