Executives at ByteDance-owned TikTok likely lied to Congress about the social media company’s relationship with China and how much access the communist country has to U.S. user data.
When the Trump administration was actively working to ban ByteDance’s TikTok and WeChat due to national security concerns in the fall of 2020, ByteDance Global Chief Security Officer Roland Cloutier reassured Cyberscoop that “we simply don’t share data with governments, including the Chinese government.”
Michael Beckerman, TikTok’s head of public policy for the Americas, also explicitly told the Senate Commerce Committee during a hearing in October of 2021 that “we do not share information with the Chinese government,” but as Sens. Marco Rubio, R-Fla., and Mark Warner, D-Va., noted in a recent letter to Federal Trade Commission Chairwoman Lina Khan, that clearly isn’t the case.
Despite Beckerman’s insistence that the popular social media app has “no affiliation” with Beijing ByteDance Technology, which the Chinese Communist Party bought a stake in and the board of which it infiltrated last year, Buzzfeed found that TikTok divisions such as the US Tech Services team report to the entity’s parent company ByteDance Ltd. executives in China.
Leaked audio from at least 80 internal TikTok meetings evaluating problematic data access also revealed that skeptics of TikTok’s data privacy practices were right: ByteDance employees in the surveillance state of China repeatedly accessed sensitive, private U.S. user data including “birthdates, phone numbers, and device identification information.”
The Department of Justice found in 2020 that ByteDance employs at least 130 CCP members at its Beijing office. That’s something Chinese propaganda outlets have boasted about.
“According to Chinese press reporting, Bytedance has more party members and party organizations and is more ‘red,’ insiders pointed out, as compared with other Internet companies,” a memorandum from the former Deputy Assistant Secretary of Intelligence and Security at the Department of Commerce John Costello stated.
This deliberate breach of policy and suspect intelligence gathering is well known among TikTok’s Trust and Safety department. In a recording of a September 2021 meeting, one director even admitted there is a Beijing-based engineer who “has access to everything.” That dishonestly accessed information is in addition to any non-public data the CCP could solicit following the implementation of its national security laws.
“Under these authorities, the CCP may compel access, regardless of where data is ultimately stored,” Warner and Rubio warned in their letter to Khan. “While TikTok has suggested that migrating to U.S.-based storage from a U.S. cloud service provider alleviates any risk of unauthorized access, these latest revelations raise concerns about the reliability of TikTok representations: since TikTok will ultimately control all access to the cloud-hosted systems, the risk of access to that data by PRC-based engineers (or CCP security services) remains significant in light of the corporate governance irregularities revealed by BuzzFeed News.”
Since the beginning of its popularity in the United States, TikTok has felt the wrath of several politicians who have scrutinized the practices of the app its connection to the CCP and even tried to revive a Trump-era ban on it.
According to TechCrunch, TikTok recently expanded its data access permissions to include gathering “faceprints and voiceprints” of users. If “everything is seen in China” as members of TikTok’s team have confessed in recordings, politicians such as Rubio and Warner worry that the CCP likely has access to the biometric information of millions of people around the globe.
Rubio and Warner say that’s a problem that desperately needs to be addressed by the FTC as soon as possible.
“In light of repeated misrepresentations by TikTok concerning its data security, data
processing, and corporate governance practices, we urge you to act promptly on this matter,” they concluded in their letter to Khan.
This article was updated on July 7 to further clarify the difference between “Beijing ByteDance Techology” and “ByteDance Ltd.” The article was also changed to reflect that the “United States Technical Services team” is actually called “US Tech Services.”