Audio files from TikTok meeting show U.S. user data accessed from China

Sicherheit (Pexels, allgemeine Nutzung)[German]It is quite explosive: Bytedance, the Chinese owner of the video platform TikTok, has always claimed that data from US users is not transferred to China. Ex-US President Trump had forced Bytedance to keep the TikTok data on US servers. Leaked audio files of 80 internal TikTok meetings now show that US user data was repeatedly accessed from China. So the concerns of the U.S. security authorities were probably not without merit.


Advertising

The video platform TikTok is very successful among young people. But there are serious privacy concerns among Western governments, especially the U.S. administration. The U.S. government under former President Donald Trump tried to ban the Chinese TikTok app along with its service in the U.S. unless the U.S. business was sold to a U.S. technology company (see also Bill Gates Interview about COVID-19, Trump, TikTok). There was the announcement by the US Commerce Department, which, on the orders of the US President, banned US citizens from downloading the TikTok app in US app stores. The whole thing was then stopped again by US judges. 

TikTok moves to Oracle servers

Then there was the news TikTop bought by Oracle and Walmart. The days TikTok announced, that 100% of US user traffic will be routed to Oracle Cloud Infrastructure. TikTok has long stored US user data in its own data centers in the US and Singapore. TikTok says its own Virginia data center has physical and logical security controls, such as secured access points, firewalls and intrusion detection technologies. It is also important to store backup data to prevent disaster situations where user data could be lost. The Singapore data center serves as backup data storage for our U.S. users, it says.

But after a year of working with Oracle, it said it has implemented various measures to better protect the TikTop app, TikTok systems and the security of U.S. user data. TikTok has changed the default location of U.S. user data. The operator still uses its data centers in the U.S. and Singapore to back up data. But over the course of the next work, TikTok is expected to delete U.S. users' private data from its own data centers and move entirely to Oracle Cloud servers in the U.S. Reuters has published an article on the matter here.

China had access after all

For years, TikTok has responded to privacy concerns by promising that information about users in the United States is stored in the United States and not in China, where ByteDance, the video platform's parent company, is based.

U.S. site Buzzfeed News appears to have gained access to audio files of 80 internal TikTok meetings, and the call recordings pack a punch. The audio recordings include 14 statements from nine different TikTok employees that suggest engineers in China had access to U.S. data at least between September 2021 and January 2022. "I feel like there's a backdoor in almost all of these tools to access user data," said an outside auditor tasked with helping TikTok cut off Chinese access to sensitive information such as Americans' birthdays and phone numbers, Buzzfeed News quotes from those recordings here.


Advertising

According to the leaked audio recordings of more than 80 internal TikTok meetings, China-based ByteDance employees repeatedly accessed nonpublic data about U.S. TikTok users – exactly the kind of behavior that prompted former President Donald Trump's threat to ban the app in the United States.

The explosiveness also arises because there is sworn testimony from a TikTok executive in an October 2021 Senate hearing that a "world-renowned, U.S.-based security team" decides who gets access to that data. Now available in the interview transcripts are nine statements from eight different employees describing situations in which U.S. employees had to turn to their counterparts in China to find out how U.S. user data flowed. According to the tapes, the U.S. employees did not have permission or knowledge of how to access the data themselves.

""Everything is seen in China," a member of TikTok's trust and security department, aut the Buzzfeed News article, said in a September 2021 meeting. In another September meeting, a director referred to a Beijing-based engineer as a "master admin" who "has access to everything." BuzzFeed News does not name names in the article to protect employee privacy. Quote from Buzzfed News article:

The records range from small-group meetings with company executives and consultants to presentations to the entire workforce. They are backed up by screenshots and other documents, providing a wealth of evidence that supports earlier reports of China-based employees accessing U.S. user data.

The content of the tapes shows that the data was accessed much more frequently and more recently than previously reported, and paints a comprehensive picture of the challenges the world's most popular social media app faced in trying to separate its U.S. operations from those of its parent company in Beijing.

Ultimately, the tapes suggest that the company may have misled lawmakers, its users and the public by downplaying that data stored in the U.S. could still be accessed by employees in China.

So it looks like former U.S. President Trump or his intelligence people were right in their distrust of TikTok. The question remains, when will politicians in Europe wake up to this?


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).