 |
| Tik Tok allows its employees in China to see the data of its American users |
ByteDance employees in China have repeatedly accessed non-public data of TikTok users in the United States, an action that inspired former President Donald Trump to threaten to ban the app in the United States.
Engineers in China can access US data from at least September 2021 to January 2022.
In many cases, US employees have had to communicate with colleagues in China to find out how user data is flowing in the US. US employees do not have permission or do not know how to access the data themselves.
The company misled lawmakers, users and the public by downplaying the importance of data stored in the US that Chinese employees can still access.
ByteDance is currently trying to forward data so that certain proprietary data cannot flow from the US to China, an effort known internally as Project Texas.
The vast majority of cases where Chinese employees gain access to US user data serve the Texas Project's goal of blocking access to that data.
The Texas project is key to the deals TikTok is currently negotiating with cloud provider Oracle and the US Committee for Foreign Investment.
As part of the CFIUS agreement, TikTok stores US users' protected private information such as phone numbers and birthdays only in data centers operated by Oracle in Texas.
Only TikTok employees who live in the US can access the data. However, what data will be considered protected is still under negotiation.
It seems that all public data, including users' public profiles and anything they post, is left unprotected.
Lawmakers' concerns stem from the Chinese government's ability to access US data via ByteDance.
The root of these concerns is that Chinese companies are at the whim of the Chinese Communist Party, which cracked down on local tech giants last year.
Frequent access to data on Americans from China
The danger is that the government may force ByteDance to collect and provide information in the form of data espionage.
Another concern is that the Chinese government's soft power could affect how ByteDance executives direct their American counterparts to fine-tune the TikTok For You algorithm, which recommends videos to more than a billion users.
Senator Ted Cruz described TikTok as a Trojan horse that the Chinese Communist Party can use to influence what Americans see, hear and think.
The Texas plan's narrow focus on securing specific US user data, while allowing the Chinese government to purchase much of that data from data brokers, fails to address concerns that China could exploit the influence of TikTok via ByteDance. work behavior. or culturally or politically for Americans.
TikTok has said in public statements and announcements that it will store all data about its US users in the US, with backups in Singapore. This reduces some of the risks. The company said the data was not subject to Chinese law. However, this ignores the fact that Chinese employees have access to the data.
The physical location of the data store does not matter if it is still available from China. The concern is that while the Chinese can still access the data, it may still be in the hands of Chinese intelligence.
TikTok itself acknowledged access issues in 2020. She wrote: “Our goal is to reduce data access across regions, for example, employees in Asia Pacific, including China, have limited access to user data in the European Union and the European Union.
Upon completion, the Texas project is expected to fill this gap with limited data. However, employees face many challenges in finding and closing channels that allow data to flow from the United States to China.
The danger remains
Tik Tok has several internal tools that allow data flow. These include data visualization, content modification, and monetization tools that are background in user data.
Also, in many cases, the people responsible for some internal tools do not understand the components of those tools. There are items in the tool whose purpose no one knows.
The complexity of the company's internal systems and how they enable data flows between China and the United States underscores the challenges faced by US Technical Services, a new team of engineers on the Texas project.
To prove that the US Technical Services team is independent of ByteDance in China, not everyone can join the team. Chinese citizens are not allowed to participate.
The team works to control and manage access to sensitive data in the United States. But it is affiliated with ByteDance management in China. He also received his instructions from the headquarters in Beijing.
TikTok, through Project Texas, aims to ensure the security of data stored on Oracle servers. Also, it cannot be accessed from China or from anywhere else in the world.
However, this only includes data that is not publicly available through the application, such as: b. Content that is in draft form or set to private, or information such as users' phone numbers and birthdays that is collected but does not appear in their profiles.
Also, unique identifiers are not proprietary information. The meaning of UID is not clear. However, it can refer to an ID of a specific TikTok account or device.
UIDs are usually used by ad technology companies like Google and Facebook to link your actions into apps.
Tik Tok signs agreement with Oracle
TikTok continues to negotiate which data is protected. But in the US, little user data is stored exclusively on Oracle servers. Add public videos, bios, and reviews.
Instead, the data is stored in the company's data center in Virginia. Even after the completion of the Texas project, access to the center from ByteDance's Beijing offices will continue.
This allows Chinese employees to continue to better understand what interests US users.
It appears that Oracle has given TikTok a great deal of flexibility in how it operates its data centers. Oracle provides the physical data storage space for the Texas project, while TikTok controls the software layer.
Details of the agreement between CFIUS, TikTok and Oracle will be discussed starting in January 2022.
Although Project Texas aims to block access to details that are most sensitive to Americans and located on TikTok servers. However, there are still questions about how ByteDance employees in China can be prevented from accessing the data.