TikTok is having a rough week.
The app’s parent company, ByteDance, is based in Beijing, and how it handles the safety of U.S. user data has been under significant scrutiny since 2019. But in the last couple of years, after the Biden administration cancelled a potential ban proposed by the Trump administration, and TikTok swore to the Senate Commerce Committee that a stateside security team controls access to users’ data, the regulatory pressure seemed to ease.
That is, until June 17, when a report from BuzzFeed News combed through more than 80 recordings of internal TikTok meetings and found 14 statements from nine different TikTok employees that suggested Chinese engineers had access to U.S. users’ data “between September 2021 and January 2022, at the very least.”
Subscribe for daily Tubefilter Top Stories
The report alleged eight different TikTok employees indicated they needed Chinese engineers’ help to “determine how US user data was flowing.” U.S. engineers reportedly did not know how to access users data on their own.
Following that report, Federal Communications commissioner Brendan Carr wrote an open letter to the CEOs of Apple and Google asking them to remove TikTok from their app stores because it is an “unacceptable national security risk.”
Separately, last Monday, a group of nine Republican senators wrote to TikTok head Shou Zi Chew with a list of questions about the report and concerns that “TikTok’s representative did not provide truthful or forthright answers to the Senate Commerce Committee.”
Now Chew has written an eight-page response to the senators, saying BuzzFeed’s report “contains allegations and insinuations that are incorrect and are not supported by facts.”
Chew claims BuzzFeed’s report got “one thing” right: that the 80+ meetings it listened in on were part of something called Project Texas, aka TikTok’s ongoing plan to cut off Chinese engineers’ access to U.S. data. (BuzzFeed specifically reported that “[i]n the recordings, the vast majority of situations where China-based staff accessed US user data were in service of Project Texas’s aim to halt this data access.”)
Project Texas’ goal is “to make substantive progress toward compliance with a final agreement with the U.S. Government that will fully safeguard user data and U.S. national security interests,” Chew wrote. “We have not spoken publicly about these plans out of respect for the confidentiality of the engagement with the U.S. Government, but circumstances now require that we share some of that information to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business.”
Chew added that as part of Project Texas, TikTok now stores 100% of U.S. user data on cloud servers operated by Santa Clara, California-based tech company Oracle. He said TikTok is working with Oracle “on new, advanced data security controls that we hope to finalize in the near future.”
In response to senators’ specific questions about whether U.S. user data has ever been shared with the Chinese Communist Party (CCP), Chew said the CCP has never requested that data, and if it did, ByteDance would not comply.
“We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data,” Chew said.
BuzzFeed reported on Project Texas back in March, describing it as a scramble involving thousands of TikTok employees pushing to create U.S.-only versions of core TikTok systems like its For You page recommendation algorithm and tracking and analytics tools.
Once Project Texas is complete, a new team called U.S. Tech Services (USTS) will be in control of U.S. data and systems, BuzzFeed reported. As of March, TikTok was reportedly in the process of figuring out how to restrict Beijing-based managers’ access to USTS information.
In its June 17 report, BuzzFeed cited one recording where an employee expressed concerns that even after Project Texas is wrapped, ByteDance’s product and engineering teams “can still figure out how to get access” to U.S. users’ data, “because in the end of the day, it’s their tools. They built them all in China.”
