Released: December 18, 2020
We are pleased to offer our first transparency report, which we intend to publish semiannually beginning in 2021. This report is designed to offer insight into how Zoom Video Communications, Inc. (Zoom) responds to requests for user data from law enforcement agencies and government authorities. Zoom believes that transparency is critical to building trust and fostering the free and open exchange of ideas.
As detailed in our Privacy Statement, Zoom is committed to protecting user privacy and only produces user data to governments in response to valid and lawful requests in accordance with our Government Requests Guide and relevant legal policies.
This report covers government requests that we processed between May 1, 2020 and December 12, 2020. Until spring 2020, when our user base expanded significantly as a result of the Covid-19 pandemic, Zoom had no set approach to these law enforcement requests. Like many smaller technology companies without a significant consumer user base, we received requests via multiple avenues, handled each one in a high-touch, intensive way, and didn’t preserve categorizing information about them. As our usage soared following the beginning of the pandemic that approach became untenable. After a period of ramping up and resourcing, we developed a more streamlined approach to handle the volume. Our first improvements included hiring experienced legal staff to evaluate and process requests efficiently, publishing our Government Requests Guide to enable law enforcement agencies and government authorities to submit more tailored requests, and categorizing the data associated with each request in our case management system. We’ve also standardized our policies, centralized how we track requests, and established internal guidelines and quality controls processes. All of these improvements were made with an eye towards transparency reporting.
Because many of the procedures that Zoom now uses to confirm the receipt of government requests were implemented on or about July 1, 2020, our ability to accurately identify government requests has significantly improved since that date. This means that we cannot guarantee that our May and June 2020 records are fully accurate. Nevertheless, the Report discloses the requests we processed from May 1, 2020 through December 12, 2020 of which we are currently aware, and, while we now have additional processes in place for handling and tracking these types of requests, it remains possible that we received additional requests during this period that were not properly tracked or otherwise identified by us in the preparation of this report.
Two further notes about this transparency report: In May and June of this year, there were meetings in remembrance of Tiananmen Square. Zoom received several requests from Chinese government authorities in the days of and leading up to these meetings, some of which resulted in our termination of specific meetings. Those requests are reflected in this report.
As described in our blog post published on December 18, 2020, we terminated a China-based employee who was responsible for responding to Chinese government requests because this individual violated Zoom’s policies by, among other things, attempting to circumvent certain internal access controls, including those required to manage government requests as described in this report.
The United States DOJ has charged this former employee with conspiracy to commit interstate harassment and unlawful conspiracy to transfer a means of identification in connection with an alleged scheme to disrupt video meetings commemorating Tiananmen Square. We are cooperating with the DOJ in these investigations, which are ongoing, and we do not know when they will be completed. As a result, the outcome of these investigations will be informed by the discovery of additional facts that are an inherent part of any ongoing investigation. The discovery of additional facts from our own investigation or from evidence presented by the DOJ or the SEC could impact the information that is contained in this report. We will not update the transparency report for this reporting period other than as required by law.
We use a number of terms in this report that have specific legal meanings in this context. Wherever you don’t see a particular kind of request or outcome noted in the charts or graphs, that means that there weren’t any of that type. Notably, we did not disclose any content in this reporting period, nor did we receive any national security requests. Civil litigation requests are not reflected in this report.
- Subpoena (U.S. only) - a request made by an entity with investigative powers, such as a grand jury. Need not be signed by a judge, cannot demand content.
- Search Warrant (U.S. only) - a request for a search, signed by a judge, in which a prosecutor alleges that there is “probable cause” to believe that a crime has taken place, or is about to. May demand content or non-content.
- Order (U.S. only) - any other type of order issued by a court. Cannot demand content.
- Other - Any other kind of request or resolution. For example, if a law enforcement officer seeks user data but without a subpoena, search warrant, or court order, or where the data owner gives written authorization to disclose their data to law enforcement.
- Preservation Request (U.S. or international) - a request to preserve user information for a period of time, usually 90 or 180 days.
- Emergency Request (U.S. or international) - a request for user data without standard legal process, on the grounds that there is a danger of death or serious physical injury to a person.
- MLAT Request (International only) - a request made by a foreign country through the U.S. Department of Justice pursuant to a Mutual Legal Assistance Treaty. Can demand content.
- CLOUD Act (U.K. only, for now) - a request made pursuant to the CLOUD Act. Can demand content.
- Withhold Access Request - a governmental request to restrict an individual’s access to any aspect of Zoom’s product, or to prevent or terminate a particular meeting.
- Rejected - includes rejections for invalid service or other legal reasons, instances where there was no responsive data, or where the agency did not provide enough information for us to locate data.
- Non-content - non-content refers to metadata, or information about content. Non-content can include things like the dates and times of meetings, the IP address of a user, or information about their platform. When we report disclosing “non-content” that means we disclosed non-content only.
