Abby Davis, FISM News
Leaked audio from over 80 internal TikTok meetings has revealed that employees in China have accessed user data multiple times, despite the company’s promises that all user data is stored outside of China.
The recordings capture nine different employees indicating that China-based engineers had access to user data between September 2021 and January 2022, according to BuzzFeed News who reviewed the audio, though the time frame could be longer.
“Everything is seen in China,” said one member of TikTok’s Trust and Safety Department in a recording from September 2021.
Buzzfeed also reported that they obtained screenshots and documents to corroborate the audio clips, which came from meetings between company leaders and consultants, as well as policy presentations.
TikTok, which is owned by the Chinese company ByteDance, has been a national security concern for the past several years. Officials have sounded alarms that the conflict of interest would result in the mining of data on U.S. citizens and the spread of propaganda by the Chinese government.
In June 2021, one former U.S.-based TikTok employee told CNBC that they had to request needed information on American users from a data team in China. The information received back from China included specific user IDs and all of the information gathered on those accounts.
These reports were effectively discounted by TikTok Vice President Michael Beckerman in October 2021. “U.S. user data is stored in the United States, our backups are in Singapore, and we have a world-renowned, U.S.-based security team that handles access to user data,” Beckerman testified at a Senate hearing.
The leaked audio, however, appears to refute Beckerman’s claims and confirm reports from former employees.
Nine recorded statements from eight different employees indicate that American employees did not have permission or knowledge to access user data and instead had to ask their China-based colleagues for access.
Buzzfeed noted that based on the recordings, most situations where staff in China accessed user data seem to be in furtherance of a TikTok effort titled “Project Texas” that is taking steps to keep user data in the U.S. and out of China.
Discussions of a US company buying all or parts of TikTok began when then-president Donald Trump issued executive orders on Aug. 6, 2020, and Aug. 14, 2020, that threatened to block TikTok in the U.S. unless ByteDance sold it to an American company.
The Aug. 6 order cited concerns about the Chinese government seizing data from ByteDance, stating, “This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”
Negotiations between TikTok and US companies continued, however, under pressure from the Committee on Foreign Investment in the United States (CFIUS). TikTok and Oracle worked throughout 2022 to reach an agreement in which Oracle would store American user data in the U.S. and ensure it was inaccessible to ByteDance. Reuters reported in March 2022 that it was not clear whether CFIUS would accept this arrangement as a solution to national security concerns.
On June 17, 2022, TikTok gave a public update on the negotiations with Oracle. “We’ve now reached a significant milestone in that work: we’ve changed the default storage location of U.S. user data. Today, 100% of U.S. user traffic is being routed to Oracle Cloud Infrastructure,” the statement read.
This update was published the same day as Buzzfeed’s article revealing the recordings.
TikTok, however, admitted that the company still relies on internal storage systems but promised they are taking steps to change.
“We still use our U.S. and Singapore data centers for backup, but as we continue our work, we expect to delete U.S. users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US.”
On June 24, Senators Tom Cotton (R-Ark.), Ben Sasse (R-Neb.), Mike Braun (R-Ind.), Marco Rubio (R-Fla.), Todd Young (R-Ind.), and Roger Wicker (R-Miss.) sent a letter to Treasury Secretary Janet Yellen asking for a written report on how President Biden plans to address national security concerns surrounding TikTok and stating that the move to Oracle servers does little to avert concerns of Chinese influence.
The statement read in part, “The proposed TikTok deal would do little to address the core security concerns that motivated the August 14 order. That order was not simply concerned about data, but about a Chinese company’s ownership of a social media platform in America. If the Biden Administration focuses solely on data storage and integrity to the exclusion of the critical issue of ByteDance’s ownership, control, and influence of TikTok, serious security risks will remain and the August 14 order will go unenforced.”