While TikTok has always declared that it prevents any transfer or consultation data from its users to China, where ByteDance, its parent company, is located, an internal exchange leak today seems to prove the opposite. According to a set of 80 audio recordings from internal company meetings, revealed on Friday June 17 by the American media BuzzFeedengineers of the video-sharing application had access from China to the information of American users, at least between September 2021 and January 2022, And this “much more frequently than previously reported”.
Records viewed by BuzzFeed reveal the existence of a “main administrator” in Beijing which would have “access to everything”. ” Everything is seen in China,” So says in one of the audio files a member of TikTok’s trust and safety department. Statements from eight employees show that American staff had to turn to their colleagues across the Pacific to find out how the data of their fellow citizens circulated. They didn’t have permission to access it on their own.
Servers accessible to the Chinese government
According BuzzFeed, the social network would have misled lawyers and users. TikTok has been negotiating for two years with the Committee for Foreign Investment in the United States an agreement called “Project Texas”, which aims to protect the data of users in the United States from potential intrusion by Chinese authorities. For this, all personal information, such as telephone numbers and birthdays, must be stored exclusively on a secure server in Texas, managed by the American cloud company Oracle.
In the analysis of records, BuzzFeed discovered that a significant amount of additional information, such as public videos and comments left under posts, would not be stored on these protected servers, but on a server in Virginia owned by TikTok, which potentially leaves the Chinese parent company access it at will. However, these data, even if they may not seem sensitive, make it possible to establish the precise profile of a user.
The day of the revelations BuzzFeedTikTok has publicly announced that it is changing where user information is stored so that “100% US traffic” passes through Oracle servers, their old data centers in the United States and Singapore only serving as a backup in the event of an incident. “Physical location doesn’t matter if the data is still accessible from China”however reacts to BuzzFeed Adam Segal, director of the Cyber and Digital Policy Program at the US think tank Council on Foreign Relations. According to him, letting employees in China have access to this information is to take the risk that it ends up in the hands of their government.
TikTok under heavy surveillance for two years
These revelations contradict the official discourse of TikTok which, criticized for its potential collusion with the Chinese Communist Party, has repeatedly affirmed its independence and its commitment to data protection. In 2020, the social network declared that it wanted to reduce access between regions “so that, for example, employees in the Pacific region, including China, have minimal access to user data in Europe and the United States”. TikTok reacted to the revelations of BuzzFeed by declaring “to be among the most watched platforms” and “to work to remove all doubts about the security of the data of its American users”.
The major fear of the United States has always been that Beijing uses the application to more than a billion users to spy on them. In 2020, Donald Trump had also tried to ban the social network. “Their data collection is a threat that can allow the Chinese Communist Party to access personal information of American citizens”, advanced the former president. The firm then replied that it had never shared such information with the Chinese government. Since February, the Biden administration has been looking at measures to improve monitoring of apps like TikTok, which can be used “by foreign adversaries to steal or obtain data”.