TikTok has just confirmed that parent company ByteDance in China has had access to sensitive U.S. user data generated by the wildly popular video-sharing app.
“Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team,” wrote TikTok CEO Shou Zi Chew in a June 30 letter to nine Republican senators.
The disclosure makes clear that TikTok executives had previously misled Congress and the American public about the matter.
It is long past time to ban the app or force its sale to American owners. Interim measures, designed to ensure privacy, will not prevent the Chinese central government or the Communist Party from surreptitiously obtaining data.
The nine senators questioned TikTok after BuzzFeed reported on June 17 that audio recordings of more than 80 internal TikTok meetings showed that ByteDance employees had accessed nonpublic U.S. user data from September 2021 to the following January. “Everything is seen in China,” a member of TikTok’s Trust and Safety Department said last September. A “Beijing-based engineer” known as “Master Admin” had “access to everything.”
Moreover, it appears that the U.S.-based operations of TikTok were window dressing. “U.S. staff did not have permission or knowledge of how to access the data on their own, according to the tapes,” the site reported.
TikTok had said it never shared user data with the Chinese government and would not do so. The BuzzFeed reporting suggested that this assurance and similar ones to the Trump administration were false.
“They’re lying to America, they lied to Australia, they lied everywhere,” Paul Dabrowa, an Australian national security expert, told me.
On the day the BuzzFeed story dropped, TikTok announced it was moving all U.S. user traffic to Oracle Cloud Infrastructure. The app said that, although it would continue to use its data centers in the U.S. and Singapore for backup, it will “fully pivot to Oracle cloud servers located in the U.S.” BuzzFeed reported that the app was in the middle of what is known internally as Project Texas, an effort to protect U.S. user data.
TikTok is also engaged in technical negotiations with the Committee on Foreign Investment in the United States, CFIUS, the Treasury Department-led interagency group, BuzzFeed reported. ByteDance is trying to convince the Biden administration that U.S.-generated data is protected even though it will maintain exceptions permitting China access.
Don’t believe ByteDance. Over time, China will obtain U.S. user information by hook or by crook, by taking advantage of technical loopholes in promised protections, by violating agreed protections outright, or by getting U.S.-based personnel to commit espionage.
There is a fundamental problem that no promises can make right. “They can’t say 100% for certain that China is not accessing data,” said Dabrowa, referring to TikTok. “It’s the way the app is built. It is designed to collect data for the Chinese authorities.”
“TikTok is not what it appears to be on the surface,” wrote FCC Commissioner Brendan Carr in a June 24 letter, urging Apple and Google to remove TikTok from their app stores. “It is not just an app for sharing funny videos or memes. That’s the sheep’s clothing. At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.”
Carr is right to be worried. Articles 7 and 14 of China’s 2017 National Intelligence Law require every Chinese national and entity to spy if authorities make a demand. Moreover, such parties, in China’s top-down system, must follow Communist Party directives. In short, ByteDance is in no position to give assurances.
The only solutions that could work are either a direct prohibition of TikTok in the United States or the sale of all its shares to American parties coupled with a complete severance of ties to China.
What does China use stolen TikTok data for? As Dabrowa noted in September 2020 in testimony to the Australian Senate Select Committee on Foreign Interference through Social Media, TikTok’s algorithms are designed to surreptitiously influence opinion and behavior of foreign populations.
“Data breaches are not the real concern and never have been,” Dabrowa told FT Alphaville’s Izabella Kaminska in August 2020. “The real threat is the true agenda of the artificial intelligence that uses TikTok data for manipulation purposes.”
Gordon G. Chang is the author of The Coming Collapse of China. Follow him on Twitter @GordonGChang.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of the Daily Caller News Foundation.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org