US user data is safe, TikTok CEO tells senators, amid fresh scrutiny over China tech giant’s access

‘We aim to remove any doubt’ about information security, says Shou Zi Chew in letter to Republican senators after report ByteDance staff have frequent access
Popular video app’s top official acknowledges data access exists for staff based outside US while noting present efforts with Washington to restrict it

TikTok

Owen Churchill

Published: 5:25am, 2 Jul 2022

Why you can trust SCMP

TikTok’s CEO has written to nine Republican senators to outline new efforts by the popular video app to protect US user data, amid renewed congressional scrutiny of access to that information by employees of its Chinese parent company, ByteDance.

“We know we are among the most scrutinised platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” Shou Zi Chew wrote in the letter, which was dated Thursday and obtained by The New York Times.

Steps taken by the company to address data security concerns included an initiative called “Project Texas”, a series of protocols to restrict data access being created in coordination with the US government, Chew wrote.

TikTok had not yet publicised the effort due to the confidentiality of its engagement with the US government, “but circumstances now require that we share some of that information publicly”, wrote Chew.

US President Joe Biden last year revoked an executive order by his predecessor that would have paved the way for banning TikTok and Chinese messaging app WeChat. His administration has even sought to educate the US public on its policy priorities via major TikTok influencers.

But the app remains firmly in the crosshairs of federal watchdogs.

Chew indicated in his letter that TikTok remained under a review by the Committee on Foreign Investment in the United States, the government panel that assesses national security risks of foreign investment into or ownership of US entities.

Amid the sustained scrutiny, TikTok has moved all its US user data to cloud servers operated by US cloud computing company Oracle, though it continues to store backups in its own data centres in the US and Singapore. Chew said TikTok expected to eventually delete those backups as it pivoted “fully” to the Oracle platform.

TikTok’s London controversy shows culture clash as Chinese firms go abroad

The group of senators had written to Chew earlier this week seeking answers from him, following reporting by BuzzFeed that alleged frequent access by ByteDance staff to TikTok user data, including one engineer who had “access to everything”.

Despite congressional testimony by a TikTok executive last year that data access was determined by a US-based security team, BuzzFeed cited numerous employees who said US staff had to turn to China-based colleagues for help in accessing US user data.

Chew said the article contained insinuations “not supported by facts”. But he did not deny that employees based in China had access to US user data.

“Employees outside the US, including China-based employees, can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorisation approval protocols overseen by our US-based security team,” he wrote.

The level of approval required for such access would be based on the sensitivity of the data in question, Chew added. Oracle would also be involved in screening access requests to “validate compliance” with the new protocols.

Dating back to the administration of former US President Donald Trump, which came close to banning use of the app in the US, much of Washington’s scrutiny of TikTok has centred on concerns that Beijing could force the company to surrender sensitive US user data.

Even though TikTok said it was willing to work with foreign governments on “valid” law enforcement requests, Chew wrote in his letter that the company had never been asked to hand over user data to Chinese authorities and would not accede in such a scenario.

“We have not provided US user data to the [Chinese Communist Party], nor would we if asked,” he said.

Biden eyes new ways to bar China from scooping up US data

The senior Republican on the Federal Communications Commission (FCC), the US government’s communications regulator, this week called on Apple and Google to remove TikTok from their respective app stores, citing concerns raised by BuzzFeed’s reporting.

“TikTok’s pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive US user data … puts it out of compliance with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores,” FCC commissioner Brendan Carr wrote in a letter to the two tech giants.

Neither Apple nor Google responded to requests for comment about Carr’s appeal.