Following concerns that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, TikTok sought to assure U.S. lawmakers that it’s taking steps to “strengthen data security.”
The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators. The letter said that the procedure requires the individuals to clear numerous internal security protocols.
First reported by The New York Times, the contents of the letter outline more details about TikTok’s plans to address data security concerns through a multipronged initiative codenamed “Project Texas.”
TikTok CEO Shou Zi Chew wrote in the memo, “employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”
This includes what it terms a narrow set of non-sensitive TikTok U.S. user data, such as comments and public videos, to meet interoperability requirements, which emphasising that this access will be “very limited” in scope and pursuant to protocols developed in collaboration with the U.S. government.
TikTok, a popular social video-sharing service from Beijing-based ByteDance, has remained a concern for U.S. lawmakers over national security risks that could arise from the Chinese government requesting data belonging to U.S. users directly from its parent firm.
In the letter, the company aimed to assuage concerns that it has never been asked to provide data to the Chinese authorities. They further stated that it would not consent to such government inquiries.
TikTok further stated that 100% of U.S. user data is routed to Oracle cloud infrastructure located in the U.S., and that it’s working with the enterprise software firm on more advanced security controls put in place “in the near future”.
The company said that it’s planning to delete U.S. data from its own backup servers in Singapore and the U.S. and fully switch to Oracle cloud servers situated in the U.S.
This latest wave of scrutiny into TikTok’s operations come after a report by BuzzFeed News that alleged that ByteDance staff had frequent access. They cited anonymous employees, who said that “everything is seen in China” and referenced a “Master Admin” who “has access to everything.”
ByteDance called the allegations and insinuations “incorrect and are not supported by facts,” noting that employees who work on these projects “do not have visibility into the full picture.”