TikTok Responds To Allegations Of Unsecured User Data
TikTok denied that sensitive user information was available to employees based in China. The TikTok CEO provided a strong rebuttal to a news report alleging insecure handling of sensitive user data in the United States and answered multiple questions sent by US senators about who has access to the data and on the Chinese government’s control of TikTok.
article Posted by BuzzFeed It was claimed that in a TikTok meeting, it was mentioned that employees in China have full access to sensitive user data.
In response to the news article, nine US senators sent a message to TikTok asking for answers, prompting the TikTok CEO to offer a full explanation.
Nine senators sent TikTok concern letter Because of allegations that employees based in China had access to sensitive user data. The letter asked eleven specific questions about user data, including whether TikTok has shared sensitive data with China’s government.
The message to TikTok stated:
The implications of these findings are stark, but not surprising. Instead, they are simply confirming what lawmakers have long suspected of TikTok…”
TikTok’s answers were in response to that message.
TikTok leaks out of context
TikTok CEO Shou Zi Chew wrote in response to the senators who came later Mutual as a PDF by The New York Times.
In their response, the CEO said TikTok was already committed to securing US user data and had completed all steps to secure that data with two major US companies.
Together with Oracle and Booz Allen, the security initiative they are working on is called Project Texas.
According to the CEO, the staff working on the Texas project are working on different parts of the project and are not aware of the full scope of the project.
He asserted that the people in the leak were workers who were unaware of other parts of the project and therefore were unaware of the policies already in place to secure data.
According to the CEO of TikTok:
“Some of the people working on these projects don’t have a vision of the big picture, and they work on a task without realizing it is one step in a much larger project or a test to validate an assumption.
That’s the important context of the recordings leaked to BuzzFeed, and one thing their reporting got right: the meetings were in service of Project Texas’ goal to stop access to the data. “
The letter also reveals that TikTok is secretly working with the US government to secure the data in a way that keeps it entirely in the US with strict safeguards on who has access.
“…Circumstances now require that we share some of that information publicly to clear up errors and misconceptions in the article and some ongoing concerns with other aspects of our work.
… As we reported recently, we now store 100% of our user data in the US by default in an Oracle Cloud environment, and are working with Oracle on new, advanced data security controls that we hope to finalize in the near future. “
Accessing TikTok employee data in China
Contrary to sensational news reports, TikTok already has strict rules on access to user data that are controlled by the US security team.
Regarding access to data by employees in China:
“Employees outside the US, including employees based in China, may access US TikTok user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team.
Additionally, TikTok has an internal data classification system and approval process in place that sets access levels based on data classification and requires approvals.
Access to US user data.
The level of consent required depends on the sensitivity of the data according to the classification system.
The CEO has also strongly denied that the Chinese government has any control over or access to user data in the US or TikTok itself.
“…Beijing Douyin Information Service Limited employees are denied access to the user database in the United States.
The Chinese state-owned company’s acquisition of 1% of Beijing Douyin Information Service Limited was necessary for the purpose of obtaining a news license in China for several China-based content applications, such as Douyin and Toutiao.
The Chinese government is not directly or indirectly entitled to appoint board members or have specific rights with respect to any ByteDance entity within the chain of ownership or control of the TikTok entity.”
TikTok is still available on app stores
As of the publication of this article, TikTok is still available for download from the app stores of both Google and Apple, which is an indication that those companies are content that TikTok does not violate the privacy terms that govern all apps in their app stores.
In a previous statement, TikTok posted that it is working with Oracle to secure TikTok’s US data to ensure that 100% of its users’ traffic is routed through Oracle’s cloud infrastructure. It also states that the user data security project will continue.
Read the letter sent from nine members of the US Senate (pdf)
Read TikTok’s response to the United States Senators (pdf)
Read TikTok’s statement issued on June 17, 2022
Providing data management services in the United States
Image via Shutterstock / DisobeyArt