This concern primarily stems from an assessment conducted by The Citizen Lab, a research entity at the University of Toronto.
Update: On April 3, 2020, Zoom released a statement responding to these findings. They indicated that there is now geo-fencing to prevent communication with Chinese servers. They also state that they are working with experts to implement best practices for their approach to encryption. A copy of the statement has been added below.
The research that was conducted by members at The Citizen Lab, examined the encryption technology that the Zoom service uses. In their findings, the researchers identified a method in which they could possibly compromise the encryption that secures the audio and video of Zoom meetings. They also shared that the encryption keys that are created by Zoom for each session can come from servers located in China.
The technical steps to compromise the encryption of Zoom requires a specific skill set and access to a network where a meeting session is occurring.
At this time, the University continues to recommend Zoom as an acceptable tool to deliver University instruction. The University is continuing to monitor this issue, will closely follow Zoom’s response, and provide updates as information becomes available.
Out of an abundance of caution, the Information Security Office has issued specific recommendations regarding use of Zoom to specific University departments/units to protect communications that may be at risk due to this vulnerability. If you have questions please contact the Information Security Office for additional information.
Citizen Lab: Moving Fast & Roll Your Own Crypto
Zoom: Response to Research From University of Toronto's Citizen Lab