Concerns over TikTok user data persist

In July of 2020, TikTok, the popular video-sharing service, was deep in talks to sell itself to Microsoft, or possibly Oracle, after the Trump administration suggested that TikTok’s Chinese ownership represented a national security threat. The president was said to be considering an executive order banning the app; ByteDance, TikTok’s China-based parent company, reportedly considered selling a controlling stake in the $100 billion company to a consortium of US investment companies. Trump eventually issued an executive order banning US corporations from doing business with ByteDance, citing alleged security risks posed by Chinese government access to the app’s data as well as allegations that the Chinese government forced TikTok to censor content related to protests. Despite all the furor, ByteDance was never forced to sell, and the issue seemed to fade from view after Joe Biden became president.

Since then, however, TikTok’s command of the social media marketplace has only increased; it now has more than one billion users worldwide. According to a recent report from David McCabe at the New York Times, the subject of TikTok’s ties to China and the potential security risk never went away, and in fact has grown more urgent in recent months—at least for some in Congress, and in the Biden administration. The Times reported that last year, Marco Rubio, the Republican senator from Florida, met with Jake Sullivan, Biden’s national security adviser, and discussed China’s impact on US industrial policy. During that discussion, the Times wrote, Rubio raised concerns about Beijing’s influence over TikTok, and Sullivan said he shared those concerns. Mark Warner, the Democratic senator from Virginia, told the Times he had also been in “active conversations” with the administration about the app.

Such concerns were undoubtedly fueled, in part, by a June report from Emily Baker-White at BuzzFeed News that staffers at ByteDance routinely accessed data on US TikTok users. “For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the US is stored in the US, rather than China,” Baker-White wrote. “But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users.” BuzzFeed reported that this happened despite sworn testimony from a TikTok executive in a 2021 Senate hearing that a “world-renowned, US-based security team” decided who could access such data. “Nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing,” Baker-White wrote.

ICYMI: Democracy and the Liz Cheney narrative

According to the Times report, Rubio and Warner have called for the Federal Trade Commission to investigate the app and its data-storage practices, and Brendan Carr, a Republican member of the Federal Communications Commission, recently asked Apple and Google to remove TikTok from their app stores because of its “pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive US user data.” On Tuesday, Politico reported that Catherine Szpindor, the chief administrative officer for the House of Representatives, issued a “cyber advisory” about TikTok, recommending that members not download or use the app, calling it “a high risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks.”

In a letter to Szpindor obtained by Politico, Michael Beckerman, vice president and head of public policy in the Americas for TikTok, argued that the House cyber advisory contained inaccurate information, which he said “appears to stem from false and misleading allegations made by a security firm based in Australia.” At the same time, ByteDance seems to be doing its best to assuage those and other related concerns, by implementing a new data-handling process at TikTok that, per a report from Baker-White, the company calls “Project Texas.” The project involves sending TikTok’s traffic, and therefore its US user data, through servers belonging to Oracle, which is based in Texas. Oracle is also reportedly vetting TikTok’s algorithms and content moderation.

Sign up for CJR's daily email

Even if all of TikTok’s US user data is being directed through or kept on Oracle’s servers, however, some argue that this doesn’t prevent Chinese staffers and others from accessing that data, at which point it becomes susceptible to seizure by the Chinese government. In addition, security researchers point out that Chinese control of TikTok is about more than who has access to user data. “I’ve never seen a particularly good argument about what the Chinese could get from TikTok data that they can’t get from hundreds of other sources,” Adam Segal, director of the Digital and Cyberspace Policy program at the Council on Foreign Relations, told BuzzFeed News. Beijing’s influence over TikTok’s algorithms, he argued, poses a potentially much bigger problem, given examples of the Chinese government censoring speech seen as harmful to its “national honor.”

Here’s more on TikTok:

