Several Senators previously questioned TikTok’s data-sharing practices. In a declaration made in a letter from TikTok CEO Shou Zi Chew, the CEO answered certain concerns by Sen Blackburn et al, pertaining to U.S. user data. An important question was posed “Why TikTok is not blocking employees or others in China from viewing U.S. user data?” Well, the CEO has precisely answered it.
The Access Will Be Limited…
TikTok has admitted that some of its employees based outside the U.S have access to data from American users. The revelation immediately raised concerns about whether that information was being shared with the Chinese government. However, the last question in the letter includes, “Why is TikTok not planning to ensure that all U.S. user data is blocked from view of employees or others in China?”
CEO Shou Zi Chew answered by stating, “access to the U.S. user data by anyone outside of our new USDS team will be limited by, and subject to, a robust data access protocol that will be developed in close collaboration with Oracle and CFIUS.
After mentioning that TikTok is proud to serve a global community of a billion people, Chew stated that they are working hard to safeguard the community by “both in how we address potentially harmful content and “how we protect against unauthorized access to user data”.
Chew admitted that certain China-based employees will have access to a “narrow, non-sensitive set of TikTok U.S. user data” such as the public videos and comments available to anyone, to ensure global interoperability so that U.S. users, creators, brands and merchants are afforded the same rich and safe TikTok experience as global users. However, he added that “it will only occur pursuant to protocols being developed by the U.S. Government.”
Data Is Stored In A U.S-based Cloud Storage…
The admission via this letter was prompted by a recent BuzzFeed News investigation into the ByteDance-owned company. Published on June 17th, the report claims to have listened to leaked audio of more than 80 internal TikTok meetings. The recordings were captured from September 2021 to January this year. They include 14 statements from nine employees who met to discuss Project Texas – a classified effort to stop engineers in China from retrieving the data.
Chew, on the other hand, shut down this report, stating “it included allegations and insinuations that are incorrect and are not supported by facts.” He further explained how the video-sharing site stores all American user data in a U.S-based cloud storage service. But the TikTok boss still admitted that staff in China could access local user data in some instances. “Employees outside the U.S., including China-based employees, can have access to U.S. user data,” the letter said.
However, Chew assured the Senators that access to such data is subject to a series of robust cybersecurity controls and authorization approval protocols overseen by TikTok’s U.S.-based security team. “The level of approval required is based on the sensitivity of the data according to the classification system,” he added.
The CEO also confirmed the social network’s Project Texas program. He explained that it aims to safeguard U.S user data by running TikTok from servers in Texas owned by Oracle. Additionally, the CEO told the Senators that TikTok’s algorithm will only be trained on data from the Oracle storage and the company will ensure appropriate third-party security vetting and validation of the algorithm.
Senate Intel Leaders Call For FTC Probe…
If you look at TikTok’s letter which addresses 11 questions that the Senators requested answers to by July 18, it fails to ease the overall security concerns. In a recent interview, Senator Marsha Blackburn stated that Chew’s response “confirms suspicions that their fears regarding Chinese Communist Party influence within the company are real”.
Now, top lawmakers on the Senate Intelligence Committee called for a Federal Trade Commission (FTC) probe of TikTok on Tuesday (July 5), amid allegations the social media company has made “repeated misrepresentations” to Congress and others on its data security practices.