TikTok data of US users repeatedly accessed by China

Leaked audio tapes taken from over 80 internal TikTok meetings indicate that China-based employees of its parent company ByteDance have been able to access non-public data belonging to US-based users.

A series of statements from several employees of the Chinese social networking platform outline how engineers in Beijing had access to US users’ data between September 2021 and January 2022, although there is no reason to believe that these practices had not taken place before or after.

The findings come from a review by BuzzFeed News which had access to these 14 statements from nine different TikTok workers.

Everything is seen in China,” said a member of TikTok’s Trust and Safety department, from recordings of a September 2021 meeting. In another meeting in the same month, one director spoke of a Beijing-based engineer as a “Master Admin” with “access to everything”.

After concerns brought about by former US president Donald Trump who threatened to ban the company due fear of the Chinese Communist Party accessing data, TikTok sought to allay these worries through something it called ‘Project Texas’ that aimed to block sensitive data to flow from the US to China.

A team of consultants were hired in February 2021 to help manage the Project Texas data migration and investigate how data flowed through TikTok and ByteDance’s internal tools.

Yet one of the task force members raised some concern, indicating that a backdoor may exist between US users and the central Beijing offices.

“I feel like with these tools, there’s some backdoor to access user data in almost all of them,” said an external auditor.

Chinese laws indicate CCP access to data

Concern over China’s ability to digitally snoop on users of Chinese-owned businesses and data providers abroad comes from Article 7 of the country’s 2017 National Intelligence Law, which requires any organisation to support, provide assistance and cooperate in “national intelligence work” of the Chinese Communist Party.

In addition, there is Article 22 of the 2014 Counter-Espionage Law which requires Chinese organisations and individuals to hand over information to the government during any “counter-espionage investigation”.

TikTok has always denied US snooping

In a statement its content moderation and data security practices in October 2019, TikTok claimed that it could nothing of the sort.

“We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law,” part of the statement reads.

“Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.”

However, the leaked audio tapes taken from over 80 internal TikTok meetings seem to indicate otherwise.