TikTok won’t commit to stopping US data flows to China

CNN business

TikTok repeatedly refused to commit to US lawmakers on Wednesday that the short-form video app would cut off US users’ data flows to China, instead promising that the outcome of its negotiations with the US government would “satisfy all national security concerns”.

Testifying before the Senate Homeland Security Committee, TikTok CEO Vanessa Pappas spoke with Senator Rob Portman about the details of TikTok’s corporate structure twice before facing a specific request.

“Will TikTok commit to cutting off China, China-based TikTok employees, ByteDance employees, or any other party in China that may have the ability to access information about US users?” Portman asked.

The question reflects bipartisan concerns in Washington about the possibility that US user data could find its way to the Chinese government and be used to undermine US interests, thanks to a national security law in that country that forces companies there to cooperate with data requests. US officials have expressed fears that China could use Americans’ personal information to identify useful agents or intelligence targets, or to inform future disinformation or disinformation campaigns.

TikTok does not operate in China, Pappas said, although it has an office in China. TikTok is owned by ByteDance, whose founder is Chinese and has offices in China.

Concerns about TikTok in the US were renewed after a BuzzFeed News report in June that, based on leaked audio of meetings, ByteDance employees said US user data had been accessed multiple times. In a letter to lawmakers, TikTok acknowledged the ability of people living in China to access US user data, but pointed to cybersecurity controls “overseen by our US-based security team.”

Pappas confirmed in Wednesday’s statement that the company said, on the record, that Chinese employees have access to US user data. In addition, TikTok has said that it will “under no circumstances provide such data to China” and has denied that TikTok China has any influence. However, he avoided saying whether ByteDance would hold US user data from the Chinese government or whether ByteDance could be influenced by China.

Asked to respond to Portman’s BuzzFeed article again on Wednesday, Pappas said “these allegations were not found,” without identifying specific allegations. He then added: “It was spoken [in the article] of a main account, which is not in our company.’

The BuzzFeed article refers to a “Beijing-based engineer” as a “Master Admin” with access to everything, but it’s unclear whether that engineer is an employee of ByteDance or TikTok.

“Once again, we take this extremely seriously to protect the trust of US citizens and ensure the security of data for US users,” Pappas said. “When it comes to access and controls, we will go above and beyond with our partner, Oracle, in leading the initiative’s efforts, as well as our work to the satisfaction of the US government. [the Committee on Foreign Investment in the United States]and we hope to share more information about it”.

Portman then pledged to Pappas to “cut off all data and metadata flows to China,” but Pappas vowed that “our final agreement with the U.S. government will satisfy all national security concerns.”

Pappas later testified to Missouri Republican Senator Josh Hawley that the entire content of the BuzzFeed article was false.

“We do not agree with the categorization of that article entirely,” he said.

TikTok previously said it had moved US user data to cloud servers managed by Oracle, from servers TikTok controlled in Virginia and Singapore, and would eventually delete backups of US user data from those proprietary servers. It is also in ongoing discussions with CFIUS, the multi-agency US government body with national security jurisdiction, about the future handling of US data.