nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WhatsApp's New Policy Has...

From: Rich Kulawiec <rsk () gsp org>
Date: Sat, 9 Jan 2021 14:08:40 -0500
On Fri, Jan 08, 2021 at 01:31:56PM -0600, Dave Phelps wrote:

Keybase was purchased by Zoom (
https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html).

From what I've gathered, Zoom is too tight with, owned by, or run by China,

so I believe there was a similar mass exodus from Keybase for lack of trust.


I've been maintaining a page of relevant links concerning Zoom since
late winter 2020.  It's here:

        Zoom
        http://www.firemountain.net/zoom.html

I need to add a link there concerning the complaint filed in the EDNY,
USA v. Xinjiang Jin (JIN).  As pointed out by File411, there are repeated
references in that complaint to "under 1 minute", as in:

        Employee-1 explained that "The current requirement" -- apparently
        referring to Company-1's internal restrictions -- "is that domestic
        engineers cannot access the data of us clusters" -- indicating
        that PRC-based software engineers were not permitted to access user
        data stored on U.S.-based servers.  JIN responded "Net Security's
        requirement is that [the employer] must have the authority to
        directly handle it, and it must be handled within one minute.
        For example, including U.S. users, if the issue of June 4th is
        being discussed in a meeting, it must be handled within one minute
        of [the meeting being reported], otherwise will be [rate] as
        security non-compliant."

("June 4th" refers to Tiananmen Square - June 4, 1989.)

It's unclear yet exactly what this means/implies, but my working assumption
for the moment is that everything passing through Zoom is being made
available in real or close-to-real time to the PRC.

Also in the complaint:

        JIN wrote in an electronic messages to other individuals who are
        Company-1 employees stating that, even if other U.S. social media
        and search companies had no business in the PRC, they still terminated
        accounts and posted at the request of the "CN zf".  Based on open
        source information and my training and experience, the "CN" in "CN zf"
        refers to "China" (the PRC) and "zf" is shorthand for zhengfu,
        a Chinese word for government.

---rsk
Previous By Date Next
Previous By Thread Next

Current thread: