Wicker, Colleagues Demand Answers From TikTok CEO on Backdoor Data Access For China
June 29, 2022
WASHINGTON - U.S. Senator Roger Wicker, R-Miss., joined a letter with eight of his colleagues to the CEO of TikTok, Shou Zi Chew, following reports about the company giving Beijing backdoor access to private user data. Senator Wicker was joined on the letter by Sens. Marsha Blackburn, R-Tenn., John Thune, R-S.D., Roy Blunt, R-Mo., Ted Cruz, R-Texas, Jerry Moran, R-Kan., Shelley Moore Capito, R-W.Va., Cynthia Lummis, R-Wyo., and Steve Daines, R-Mont.
“We are writing about the June 17, 2022, BuzzFeed News report that highlighted how TikTok’s U.S. consumer data was, on multiple occasions, accessed by the companies’ engineers in China. According to BuzzFeed News, the outlet reviewed 14 statements by nine different TikTok employees, each of whom attested to such incidents between September 2021 and January 2022. A member of TikTok’s Trust and Safety Department alleged that ‘everything is seen in China,’ and stated that one Beijing-based engineer had ‘access to everything.’ Further, U.S. employees apparently did not even have the permissions or knowledge needed to access the data,” the Senators wrote.
View full letter here or below.
Dear Mr. Chew:
We are writing about the June 17, 2022, BuzzFeed News report that highlighted how TikTok’s U.S. consumer data was, on multiple occasions, accessed by the companies’ engineers in China. According to BuzzFeed News, the outlet reviewed 14 statements by nine different TikTok employees, each of whom attested to such incidents between September 2021 and January 2022. A member of TikTok’s Trust and Safety Department alleged that “everything is seen in China,” and stated that one Beijing-based engineer had “access to everything.” Further, U.S. employees apparently did not even have the permissions or knowledge needed to access the data.
In October 2021, Michael Beckerman, TikTok’s Head of Public Policy for the Americas, testified before the Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety, and Data Security. In response to questioning, Mr. Beckerman referenced a Citizen Lab report, which said, “our research shows that there’s no overt data transmission to the Chinese government. In our testing, TikTok did not contact any servers within China.” Mr. Beckerman also stated that “U.S. user data is stored in the United States. Our backups are in Singapore. And we have a world-renowned U.S. based security team that handles access to user data.” Additionally, Mr. Beckerman said that TikTok did not provide data to the Chinese government on Chinese persons living in the U.S. or elsewhere, because “TikTok is not available in China.” Finally, he noted that Beijing ByteDance Technology “does not have any relation to the TikTok entity.”
We are very concerned that, in light of these reports, TikTok’s representative did not provide truthful or forthright answers to the Senate Commerce Committee at its subcommittee hearing. It appears that TikTok is now taking steps to deflect from its knowing misrepresentations by changing the way in which “protected” data can be accessed by its employees.
The implications of these findings are stark, but not surprising. Rather, they simply confirm what lawmakers long suspected about TikTok and its parent company, ByteDance—they are using their access to a treasure trove of U.S. consumer data to surveil Americans. And this unfortunately extends beyond consumer data into the national security space. According to a recent article in Task & Purpose, despite a military ban on using TikTok on government-issued devices, the app is widely popular with servicemembers who use it on their personal devices.
We would appreciate answers to the following questions Monday, July 18th, 2022:
1. Is it true that TikTok employees located in China currently have, or had in the past, access to U.S. user data? This could include programmers, product developers, data teams, as well as trust and safety and content moderation professionals.
a. If yes, please explain in detail which employees have or had such access and for what purposes.
b. If the employees had this access in the past but no longer do, please identify the applicable date ranges.
2. TikTok’s privacy policy says you share data you collect with your parent companies and affiliates and that you transmit user information to servers and data centers overseas.
a. Have any ByteDance employees—located in China or elsewhere—had access to U.S. user data, either currently or in the past?
b. What are the locations of the servers and data centers overseas where TikTok transmits U.S. user data?
3. Do any ByteDance employees have a role in shaping TikTok’s algorithm?
4. Do any Douyin employees have any access to American user data or a role in shaping TikTok’s algorithm?
5. In the past, TikTok has said that it has never—nor would it ever—provide user data to the Chinese government, even if asked. Yet your privacy policy says you can disclose data collected to respond to government inquiries.
a. Has TikTok ever disclosed any U.S. user data to respond to government inquiries from the Chinese Communist Party?
b. If the Chinese Communist Party asked you for U.S. user data, what is to stop you from providing it? Can the CCP compel you to provide this data, regardless of response? Can they access it, regardless of response?
c. Has ByteDance ever responded to CCP inquiries on TikTok’s behalf?
d. Has TikTok ever shared U.S. user data with ByteDance for the purpose of responding to a CCP inquiry?
6. Do TikTok employees in the U.S. use software developed by ByteDance, such as Lark?
7. Does ByteDance have any role—either in the past or in the present—in hiring TikTok employees in the U.S.?
8. Does TikTok own or lease its own office space in the U.S., and does ByteDance have any ownership or lease stake in those facilities?
9. Does the Chinese government have an ownership stake or seat on the Board of Directors, or provide personnel in any other leadership position, of the Beijing ByteDance Technology Company?
a. What role does this seat play in impacting decisions made at ByteDance or TikTok?
b. Does this position afford an opportunity for the board member to determine whether and how TikTok or ByteDance will respond to CCP inquiries?
c. Does this position afford an opportunity for the board member to view TikTok user data?
d. Would you be informed, as a matter of policy, if a board member did view the data? If the board member did share the data, in any capacity, with the CCP?
10. How will TikTok’s new cloud service arrangement be structured, and how will the company determine which data is “protected” such that it is not shared with employees or others in China?
11. Why is TikTok not planning to ensure that all U.S. user data is blocked from view of employees or others in China?
We look forward to your responses.
Wicker recently joined a similar letter to Secretary of the Treasury Janet Yellen alongside five other Senators urging the Biden Administration to swiftly address national security concerns stemming from the social media platform.