There is an opportunity here to signal that Zoom is not a Chinese asset.
Zoom can effectively remove itself from the board by completely mitigating passive surveillance. When no state’s intelligence agency benefits from a home field advantage with Zoom, then its value as a strategic cyber asset is massively reduced.
If Zoom eliminates the home field advantage it sends a powerful signal that they’re secure. This signal of commitment to user’s security is more important than the implementation. The implementation either works, or it doesn’t. And if it works it is invisible to the user.
The signal that is sent by destroying the home field advantage is a powerful declaration of intent. Such a bold public statement is described in the humanities as: an expensive signal.
The video conferencing terrain has become radically more important due to the coronavirus, but this criticality was inevitable. The coronavirus just accelerates the speed at which video conferencing’s strategic importance grows. Zoom is critical cyber social infrastructure.
The video conferencing terrain is strategically important for several reasons: business security and secrets; reporters and sources; privacy and safety for individuals; etc.
China has been collecting industrial espionage secrets for years now. Controlling a video conferencing system would be a huge boon to their passive surveillance collection efforts. Zoom can prevent this by taking itself off the board. This would signal to concerned potential users that Zoom is safe: it has no value as a Chinese intelligence asset.
If zoom creates a protocol that secures content and also limits the value of available metadata then regardless of where the physical servers and switches are, there is no passive surveillance benefit. The goal should be that NSA could run Zoom’s servers in their data centre and it would not alter the security and privacy guarantees of Zoom.
Remove the capacity to benefit from controlling Zoom’s infrastructure and it ceases to be an important strategic asset. Zoom will be more secure due to the strength of the protocol, but critically, also because it is no longer an attractive target.