byteDance Ltd.’s TikTok app is displayed on the App Store on smartphones in a arranged photo that was taken at Arlington, Virginia, on Monday, August. 3 of 2020.
An ex- TikTok recruiter recalls that her work hours were scheduled to be between 10 a.m. until 7 p.m. However, frequently she had to work two shifts. This is because China-based ByteDance executives were involved in the company’s decision-making process as she explained and was expecting TikTok’s California workers to be on hand during the entire day. TikTok workers, she explained were to begin their work hours and be available during Chinese business hours to help their ByteDance colleagues’ questions.
The recruiter, as well as four other former employees said to CNBC they are concerned about the social media platform’s Chinese owner, who they believe is able to access American information about users and is associated with the Los Angeles company’s decision-making and development of products. The people contacted asked to remain anonymous in fear of being targeted by the company.
TikTok began international expansion in September of 2017. The company that owns it, ByteDance, purchased Musical.ly, a social application which was gaining popular in U.S., for $1 billion in November of 2017 and the two entities were combined in August of 2018. Within a short time the app has rapidly accumulated the number of users to nearly 92 million users in the U.S. In particular it has found its niche among young adults and teens -it has TikTok has now surpassed Instagram in popularity as U.S. teenagers’ second-favorite social media platform, behind Snapchat, as per the report from October of 2020 from Piper Sandler.
In the year 2000, then-President Donald Trump sought to ban TikTok from the U.S. or force a merger with the U.S. company. The Trump administration as well as Secretary of State Mike Pompeo, expressed national security concerns regarding the application’s Chinese ownership and with Pompeo having said in one instance that TikTok could have been “feeding data directly to the Chinese Communist Party.” TikTok has repeatedly denied the assertions by telling CNBC, “We have never provided user data to the Chinese government, nor would we do so if asked.” In its last four semi-annual transparency statements, it has not reported any inquiry by the Chinese government for data about users.
In the month of June TikTok was able to catch a wave as the president Joe Biden signed an executive order to revoke Trump’s directive to shut down the app until it could identify an U.S. buyer. Biden’s decision, however, provides the government with a set of criteria to determine the dangers of apps linked by foreign adversaries.
Control of ByteDance
Former employees who spoke with CNBC claimed that the boundaries that separated TikTok as well as ByteDance were blurred to appear to be virtually non-existent.
Particularly, one employee claimed that ByteDance employees can gain access to U.S. user data. This was demonstrated in an instance where an American employee who was working on TikTok required an overview of users from around the world that included Americans who had searched for or engaged with a particular type of content. This is, users who were searching for a particular term or hashtag, or who liked certain categories of videos. The employee was required to contact an information team located in China for access to the information. The information that the employee obtained included the user’s specific IDs and could access any data TikTok contained about the users. This kind of scenario was confirmed as an occurrence situation by another employee.
Take a look at TikTok’s privacy guidelines says that the company has the right to share data it gathers within its own corporate entity that includes ByteDance.
“We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group,” the privacy policy states.
TikTok has emphasized the significance of accessing this information. “We employ rigorous access controls and a strict approval process overseen by our U.S.-based leadership team, including technologies like encryption and security monitoring to safeguard sensitive user data,” the TikTok spokesperson said in an announcement.
A cybersecurity expert has said this could put users at risk of data requests from authorities from the Chinese government. “If the legal authorities in China or their parent company demands the data, users have already given them the legal right to turn it over,” said Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute of the University of California, Irvine.
As CNBC announced in 2019 the Chinese National Intelligence Law requires Chinese organisations and individuals to “support, assist and cooperate with the state intelligence work.” Another law in China is the 2014 Counter-Espionage law, has similar obligations.
The close connections between TikTok and the parent company extend far beyond the mere sharing of user information, former employees claimed.
The direction and approvals for every type of decision-making regardless of whether they are important contracts or strategies, are derived from the company’s management who are based in China. This means that employees work late into the night after long hours in order to participate in sessions with Beijing counterparts.
Its dependence upon ByteDance can be seen in the technology used by TikTok. Former employees have stated that close to all of TikTok’s development is overseen by Chinese ByteDance employees.
The lines are so blurred that several employees have emails for both organizations. One employee stated that recruiters are often seeking candidates for positions for both companies.
