At the start of this month, Zoom announced that it would be halting any new feature rollouts for the next 90 days to address the myriad security and privacy concerns currently facing the multi-billion dollar company. Evidently though, that feature freeze has been cut short: According to a blog post put out by the company this week, paying Zoom customers will soon be able to decide which data centres their calls will be routed through starting this weekend, April 18.
Zoom said the feature will give its customers “more control over their data and their interaction with our global network,” which includes data centres in the U.S., Canada, and Europe, along with India, Australia, and China, among a few others.
It’s a small tweak with massive implications for national security. Earlier this month, a report from the Citizen Lab at the University of Toronto found that the keys Zoom uses to encrypt its calls were generated by servers in China, regardless of whether the meeting’s participants were based in the country. By using these Chinese servers, the researchers argued, Zoom could, theoretically, be legally strong-armed into forking over these encryption keys to Chinese authorities, based on the country’s cybersecurity mandates.
It’s an icky idea for sure, though most folks aren’t paying too much attention how their calls are relayed between Zoom’s servers. That said, some of the platform’s paying customer base—which includes multiple federal agencies and contractors here in America, along with other government branches abroad—have a lot to lose by having their calls intercepted by a foreign superpower. Last week, Taiwan announced a parliamentary order halting any federal organisations from using the software. The day after, German officials announced similar measures, followed by the U.S. Senate doing the same.
Though other U.S. federal agencies have voiced concerns, there are still seven agencies using the service, according to federal data, with the U.S. Centres for Disease Control and the Department of Homeland Security listed as current Zoom customers. In 2020 alone, these agencies and others racked up more than $US215,000 ($333,866) to pay for their Zoom subscriptions, with individual agencies paying upwards of $US22,000 ($34,163) for their own access.
Though Zoom’s blog about its data-centre update is minute, wonky, and makes no mention to its connection to U.S. national security, it’s hard to ignore the discomfort that led up to the announcement. The company’s boasted about its federal authorization since acquiring it roughly a year ago, and undoubtedly there are more than a few folks who jumped on the service back in 2019 that might now be questioning that choice. Here’s hoping that it’s not too late for any of them.