Response from TikTok to Complaints Regarding Unsecured User Data
TikTok claims that words in the leak were misinterpreted and highlights the stringent security measures already in place. TikTok denied that its staff in China had access to private user data. The CEO of TikTok strongly refuted a news story that claimed sensitive user data from Americans was handled insecurely and responded to numerous questions from US senators on data access and Chinese government control over TikTok.
According to a BuzzFeed article, staff in China of TikTok were allegedly given full access to sensitive user data at a meeting. Nine US senators wrote to TikTok seeking clarification in reaction to the news item, which prompted the CEO of TikTok to offer a thorough justification.
Oversight Letter
Concerned about reports that employees in China have access to private user information, nine senators wrote to TikTok. Eleven specific questions about user data were posed in the letter, among them whether TikTok has ever disclosed private information to the Chinese authorities.
The letter to TikTok stated:
“The implications of these findings are stark, but not surprising. Rather, they simply confirm what lawmakers long suspected about TikTok…”
TikTok’s answers were in response to that letter.
TikTok Leak Out Of Context
Shou Zi Chew, the CEO of TikTok, responded to the senators in a letter that was later posted as a PDF by the New York Times. The CEO of TikTok responded by claiming that the app was already compliant with securing user data from Americans and had finished all procedures for locking down that data in collaboration with two significant American businesses.
Project Texas is the name of the security program they are working on alongside Oracle and Booz Allen. The CEO claims that employees on Project Texas work on various aspects of a project and are unaware of its full scale.
He argued that the individuals responsible for the leak were employees who were unaware of other aspects of the project and, as a result, were unaware of the procedures in place to protect the data.
According the CEO of TikTok:
“Some people working on these projects do not have visibility into the full picture, working on a task without realizing that it’s a single step in a much bigger project or a test to validate an assumption.
That’s critical context for the recordings leaked to BuzzFeed, and one thing their reporting got right: the meetings were in service of Project Texas’s aim to halt this data access.”
The letter also makes clear that TikTok and the US government have been secretly collaborating to secure data in a method that keeps it fully within the USA with strong access controls.
He Continued:
Circumstances now require that we share some of that information publicly to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business.
As we recently reported, we now store 100% of U.S. user data by default in the Oracle cloud environment, and we are working with Oracle on new, advanced data security controls that we hope to finalize shortly.”
TikTok China-based Employee Data Access
Contrary to spectacular press claims, TikTok already has stringent policies regarding user data access that are overseen by a security team based in the United States.
Regarding China-based employee access to data:
“Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S. based security team.
In addition, TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data’s classification and requires approvals for
Access to U.S. User Data
The level of approval required is based on the sensitivity of the data according to the classification system.
The CEO vehemently disputed that the Chinese government had any access to or influence over the user data of Americans or TikTok itself.
He wrote:
employees of Beijing Douyin Information Service Limited are restricted from U.S. user database access.
The Chinese state-owned enterprise’s acquisition of 1 % of Beijing Douyin Information Service Limited was necessary for obtaining a news license in China for several China-based content applications, such as Douyin and Toutiao.
The Chinese government does not directly or indirectly have the right to appoint board members or otherwise have specific rights concerning any ByteDance entity within the chain of ownership or control over the TikTok entity.
TikTok Still Available On App Stores
TikTok is still accessible for download from the respective Google and Apple app stores as of the time this story was published, demonstrating that both companies are certain TikTok does not breach the privacy terms governing all apps in those stores. In an earlier statement, TikTok said it had been collaborating with Oracle to secure its data in the United States and make sure that all user traffic was being sent through Oracle’s cloud infrastructure. Additionally, it mentions that the endeavor to secure user data is still ongoing.
