Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China
In 2019, the Committee on Foreign Investment in the United States began investigating the national security implications of TikTok’s collection of American data. And in 2020, then-president Donald Trump threatened to ban the app entirely over concerns that the Chinese government could use ByteDance to amass dossiers of personal information about US TikTok users. TikTok’s “data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information,” Trump wrote in his executive order. TikTok has said it has never shared user data with the Chinese government and would not do so if asked.
Most of the recorded meetings focus on TikTok’s response to these concerns. The company is currently attempting to redirect its pipes so that certain, “protected” data can no longer flow out of the United States and into China, an effort known internally as Project Texas. In the recordings, the vast majority of situations where China-based staff accessed US user data were in service of Project Texas’s aim to halt this data access.
Project Texas is key to a contract that TikTok is currently negotiating with cloud services provider Oracle and CFIUS. Under the CFIUS agreement, TikTok would hold US users’ protected private information, like phone numbers and birthdays, exclusively at a data center managed by Oracle in Texas (hence the project name). This data would only be accessible by specific US-based TikTok employees. What data counts as “protected” is still being negotiated, but the recordings indicate that all public data, including users’ public profiles and everything they post, will not be included. (Disclosure: In a previous life, I held policy positions at Facebook and Spotify.) Oracle did not respond to a request for comment. CFIUS declined to comment.
Shortly before publication of this story, TikTok published a blog post announcing that it has changed the “default storage location of US user data” and that today, “100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US.”
Lawmakers’ fear that the Chinese government will be able to get its hands on American data through ByteDance is rooted in the reality that Chinese companies are subject to the whims of the authoritarian Chinese Communist Party, which has been cracking down on its homegrown tech giants over the last year. The risk is that the government could force ByteDance to collect and turn over information as a form of “data espionage.”
There is, however, another concern: that the soft power of the Chinese government could impact how ByteDance executives direct their American counterparts to adjust the levers of TikTok’s powerful “For You” algorithm, which recommends videos to its more than 1 billion users. Sen. Ted Cruz, for instance, has called TikTok “a Trojan horse the Chinese Communist Party can use to influence what Americans see, hear, and ultimately think.”
Project Texas’s narrow focus on the security of a specific slice of US user data, much of which the Chinese government could simply buy from data brokers if it so chose, does not address fears that China, through ByteDance, could use TikTok to influence Americans’ commercial, cultural, or political behavior.
In 2019, the Committee on Foreign Investment in the United States began investigating the national security implications of TikTok’s collection of American data. And in 2020, then-president Donald Trump threatened to ban the app entirely over concerns that the Chinese government could use ByteDance to amass dossiers of personal information…
