TikTok’s database is being accessed by employees in China, casting a fresh doubt on the assurance of the social media platform last year that personal information of US users is kept away from the reach of China.
The report was made by BuzzFeed on Friday, citing audio recordings obtained from employees. According to the report, the recordings contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. From the nine statements by eight different employees, the recordings described situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own.
“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting quoted by BuzzFeed. In another September meeting, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.”
Registration for Tekedia Mini-MBA edition 9 (Sep 12- Dec 3 2022) has started. Register here. Cost is N60,000 or $140 for the 12-week program.
This comes contrary to every defense TikTok has put up regarding the US government’s concern that the Chinese Communist Party may use the app as a backdoor to private data of Americans.
In an October 2021 Senate hearing, TikTok said that a “world-renowned, US-based security team” decides who gets access to this data. The testimony helped to calm the onslaught that former President Donald Trump launched against TikTok, following the 2019 investigation into the national security implications of TikTok’s collection of American data by the Committee on Foreign Investment. In 2020, Trump had moved to ban the app through executive order.
The audio tapes mean that the scrutiny is likely going to be resuscitated. Rep. Cathy McMorris Rodgers (WA), the top Republican on the Energy and Commerce Committee, said the BuzzFeed report should serve as a wake-up call.
“For TikTok to knowingly allow the Chinese Communist Party to access American user data is unacceptable and a complete betrayal of our trust,” McMorris Rodgers told the Washington Examiner in a statement. “TikTok has gone on record numerous times claiming that they do not share U.S. user data with the Chinese government, CCP, or any Chinese state-owned entities. We now know that is not the case and cannot be allowed to happen without consequence. … This should be a wake-up call for anyone who believes Americans deserve online privacy and data security protections. Big Tech must be exposed for how it sends Americans’ data to China.”
TikTok said in response to BuzzFeed’s findings that the company is working to clear all security doubts about its operation.
“We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data,” TikTok spokeswoman Maureen Shanahan told the outlet. “That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.”
In a blog post on Friday, the high-flying social media app, maintained that it “has long stored US user data in our own data centers in the US and Singapore” and takes the responsibility to “protect against unauthorized access to user data” seriously.
But experts have pointed out that, even though it mitigates some risks, storing data in the US and Singapore does not address the fact that China-based employees can access the data.
TikTok added in its blog post that it’s been working with Oracle on several measures as part of its commercial relationship to better safeguard the app, systems, and the security of US user data.
“We’ve now reached a significant milestone in that work: we’ve changed the default storage location of US user data. Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US,” it said, adding that it is working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind.
This is understood to be part of Project Texas, a contract that TikTok is currently negotiating with cloud services provider Oracle and CFIUS. Under the CFIUS agreement, TikTok would hold US users’ protected private information, like phone numbers and birthdays, exclusively at a data center managed by Oracle in Texas. This data would only be accessible by specific US-based TikTok employees, per the report.
Project Texas, once completed, is supposed to protect US data to a large extent. But according to the audio recordings, employees are worried that it will not solve the problem as there are many technical challenges to address. It is not clear if these new findings will prompt the US government to launch a fresh investigation into TikTok’s activities. President Joe Biden had last year, rescinded most of Trump’s executive orders against Chinese apps.