There’s a big difference between routing an encrypted packet through China and decrypting that packet on a server located in China.
Likewise, there’s a big difference between employing a Chinese national in the US and having a large part of you engineering organization operate from within China.
> having a large part of you engineering organization operate from within China
Shockingly, Microsoft, Google, Facebook, IBM, Redhat, Cisco all have engineering team in mainland China. Do a job list search please.
> decrypting that packet on a server located in China
In your infrastructure setup, for hostnames in a cluster, how do you separate China servers and non-China servers? Do you put a subdomain or something? And how do you link user's nationality to which server they are supposed to connect to?
What if there's a US hosted meeting, a mainland Chinese user joins the meeting? Is it an ethical thing to happen?
Should the packet decrypting happen in a US server? China server? or server located in a third neutral country instead?
What if a US citizen joins a mainland Chinese hosted meeting? Is it wrong for Zoom to decrypt packets in China?
> In your infrastructure setup, for hostnames in a cluster, how do you separate China servers and non-China servers? Do you put a subdomain or something?
Yes, these are exactly the sorts of things one does. The PRC is so distinct in terms of legal norms that servers hosted there need to be treated differently. If PRC would adhere to the legal norms of most of the rest of the world, and stop trying to start a cold war with the U.S, this would not be necessary.
> And how do you link user's nationality to which server they are supposed to connect to?
It's not so much about nationality, but about jurisdiction. For calls where no participants' connections originate from a PRC IP block, don't use the PRC infrastructure. For calls where at least one connection originates from the PRC, terminate the call wherever meets the legal requirements (that PRC participant may have special obligations to their government) and is technically convenient. It's not really that hard.
> What if a US citizen joins a mainland Chinese hosted meeting? Is it wrong for Zoom to decrypt packets in China?
Again, it is not a matter of citizenship, but of jurisdiction. If the call is hosted in PRC, that's not even a question; if PLA asks, you must decrypt the packets on the host, or at least provide keys.
In each case, you bring up nationality or citizenship, but when it comes to these scenarios, these are not relevant. Chinese nationals legally present in U.S. jurisdiction have most of the same rights as U.S. citizens, and all of the same legal obligations. In terms of obligations, the same is true in PRC: if you are present in PRC, you are obligated to follow the PRC's law, whether or not you are a national.
That's what happens when a lawyer designs IM/conf app. Follow your design, the switches/routers need to confirm the "jurisdiction" of each TCP/IP packet? What wonderful idea, please do submit your RFC to IETF.
> but about jurisdiction. For calls where no participants' connections originate from a PRC IP block, don't use the PRC infrastructure.
That's basically where the Chinese got the idea of building the Great Firewall started. Some IP addresses are from evil capitalist USA and need to be filtered.
Likewise, there’s a big difference between employing a Chinese national in the US and having a large part of you engineering organization operate from within China.