An executive at the videoconferencing company Zoom schemed with Beijing officials to leak user data and squash video meetings discussing the anniversary of the Tiananmen Square massacre earlier this year, according to federal prosecutors. The Justice Department’s case races a fresh wave of concern about Zoom’s security after the company spent the summer months muzzling Zoombombings and dragging its feet on end-to-end encryption.
In a criminal complaint unsealed in a Brooklyn federal court Friday, prosecutors said that Xinjiang Jin, who reportedly worked as Zoom’s chief liaison with Chinese law enforcement and intelligence services, shared user information and disrupted video calls at the request of the Chinese government. Jin, who is based in China, has been proactively monitoring Zoom meetings since January 2019 for mentions of political and religious topics censored by China’s ruling Communist Party, according to the complaint.
The complaint goes on to claim Jin is responsible for ending at least four meetings in May and June commemorating the 31-anniversary of the government’s infamous massacre of pro-democracy activists in Tiananmen Square. Prosecutors say that he worked with co-conspirators to fabricate incriminating evidence against the U.S.-based hosts of these memorials by logging into their meetings under fake accounts with profile images related to terrorism or child pornography, which Jin would then point to in justifying their account suspensions since Zoom’s community guidelines prohibit sensitive content and calls for violence. He’s charged with conspiracy to commit interstate harassment and unlawful conspiracy to transfer a means of identification.
The complaint only identifies Jin as an employee of a U.S. telecommunications company, but Zoom has since confirmed it was the company involved. In a statement published Friday, Zoom said it is fully cooperating with the Department of Justice and fired Jin for violating company policies. Jin shared “a limited amount of individual user data with Chinese authorities,” the company said, and at this stage in its internal investigation it does not believe he or any other Zoom employee shared data on non-China based users “with the exception of user data for fewer than ten individual users.”
In an updated statement originally posted in June, Zoom admitted it “fell short” by shutting down meetings to remain in compliance with Chinese law as opposed to cutting off access to participants in China (the company explained it “must comply with laws in the countries where we operate”). It reinstated the victims’ accounts in June and has since incorporated a geo-blocking feature.
“As the DOJ makes clear, every American company, including Zoom and our industry peers, faces challenges when doing business in China,” Zoom said on Friday. “We will continue to act aggressively to anticipate and combat ever-evolving data security challenges. We launched our end-to-end encryption feature to free and paid users worldwide. We have significantly enhanced our internal access controls. We have also ceased the sale of direct and online services in China and launched engineering hubs in the United States, India, and Singapore.”
Jin has not yet been arrested and is currently still in China, which doesn’t have an extradition treaty with the U.S., the New York Times reports.
Correction: 12/19/2020, 1:21 p.m. ET: A Zoom representative reached out to clarify the findings of its internal investigation. Per the statement the company released Friday:
“At this stage in our investigation, and with the exception of user data for fewer than ten individual users, we do not believe this former employee or any other Zoom employee provided the Chinese government with user data of non-China-based users.”
A previous draft erroneously portrayed the company’s findings. Context about Zoom’s statement from June has been updated, as a previous draft contained outdated information about its development of a geo-blocking tool. The anniversary year of the Tiananmen Square massacre has also been corrected. We at Gizmodo sincerely regret the errors.