The panel said China-based employees of TikTok’s parent company ByteDance repeatedly accessed sensitive US user data “in violation of several public representations”.
The Senate Intelligence Committee sent a letter to the Federal Trade Commission asking it to open an investigation into whether TikTok misled US lawmakers about the access to US user data by employees of its parent company, ByteDance in China.
The letter, signed by committee chair Senator Mark Warner and Senate Vice Chairman Marco Rubio, cites “repeated misrepresentations by TikTok regarding data security, data processing, and corporate governance practices.”
Refers to the BuzzFeed News bomb Report That ByteDance employees in China regularly accessed sensitive user data in the US in early 2022, according to leaked audio from more than 80 internal meetings about TikTok’s efforts to reduce data flows from the US to China through a deal with cloud provider Oracle. (TikTok has since confirmed that ByteDance employees in China have access to sensitive user data in the United States.)
“While TikTok has suggested that moving to US storage from a US cloud service provider mitigates any risk of unauthorized access, these latest discoveries raise concerns about the reliability of TikTok representations,” Warner and Rubio wrote.
The letter also highlights BuzzFeed News reports that TikTok employees working with sensitive user data in the United States continue to report to ByteDance executives in Beijing, despite TikTok’s recent claims to the Senate Intelligence Committee that “all corporate governance decisions Fully blocked by their firewall in the People’s Republic of China. One parent, ByteDance.”
TikTok and ByteDance did not immediately respond to a request for comment. The Federal Trade Commission confirmed receipt of the letter, but declined to comment.
TikTok has been under scrutiny since 2019, when the Committee on Foreign Investment in the United States (CFIUS) began investigating ByteDance’s acquisition of Musical.ly, the app that became TikTok, as a potential national security risk. CFIUS declined to comment.
In 2020, concerns that the Chinese government might use TikTok’s vast collection of data to monitor US citizens prompted then-President Donald Trump to threaten to block the app unless it was sold to a US company. The ban never happened, but TikTok has instead started working with CFIUS and Oracle to restrict access to some sensitive data about US users who are ByteDance employees in China, an effort called Texas Project.
While TikTok and ByteDance have publicly downplayed their relationship and asserted that US user data is stored in the US, Leaked Meetings About The Texas Project Disclose the extent to which employees residing in China have access to this data. “Everything is seen in China,” a member of TikTok’s trust and safety department said at a meeting in September 2021.
The disclosure revived lawmakers’ concerns about ByteDance’s relationship with TikTok and TikTok’s plans to protect US data. On June 24, six senators sent a message To the Treasury he asks for details of the negotiations between TikTok and CFIUS, which reports to the Treasury. On June 28, Federal Communications Commissioner Brendan Carr called for Apple and Google to remove TikTok from their app stores.
On the same day, nine Republican senators also posted a TikTok a messageasking questions about ByteDance employees in China’s access to US user data and raising concerns that TikTok’s head of public policy for the Americas Michael Pekerman “did not provide honest or candid answers to the Senate Commerce Committee” at a 2021 hearing.
TikTok responded to the message by saying that ByteDance employees outside the US can access sensitive US data, as long as they are authorized to do so by a US-based security team. The letter does not address the fact that employees authorized to work with US user data (including the new US Technical Services team, which was set up as part of the Texas project) are reporting to ByteDance’s leadership in Beijing.