- Content - can include video content, chat logs or transcripts; essentially, any media that depicts what a person spoke, wrote or did. When we report disclosing “content,” that means we disclosed both content and non-content.
- General information means we provided general information about the law enforcement request process, but not content or non-content.
A note about Withhold Access Requests: Zoom does business in more than 80 countries and counting. Many countries, including the U.S., have laws that may restrict one of its residents from participating in or hosting particular Zoom meetings or webinars. If Zoom receives a legally valid and appropriately scoped request from a legitimate government agency demanding that Zoom restrict one of its residents from using Zoom, Zoom will carefully review it. In no event will Zoom will restrict the access of users who are outside the requesting country and/or the jurisdiction of the requesting government agency or who are otherwise not subject to applicable local law.
We comply with Withhold Access Requests selectively, as we balance our commitment to promoting the free and open exchange of ideas against our legal obligations.
U.S. Requests Overview
U.S. requests to Zoom can come in the form of search warrants, subpoenas (grand jury, trial and administrative), court orders, preservation requests, emergency requests and national security requests. The vast majority of global requests are from U.S. state and local and federal law enforcement, with 803 coming from the U.S. and 424 coming from all other areas combined.
Here is a summary of the U.S. requests we’ve processed for user-related data, as defined in our Government Requests Guide:
U.S. Requests: Responses and Outcomes
From May through December 12, 2020, here is how we’ve responded to requests from U.S. authorities.
Zoom receives law enforcement requests from around the globe. We screen each international request carefully to ensure that we only respond to ones that are legally valid and appropriately scoped. We do not provide any content internationally without process under MLAT, the CLOUD Act or letters rogatory. Please note that some countries or regions may have experienced more rejections prior to July 1, when we published our Government Requests Guide and provided guidance about what is an appropriate request and what types of data we have available.
For more information about how we review international requests, please see our Government Requests Guide.
We group international requests into regions:
- UK (United Kingdom)
- EMEA (Europe, Middle East, and Africa)
- Asia Pacific (including Hong Kong SAR and New Zealand, excluding China and India)
- North America (non U.S.)
- South and Central America
Here is an overview of the international requests we’ve received:
Here is how we responded:
International Requests: Responses and Outcomes
From May 1 through December 12, 2020, here’s how we responded to international requests:
Asia Pacific (excludes China, India and Australia)
Central and South America
North America (non-U.S.)
FAQs about this Transparency Report
Released: December 18, 2020
We accept and process government requests as detailed in our Government Requests Guide.
Our process has changed dramatically over the last year. Prior to spring 2020, when our user base expanded significantly as a result of the pandemic, Zoom received a relatively small number of requests. Like many smaller technology companies without a significant consumer user base, we received requests via multiple avenues and were able to handle each one on a case-by-case basis in a high-touch way. As our usage began to soar around the world in 2020, we realized we needed a more systemic approach. We quickly added headcount and resources and developed a more formalized process to handle the increased volume. This approach included:
- Hiring experienced legal staff to evaluate and process requests efficiently
- Publishing our Government Requests Guide
- Categorizing the data associated with each request in our case management system
- We’ve also standardized our policies, centralized how we track requests, and established internal guidelines and quality controls processes.
The transparency report we have just released reflects these policies in action, and was made possible because of the more formalized tracking and preservation actions we now have in practice.
The foundation for a transparency report is laid well before the report is published, as an accurate picture requires a consistent, systematic approach to collecting and preserving the information that will eventually be reflected in the report, over a meaningful amount of time. We established a framework for our report over the spring and summer of 2020 when we developed, tested, and implemented new policies to receive, process, and fairly and consistently respond to valid and lawful requests for user information. We are in a position to release our first report today.
This is our first transparency report, and we committed to publishing it before the end of the year. We are publishing it a little earlier than a customary six-month period, but we wanted to honor our commitment to publish by the end of the year and with the data we collected after we improved our policies and procedures. We will continuously evolve and improve in our reporting, and we intend to publish future reports on a six month basis starting in 2021.
We plan to release our transparency report following a six-month cycle, which is consistent with companies in our industry with a similar volume of requests. Publishing after a six-month cycle gives us adequate time for internal quality assurance, and makes it easier to identify key trends in the data.
We benchmarked extensively before drafting this transparency report. We also benefited from The Transparency Reporting Toolkit jointly published by the Berkman Klein Center for Internet and Society and New America. Where our response rates are lower than those of our peers, that reflects the fact that we only recently began serving large numbers of consumers. In the spring of 2020, government requesters were not yet familiar with us. At the time, they often did not know how to make a request for our data, what data we have or what identifiers we need from them. We published our Government Requests Guide with that information in July 2020. We expect that the next transparency report will show a decrease in rejections for most jurisdictions.
We intend for each transparency report to improve on the last one. For starters, we will categorize requests by country instead of by region. Every so often we will reevaluate all our categories and update them as necessary. We also intend to publish future reports following a six month cycle beginning in 2021.