TikTok acknowledged that employees may have several aliases, however the company relies on Google’s enterprise Gmail service for corporate email. Their email accounts are processed on Google servers and are recorded and monitored for access by unauthorized users.
In a statement in a letter to CNBC, TikTok downplayed the significance of its transnational structure. “Like many global technology companies, we have product development and engineering teams all over the world collaborating cross-functionally to build the best product experience for our community, including in the U.S., U.K. and Singapore,” an TikTok spokesperson stated in an announcement.
In terms of personnel, ByteDance in April appointed Singaporean national Shouzi Chew to the post in the position of TikTok CEO. Prior to her appointment, TikTok was led in interim by the former YouTube chief executive Vanessa Pappas, who was promoted to the position following the departure of the former Disney chief of the streaming business Kevin Mayer resigned in August 2020, after only one month in the job.
Chew was previously ByteDance’s chief of finance and will remain in that role in the midst of his new job in the capacity of TikTok CEO.
Also, TikTok downplayed the connection. “Since May 2020, TikTok management has reported into the CEO based in the U.S., and now Singapore, who is responsible for all long-term and strategic day-to-day decisions for the business,” an TikTok spokesperson stated in an email.
The dangers of Chinese relations
Security experts who spoke to CNBC stated that there are numerous dangers that arise from TikTok being so connected to the parent corporation.
One risk is that the Chinese government can disseminate propagandist messages or alter the opinions among the Americans who utilize TikTok every month. This could be accomplished by way of short-length videos which the Chinese government could wish to share with Americans in the form of truthful or false information. The company may also decide to block certain kinds of content.
It’s happened in a handful of instances. For instance, the company has instructed moderators to remove videos that mention Tiananmen Square Tibetan Independence, or even the religion group Falun Gong, as per the September, 2019 report from The Guardian. After the publication, TikTok said it no was a part of the censorship process anymore and admitted that this was a mistake.
“Today we take localized approaches, including local moderators, local content and moderation policies, local refinement of global policies, and more,” the company stated in a statement issued at the time.
In November 2020 the In November 2020, TikTok’s U.K. Director of Public Policy Elizabeth Kanter admitted during a committee of the parliamentary parliament that the app had in the past blocked content that criticised the Chinese government with regard to work-for-hire of Uyghur Muslims in China. Afterward, Kanter said she was a bit off in the course of her testimony.
“Anytime [the Chinese government has] control over a platform like TikTok that has billions of users and is only getting more popular, it gives them power to feed our mind what we should think about, what we consider truth and what is false,” said Ambuj Kumar, CEO of Fortanix which is an encryption-based cybersecurity firm. Kumar is an authority in encryption from end to end, and he has experience dealing with China’s specific requirements for encryption of data.
The more significant and not discussed issue is the amount of data TikTok gathers from its users, and how this data might be used to benefit authorities like the Chinese government.
The privacy policy of TikTok explains that the app gathers any kind of data. This includes information about profiles including user names and images of their profiles and any other information users use in sweepstakes, surveys and contests, like their gender, their age and preferences.
The app also records users’ location, the messages within the app, as well as information on the way users use the app, such as their preferences, the content they are viewing and how often they utilize the app. In addition, the app gathers information about users’ interests as determined from the content users are viewing.
In addition, TikTok also gathers data through the content users create through the app and uploads to the app. This could include videos that users create.
A few experts have expressed concern that content written by a young person posted to TikTok even as unpublished content that could be re-published to haunt that person should they later get an executive position at an important American company or begin work in an organization like the U.S. government.
“I’d be shocked if they are not storing all the videos being posted by teenagers,” Kumar stated. “Twenty years from now, 30 years from now, 50 years from now when we want to nominate our next justice to the U.S. Supreme Court, at that time they will go back and find everything they can and then they’ll decide what to do with it.”
TikTok isn’t alone in collecting American user information. American tech companies that cater to consumers such including Facebook, Google and Twitter have a wealth of data they’ve gathered on their users. The difference, as per the experts in Sino-U.S. relations as well as Chinese spying can be seen in the way that American companies have a variety of options to safeguard their users in the event that their U.S. government seeks data and information, whereas Chinese businesses must adhere to Chinese laws. Chinese government.
