China’s next plan to dominate international tech standards

SpaceX has banned use of Zoom for remote operations. So have Google, Apple, NASA, and New York City schools. Earlier this week, the FBI warned about Zoom teleconferences and live classrooms being hacked by trolls; security experts warn that holes in the technology make user data vulnerable to exploitation. Zoom’s CEO, Eric Yuan, has this week publicly admitted that he “messed up” on privacy and security.

But we are missing a larger question as we grapple with these security flaws. Zoom today is a publicly-traded American company listed on NASDAQ, but the company’s mainline app is developed by China-based subsidiaries. Its servers in China also appear to have transmitted the company’s AES-128 encryption keys earlier this year, including, as a Citizen Labs report documents, some keys used for meetings among North American participants (the company posted a response to that report here, noting that a geofencing error due to the heavy traffic from the outbreak of COVID-19 might have led some meetings “under extremely limited circumstances” to be routed through China, and it has corrected the error). Beijing’s intelligence laws obligate Zoom and other companies with nexus in China to share data held on the mainland with Chinese government authorities upon request.

(Editor’s note: Zoom has published a 90-day plan to improve its privacy and security initiatives, and recently hired ex-Facebook CISO Alex Stamos as an outside consultant. The company notes in its privacy policy that it only responds to requests for user data when there is a “valid legal process, including jurisdiction.” In its statement to the Citizen Lab post, the company wrote that “Zoom has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorized access to data, including by Zoom employees — regardless of how and where the data gets routed.”)

These are precisely the kind of tools that Beijing values. The Chinese Communist Party (CCP) pursues a decades-long grand strategy to develop and capture global networks and platforms – with them to define global standards. Hold over standards promises enduring control of international resources, exchange, and information; a global geopolitical operating system with coercive might. Beijing has officially endorsed this ambition since its 2001 accession to the World Trade Organization, when it launched the National Standardization Strategy.

Now, the CCP is putting that intent into action. Beijing is about to launch China Standards 2035, an industrial plan to write international rules. China Standards 2035 is the successor to Made in China 2025; an even bolder plan for the subsequent decade premised not on governing where global goods are made, but on setting the standards that define production, exchange, and consumption.