TikTok Responds To Allegations Of Unsecured User Data

TikTok denied that sensitive user information was accessible to China-based employees. The CEO of TikTok offered a strong rebuttal over a news report alleging unsecure handling of sensitive U.S. user data and answered multiple questions sent by United States senators about who has access to data and over Chinese government control over TikTok.

An article published by BuzzFeed alleged that in a TikTok meeting, it was stated that employees in China had complete access to sensitive user data.

In response to the news article, nine United States senators sent a letter to TikTok asking for answers, prompting the CEO of TikTok to provide a full explanation.

Oversight Letter

Nine Senators sent TikTok a letter of concern over allegations that China-based employees had access to sensitive user data. The letter asked eleven specific questions about user data, including if TikTok has ever shared sensitive data with the government of China.

The letter to TikTok stated:

“The implications of these findings are stark, but not surprising. Rather, they simply confirm what lawmakers long suspected about TikTok…”

TikTok’s answers were in response to that letter.

TikTok Leak Out Of Context

The CEO of TikTok, Shou Zi Chew, wrote an answer to the senators that were subsequently shared as a PDF by the New York Times.

In their response, the CEO said that TikTok was already in compliance with securing U.S. user data and completed all steps for locking down that data together with two major United States companies.

Together with Oracle and Booz Allen, the security initiative they are working on is named Project Texas.

According to the CEO, personnel working on Project Texas work on different parts of a project and are not aware of the entire scope of the project.

He asserted that the people in the leak were workers who were unaware of other parts of the project and thus did not know of policies already in place securing the data.

According the CEO of TikTok:

“Some people working on these projects do not have visibility into the full picture , working on a task without realizing that it’s a single step in a much bigger project or a test to validate an assumption.

That’s critical context for the recordings leaked to BuzzFeed, and one thing their reporting got right: the meetings were in service of Project Texas’s aim to halt this data access.”

The letter also reveals that TikTok has been working confidentially with the U.S. Government to secure data in a way that keeps it entirely in the USA with strict safeguards as to who has access.

He continued:

“…circumstances now require that we share some of that information publicly to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business.

…As we recently reported, we now store 100% of U.S. user data by default in the Oracle cloud environment, and we are working with Oracle on new, advanced data security controls that we hope to finalize in the near future.”

TikTok China-based Employee Data Access

Contradicting the sensational news reports, TikTok already has strict rules over access to user data controlled by the United States-based security team.

Regarding China-based employee access to data:

“Employees outside the U.S., including China- based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.

In addition, TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data’s classification and requires approvals for
access to U.S. user data.

The level of approval required is based on the sensitivity of the data according to the classification system.”

The CEO also vigorously denied that the Chinese government has any control or access to the United States user data or TikTok itself.

He wrote:

“…employees of Beijing Douyin Information Service Limited are restricted from U.S. user database access.

The Chinese state-owned enterprise’s acquisition of 1 % of Beijing Douyin Information Service Limited was necessary for the purpose of obtaining a news license in China for several China- based content applications, such as Douyin and Toutiao

The Chinese government does not directly or indirectly have the right to appoint board members or otherwise have specific rights with respect to any ByteDance entity within the chain of ownership or control over the TikTok entity .”

TikTok Still Available On App Stores

As of the publication of this article, TikTok is still available for download from the respective app stores of Google and Apple, an indication that those companies are satisfied TikTok does not violate the terms of privacy governing all apps in their app stores.

In a previous statement, TikTok published that it has been working with Oracle to secure U.S. TikTok data to ensure that 100% of user traffic is routed through Oracle’s cloud infrastructure. It also states that the project for locking down user data continues.

Citations

Read the Letter Sent by Nine U.S. Senators (PDF)

Read TikTok’s Response to United States Senators (PDF)

Read TikTok’s Statement from June 17, 2022

Delivering on our U.S. data governance

Image by Shutterstock/DisobeyArt