Business News Digital Legal Top Stories

US Senators hit out at TikTok over latest data security allegations

By | Published on Thursday 8 June 2023


Political pressure continues to build on TikTok, with two US senators writing to the video-sharing app’s CEO Shou Zi Chew about recent media reports that claim data linked to American users is being stored in or accessed from China. That’s “despite repeated public assurances and Congressional testimony that TikTok data was kept in the United States”, senators Richard Blumenthal and Marsha Blackburn reckon.

Concerns have been expressed across the political spectrum, of course, that the Chinese government has access to TikTok user-data from around the world via the app’s China-based owner Bytedance. Despite TikTok denying that there are any data security issues on its platform, those concerns have led to multiple governments banning their employees from using the app on official devices.

Wider bans have also been proposed. India actually outlawed use of the app back in 2020, while more recently the US state of Montana passed a law that will ban the downloading or distribution of the app within the state from next year.

Former American President Donald Trump also tried to instigate a US-wide ban when he was still in power and, while Joe Biden ended those efforts, Democrats as well as Republicans continue to voice concern.

TikTok has been busy trying to allay the fears of its critics. Back when Trump was trying to ban the app, it began working on what is now referred to as Project Texas, an alliance with American tech firm Oracle to ensure data about US users is stored on US-based servers.

Meanwhile Chew himself has had something of a higher profile of late as part of the company’s lobbying efforts. And that included appearing before the House Committee On Energy And Commerce in US Congress.

Those media reports raised by Blumenthal and Blackburn were published by Forbes and the New York Times last month. Forbes claims, the senators note, that “for several years, TikTok has stored the sensitive financial information of US TikTok creators in China, including social security numbers and tax information”.

Meanwhile the New York Times “found that TikTok employees regularly share user-data on an internal messaging app owned and controlled by Bytedance, a tool named Lark”, data from which is stored on servers in China.

“These reports directly contradict statements you and other TikTok representatives have made to the public and under oath before Congress about where TikTok stores US user-data and the ability of employees in China to access that information”, the senators then claim.

They say that both Chew himself, when he spoke in the House – and TikTok Head Of Public Policy Michael Beckerman, when he spoke before a Senate committee last year – insisted that US user-data was stored on US servers with back-ups in Singapore.

They then add that – in neither of those testimonies, nor in a letter exchange between TikTok and the Senate committee – “did you mention that TikTok stores user-data in China, or that information about US users – including sensitive information like photos and driver’s licences or reports containing illegal materials like child sexual abuse materials – would be shared on Lark, and therefore accessible to Bytedance employees”.

“TikTok has also repeatedly made misleading and inaccurate representations to the American public about the security of private information”, the senators’ letter goes on. “For example, in a blogpost from June 2022, TikTok assured that ‘TikTok has long stored US user-data in our own data centres in the US and Singapore’ and ‘100% of US user traffic is being routed to Oracle cloud infrastructure'”.

And “in a Myths Vs Fact document published about Project Texas … TikTok states that ’employees of [Bytedance] are restricted from access to US user databases, with no exceptions’. Again, these claims do not appear to be accurate”.

With that in mind, the senators conclude: “We are deeply troubled by TikTok’s recurring pattern of providing misleading, inaccurate or false information to Congress and its users in the United States, including in response to us during oversight hearings and letters”. They then ask Chew a series of questions about TikTok’s management of user-data, requesting responses by 16 Jun.

Commenting on the correspondence from Blumenthal and Blackburn, TikTok spokesperson Alex Haurek told reporters: “We are reviewing the letter. We remain confident in the accuracy of our testimony and responses to Congress”.

Adding to those recent reports in Forbes and the New York Times, yet more allegations have come to light against TikTok and its owner Bytedance via a wrongful dismissal lawsuit that has been filed by a former US-based employee of the parent company.

According to the Wall Street Journal, in that litigation, Yintao Yu claims that – when he worked for the company in 2017 and 2018 – the Chinese Communist Party had access to TikTok user-data connected to anti-government protesters and civil rights activists in Hong Kong. And, not only that, but Bytedance provided a “backdoor channel” via which party officials could also access US user-data.

A TikTok spokesperson has strongly denied those allegations, telling reporters: “We plan to vigorously oppose what we believe are baseless claims and allegations in this complaint. Mr Yu worked for Bytedance Inc for less than a year and his employment ended in July 2018. During his brief time at the company, he worked on an app called Flipagram, which was discontinued years ago for business reasons”.

They then added: “It’s curious that Mr Yu has never raised these allegations in the five years since his employment for Flipagram was terminated in July 2018. His actions are clearly intended to garner media attention”.