***The Iowa Standard is an independent media voice. We rely on the financial support of our readers to exist. Please consider a one-time sign of support or becoming a monthly supporter at $5, $10/month - whatever you think we're worth! If you’ve ever used the phrase “Fake News” — now YOU can actually DO something about it! You can also support us on PayPal at [email protected] or Venmo at Iowa-Standard-2018 or through the mail at: PO Box 112 Sioux Center, IA 51250

U.S. Senate Select Committee on Intelligence Vice Chairman Marco Rubio (R-FL) and Chairman Mark Warner (D-VA) sent a letter to Federal Trade Commission (FTC) Chairwoman Lina Khan requesting that the FTC formally investigate TikTok and its parent company, ByteDance. The senators’ call comes in response to recent reports that the social media platform has permitted TikTok engineers and executives in the People’s Republic of China (PRC) to repeatedly access U.S. users’ private data, despite repeated claims to lawmakers and users that this data was protected. This includes instances in which staff based in the United States had to consult with their PRC-based colleagues for information about U.S. user data as they did not have access to the data on their own.

The report also highlights TikTok’s misrepresentation of the company’s relationship to ByteDance and its subsidiaries, including Beijing-based ByteDance Technology, which is partially owned by the Chinese Communist Party (CCP). These revelations undermine longstanding claims by TikTok’s management that the company’s operations were firewalled from the CCP’s demands.

Advertisement

“We write in response to public reports that individuals in the People’s Republic of China (PRC) have been accessing data on U.S. users, in contravention of several public representations, including sworn testimony in October 2021,” the senators wrote.“In light of this new report, we ask that your agency immediately initiate a Section 5 investigation on the basis of apparent deception by TikTok, and coordinate this work with any national security or counterintelligence investigation that may be initiated by the U.S. Department of Justice.”

“TikTok’s Trust and Safety department was aware of these improper access practices and governance irregularities, which – according to internal recordings of TikTok deliberations – offered PRC-based employees unfettered access to user information, including birthdates, phone numbers, and device identification information,” the senators continued. “Recent updates to TikTok’s privacy policy, which indicate that TikTok may be collecting biometric data such as faceprints and voiceprints (i.e. individually-identifiable image and audio data, respectively), heighten the concern that data of U.S. users may be vulnerable to extrajudicial access by security services controlled by the CCP.”

The full text of the letter is below.

Dear Chairwoman Khan:

We write in response to public reports that individuals in the People’s Republic of China (PRC) have been accessing data on U.S. users, in contravention of several public representations, including sworn testimony in October 2021. In an interview with the online publication Cyberscoop, the Global Chief Security Officer for TikTok’s parent company, ByteDance, made a number of public representations on the data security practices of TikTok, including unequivocal claims that the data of American users is not accessible to the Chinese Communist Party (CCP) and the government of the PRC. As you know, TikTok’s privacy practices are already subject to a consent decree with the Federal Trade Commission, based on its improper collection and processing of personal information from children. In light of this new report, we ask that your agency immediately initiate a Section 5 investigation on the basis of apparent deception by TikTok, and coordinate this work with any national security or counter-intelligence investigation that may be initiated by the U.S. Department of Justice.

Additionally, these recent reports suggest that TikTok has also misrepresented its corporate governance practices, including to Congressional committees such as ours. In October 2021, TikTok’s head of public policy, Michael Beckerman, testified that TikTok has “no affiliation” with another ByteDance subsidiary, Beijing-based ByteDance Technology, of which the CCP owns a partial stake. Meanwhile, as recently as March of this year, TikTok officials reiterated to our Committee representations they have previously made that all corporate governance decisions are wholly firewalled from their PRC-based parent, ByteDance. Yet according to a recent report from Buzzfeed News, TikTok’s engineering teams ultimately report to ByteDance leadership in the PRC.

According to this same report, TikTok’s Trust and Safety department was aware of these improper access practices and governance irregularities, which – according to internal recordings of TikTok deliberations – offered PRC-based employees unfettered access to user information, including birthdates, phone numbers, and device identification information. Recent updates to TikTok’s privacy policy, which indicate that TikTok may be collecting biometric data such as faceprints and voiceprints (i.e. individually-identifiable image and audio data, respectively), heighten the concern that data of U.S. users may be vulnerable to extrajudicial access by security services controlled by the CCP.

A series of national security laws imposed by the CCP, including the 2017 National Intelligence Law and the 2014 Counter-Espionage Law provide extensive and extra-judicial access opportunities for CCP-controlled security services. Under these authorities, the CCP may compel access, regardless of where data is ultimately stored. While TikTok has suggested that migrating to U.S.-based storage from a U.S. cloud service provider alleviates any risk of unauthorized access, these latest revelations raise concerns about the reliability of TikTok representations: since TikTok will ultimately control all access to the cloud-hosted systems, the risk of access to that data by PRC-based engineers (or CCP security services) remains significant in light of the corporate governance irregularities revealed by BuzzFeed News. Moreover, as the recent report makes clear, the majority of TikTok data – including content posted by users as well as their unique IDs– will remain freely accessible to PRC-based ByteDance employees.

In light of repeated misrepresentations by TikTok concerning its data security, data processing, and corporate governance practices, we urge you to act promptly on this matter.

Sincerely,

Related:

(adsbygoogle = window.adsbygoogle || []).push({});

LEAVE A REPLY

Please enter your comment!
Please enter your name here