On Friday, Chinese-owned TikTok announced that it had completed the migration of its American user data to U.S.-based servers, ending a years-long debate between the company and the U.S. government. The announcement came within hours of a new report saying that U.S. user data has been accessed from China.
According to a Friday report, leaked audio from more than 80 internal, China-based TikTok meetings were cited. ByteDance has a stake in TikTok. The recordings include statements from nine employees who admitted they had access to user data.
The contents of the leaked audio were not confirmed by Gizmodo.
The leaked audio raises questions about the commitment of TikTok executives to the U.S. lawmakers. Eight different employees said they weren't given permission to access data on their own and had to turn to their China-based colleagues for approval. According to one recorded consultant, fourteen of the recordings involved conversations with or about Booz Allen Hamilton employees, who were brought on to help with data migration efforts.
A member of TikTok's Trust and Safety department admitted during a September 2021 meeting that "everything is seen in China." One TikTok data analyst is said to have told a colleague that he got his instructions from Beijing.
TikTok didn't respond to Gizmodo's request for comment and didn't reply to the allegation.
A TikTok spokesman said that they aim to remove any doubts about the security of US user data. We hire experts in their fields, constantly work to verify our security standards, and bring in third parties to test our defenses.
The migration of U.S. user data was mentioned in a post on the BuzzFeed website. TikTok has claimed previously that user data was held in Virginia and Singapore. The company says that 100% of U.S. user data will be routed through the cloud. As backups, the Virginia and Singapore server will be used.
We are dedicated to earning and maintaining the trust of our community and will continue to work to protect our platform and provide a safe, welcoming, and enjoyable experience for our community.
While TikTok has moved U.S. user data out of Chinese server, the fact that China-based employees can still allegedly access that data worries some experts. Adam Segal is the Director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
It is not clear how much of a difference the data hosting will make. Users data, including video bios and comments, may still be stored in the previous U.S.-based Virginia data center, according to leaked recordings. The report claims that Chinese-based ByteDance employees may still have access to that data center's information.
The history of TikTok in the U.S. has been a mess. Lawmakers have been wondering if TikTok could be used as an espionage tool. The former president signed an executive order threatening to ban the app if ByteDance didn't sell the U.S segment of its business to an American firm. Walmart and Microsoft were among a number of U.S. companies that feigned interest in the app. The two companies decided to move forward as a "trusted technology partner."
The Biden Administration last year acted to cool the temperature around TikTok. Despite Biden stepping back from the Trump era deal, his administration didn't abandon the national security concerns full-bore. The administration is still evaluating how to approach Chinese-owned apps, according to a National Security Council spokeswoman.
A comprehensive approach to securing U.S. data will be developed. The risk posed by Chinese apps and other software that operate in the U.S. is included.
It is possible that the new report could change the temperature.
The White House hasn't responded to Gizmodo's inquiry.