“ByteDance is a Chinese company, and they’re subject to Chinese national law, which says that whenever the government asks for the data a company is holding for whatever reason, the company must turn it over. They have no right to appeal,” said Jim Lewis, senior vice director and president, strategic technologies in the Center for Strategic & International Studies, a foreign policy think institute. Lewis was previously employed by various agencies of the U.S. government, including on Chinese spying.
“If the Chinese government wants to look at the data that ByteDance is collecting, they can do so, and no one can say anything about it,” Lewis explained.
The Chinese government’s track record in relation with human rights as well as the widespread surveillance should be of concern.
“Given the Chinese government’s authoritarian bent and attitudes, that’s where people are really concerned with what they might do,” said Daniel Castro, vice president at the Information Technology and Innovation Foundation an independent, non-partisan, nonprofit think tank.
Particularly, they refer to the 2015 hacking from the Office of Personnel Management in which the hackers have accessed more than 22 million records belonging to U.S. government employees and their families and friends. The hackers responsible for the hack are believed to be operating for an organization called the Chinese government.
“They’ve collected ten of millions of pieces of data on Americans,” said Lewis. “This is big data. In the U.S. they use it for advertising … in China, the state uses it for intelligence purposes.”
Americans who choose to sign up for TikTok should use it with the knowledge that they could be giving their data to an Chinese company that is subject of the Chinese government, according to Bill Evanina, CEO of Evanina Group, which provides companies with risk-based advice for decisions on geopolitics that are complex.
“When you’re going to download TikTok … and you click on that ‘I agree to terms’ — what’s in that is critical,” Evanina explained.
Some experts, however they are worried about the possibility that TikTok is a security risk.
Graham Webster, editor in chief of the Stanford New America DigiChina Project of the Stanford University Cyber Policy Center The majority of the information that TikTok collects could equally easily be collected from the Chinese government using other services. China doesn’t require its own app for consumers to take advantage of Americans the data of their citizens, he claimed.
“I find it to be a very low-probability threat model for actual national security concerns,” Webster stated.
What TikTok could do to ease anxiety
While TikTok is waiting to find out what the Biden administration will proceed and what steps the company can take, it could make a few steps to provide the president as well as the American people with the assurance that their information won’t be used in a way that isn’t.
One of the first steps is to get TikTok become more open in what its methods of collecting data are. Experts in cybersecurity, specific information will go a long way towards establishing its credibility.
Jason Crabtree, CEO of cybersecurity firm Qomplex was previously an advisor to the U.S. Army Cyber Command during the Obama administration. He stated TikTok must be clear about the data it gathers as well as the location it is kept, how long it’s kept for and the employees of the organizations are able to access the information.
An TikTok document says that TikTok has its U.S. user data in Virginia and has a backup system in Singapore and tight controls on access for employees. The company doesn’t specify what data is collected from users however, stating that “the TikTok app is not unique in the amount of information it collects, compared to other mobile apps.” The company states that it keeps information “for as long as it is necessary to provide you with the service” or “as long as we have a legitimate business purpose in keeping such data or where we are subject to a legal obligation to retain the data.” The company further states that users can make the request to see or erase their data and TikTok will respond in accordance with applicable laws.
“If all those things are documented and attested to, you have a much better shot at explaining to the U.S. public, to regulators and other interested parties why this is no issue to consumers,” Crabtree explained. “If you don’t or are unwilling to provide real clarity then that’s something people should rightfully be really concerned about.”
Another strategy is to allow ByteDance to continue in the direction it presented at the end in the Trump presidency and then sell TikTok to an U.S. company that Americans already trust. Following the time that Trump issued the order that could have prohibited TikTok The company then entered discussions with Microsoft but couldn’t come to an agreement. At one time, there was a deal to sell minor shares to Walmart and Oracle however, the deal was never concluded. For certain cyber security professionals, something less of this isn’t enough to warrant confidence in TikTok’s handling American information.
“As long as TikTok is a subsidiary of ByteDance, I certainly will not be satisfied with any purported technological fixes,” Cunningham declared.
Instead of focusing exclusively at TikTok as well as Chinese apps instead, rather than focusing on Chinese apps, the U.S. should make stronger privacy laws to safeguard Americans from all tech companies, not just those that have ties to hostile countries, Webster said.
“The solution ought to be comprehensive privacy protection for everyone, protecting you from American companies and Chinese companies,” Webster declared.