  • Unclear: Although TikTok says data stored on Oracle’s servers in Texas will be secure and inaccessible from China, Baker-White noted in one story that the company’s lawyer and others clarified in recorded conversations that “this only includes data that is not publicly available on the app, like content that is in draft form, set to private, or information like users’ phone numbers and birthdays that is collected but not visible on their profiles.” A consultant working with TikTok on Project Texas told colleagues that what qualified as “protected data” under the agreement was “still being ironed out from a legal perspective.”
  • Exposure: The White House may be preparing to take action relatively soon on a broader policy for apps that might expose data to foreign powers, the Times reported. “Earlier this year, it circulated a draft of an executive order that would give the government more power to intercede in cases where data is at risk of being exposed to an adversary,” McCabe wrote for the paper. “The Biden administration is also expected to issue guidance soon for a committee that vets transactions involving foreign companies, telling it to be especially sensitive to cases that could expose Americans’ data to other governments.”
  • Ugly: In 2020, The Intercept reported that executives at ByteDance “instructed moderators to suppress posts created by users deemed too ugly, poor, or disabled for the platform,” according to internal documents obtained by the site. The documents also showed that TikTok moderators were told by their superiors to “censor political speech in TikTok live streams, punishing those who harmed China’s ‘national honor’ or broadcast streams about ‘state organs such as police.’”
  • Whims: The fear that the Chinese government might get its hands on American data through TikTok “is rooted in the reality that Chinese companies are subject to the whims of the authoritarian Chinese Communist Party,” Baker-White wrote for BuzzFeed, and the party “has been cracking down on its homegrown tech giants over the last year. The risk is that the government could force ByteDance to collect and turn over information as a form of ‘data espionage.’”


Other notable stories:

  • Brian Stelter, the host of Reliable Sources on CNN, is leaving the network following the cancellation of his show, multiple outlets reported on Thursday. Stelter got his start blogging about cable news as a student and went on to become a media reporter for the New York Times before joining CNN. “Reliable Sources is the longest-running show on CNN; Stelter has hosted it for the past nine years and celebrated the show’s 30th anniversary in March,” David Folkenflik noted at NPR. The staff of the show have all been let go, with the exception of Oliver Darcy, and a daily email newsletter that was written by Stelter and Darcy (also called Reliable Sources) will continue, CNN said. CJR will have more news and commentary on Stelter’s departure in our Monday newsletter.
  • The New York Daily News union slammed Alden Global Capital, the hedge fund that owns the 102-year-old newspaper, for work conditions that union representatives say have left the remaining staff “hanging by a thread,” the New York Post reported. “The union, which represents most of the skeleton staff left at the paper, called out Alden Global Capital for causing burned-out workers to ‘quit in droves,’ in a series of tweets Thursday,” the Post wrote. In its tweets, the union said: “Twelve journalists have resigned from the Daily News over the last three months. That’s about 20 percent of our newsroom. Staffers are quitting in droves. Our owners—Alden Global Capital—don’t seem to care.”
  • Streaming platforms such as Netflix brought in more viewers in July than all US cable TV networks combined, according to new data from Nielsen, Variety reported. “For the month of July, streaming among American TV households represented a record 34.8 percent share of total consumption,” Variety wrote, “while cable and broadcast came in at 34.4 percent and 21.6 percent, respectively. Streaming usage has surpassed that of broadcast before, but this is the first time it has also exceeded cable viewing.”
  • Google is rolling out a series of updates to its search engine that it says will help reduce clickbait and improve the relevancy of its search results, “prioritizing original and authentic reviews over recycled information that passes around aggregator sites,” according to The Verge. In a blog post on the new updates, Google said they were driven by the fact that “we know people don’t find content helpful if it seems like it was designed to attract clicks rather than inform readers.” The company said it is also rolling out an update to make it easier to find “high-quality, original” reviews for movies and other products.
  • Feven Merid writes for CJR about media startups such as Dirt, which introduced cryptocurrency-related initiatives such as NFTs just before the crypto market crashed. “Members of the crypto-journalism world are hoping for another bounce back,” Merid writes. Read the whole piece here
  • Gizmodo profiles a new local Texas news site called Permian Proud, which is sponsored by Chevron and contains feel-good stories about puppies as well as “greenwashing information about the company.” “According to data hidden on the site but provided in the site’s social preview cards, the puppy article is written by Mike Aldax, a man who lives more than 1,000 miles away from Midland,” Gizmodo writes. “Since 2014, Aldax, who works at San Francisco–based public relations firm Singer Associates, has also written for a Chevron-funded newspaper in California called the Richmond Standard.”
  • In media-job news, Reuters announced Thursday that it is “significantly increasing its India news coverage,” more than doubling the number of reporters covering the country. The wire service said the coverage expansion will include reporting on “fixed income and equity markets, government policy, the regulatory landscape and public companies.” Reuters said the coverage will be led by Ira Dugal, who was named financial news editor for India, and was previously executive editor of BQ Prime in India.

ICYMI: A tale of two bleak press-freedom anniversaries


Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.

TOP IMAGE: Solen Feyissa, CC BY-SA 2.0 , via Wikimedia Commons