TikTok employees in China have secret access to US user data, leaked meetings suggest
Leaked audio of over 80 internal meetings suggest that ‘everything is seen in China’ according to one employee
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.TikTok data from users in the United States has been allegedly transferred to China and accessed by the social media app’s parent company ByteDance.
The news, which broke via leaked recordings of over 80 internal TikTok meetings, mirrors the allegations made by former president Donald Trump as he proposed a ban on the app in the United States – something which, ultimately, did not happen.
Buzzfeed News, which first broke the story, said that the recordings included 14 statements from nine different TikTok employees suggesting that engineers in China had access to US data between September 2021 and January 2022 at least.
“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another recording, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.”
Buzzfeed News alleged that “the tapes suggest that the company may have misled lawmakers, its users, and the public by downplaying that data stored in the US could still be accessed by employees in China.”
TikTok is reportedly working on ‘Project Texas’, a way to redirect “protected” data so that it does not flow into China. What counts as “protected” is still being debated inside the company.
“The conversation continues to evolve,” the company’s head of product and user operations said. “We recently found out that UIDs [unique IDs] are things we can have access to, which changes the game a bit.”
What a ‘unique ID’ means in this context is unclear; it could be an identifier for a specific account or a specific device.
It appears that a lot of US user data – including public videos, bios, and comments – would not be exclusively stored in the United States.
TikTok, as this story developed, said in a blog post that 100 per cent “of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US.”
Oracle was announced to be purchasing TikTok in September 2020 to avoid former president Trump’s ban, but the deal fell through.
However, TikTok’s head of global cyber and data defense reportedly said in the conversations that while Oracle would be providing the physical data storage space for Project Texas, TikTok would control the software layer.
“It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our [virtual machines] on top of it”, they said.
TikTok says that it physically stores all data in the United States, but that seemingly does not stop employees in China from accessing it. “I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting”, one employee reportedly said.
In a statement to Buzzfeed, TikTok said: "We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses."
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments