TikTok insiders say Chinese language guardian ByteDance is in management

ByteDance Ltd.’s TikTok app is displayed within the App Retailer on a smartphone in an organized {photograph} taken in Arlington, Virginia, on Monday, Aug. 3, 2020.

Andrew Harrer | Bloomberg | Getty Photographs

A former TikTok recruiter remembers that her hours had been speculated to be from 10 a.m. to 7 p.m., however most of the time, she discovered herself working double shifts. That is as a result of the corporate’s Beijing-based ByteDance executives had been closely concerned in TikTok’s decision-making, she mentioned, and anticipated the corporate’s California workers to be accessible in any respect hours of the day. TikTok workers, she mentioned, had been anticipated to restart their day and work throughout Chinese language enterprise hours to reply their ByteDance counterparts’ questions.

This recruiter, together with 4 different former workers, informed CNBC they’re involved concerning the well-liked social media app’s Chinese language guardian firm, which they are saying has entry to American consumer knowledge and is actively concerned within the Los Angeles firm’s decision-making and product growth. These individuals requested to stay nameless for worry of retribution from the corporate.

TikTok launched internationally in September 2017. Its guardian firm, ByteDance, bought Musical.ly, a social app that was rising in reputation within the U.S., for $1 billion in November 2017, and the 2 had been merged in August 2018. In just some years, it has shortly amassed a consumer base of practically 92 million within the U.S. Specifically, the app has discovered a distinct segment amongst teenagers and younger adults — TikTok has surpassed Instagram as U.S. youngsters’ second-favorite social media app, after Snapchat, in response to an October 2020 report by Piper Sandler.

Final yr, then-President Donald Trump sought to ban TikTok within the U.S. or drive a merger with a U.S. firm. The Trump administration, together with Secretary of State Mike Pompeo, expressed nationwide safety considerations over the favored social media app’s Chinese language possession, with Pompeo saying at one level that TikTok is likely to be “feeding knowledge on to the Chinese language Communist Celebration.” TikTok has constantly denied these claims, telling CNBC, “We’ve by no means supplied consumer knowledge to the Chinese language authorities, nor would we achieve this if requested.” Within the firm’s final 4 semi-annual transparency stories, it doesn’t report a single request from the Chinese language authorities for consumer knowledge.

Earlier in June, TikTok caught a break when President Joe Biden signed an govt order that revoked Trump’s order to ban the app until it discovered a U.S. purchaser. Biden’s order, nevertheless, units standards for the federal government to judge the chance of apps linked to overseas adversaries.

ByteDance’s management

The previous workers who spoke to CNBC mentioned the boundaries between TikTok and ByteDance had been so blurry as to be nearly non-existent.

Most notably, one worker mentioned that ByteDance workers are capable of entry U.S. consumer knowledge. This was highlighted in a scenario the place an American worker engaged on TikTok wanted to get an inventory of world customers, together with Individuals, who looked for or interacted with a particular kind of content material — meaning customers who looked for a particular time period or hashtag or appreciated a selected class of movies. This worker needed to attain out to an information group in China so as to entry that data. The information the worker acquired included customers’ particular IDs, and so they may pull up no matter data TikTok had about these customers. One of these scenario was confirmed as a standard incidence by a second worker. 

A have a look at TikTok’s privacy policy states that the company can share the data it collects with its corporate group, which includes ByteDance.

“We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group,” the privacy policy reads. 

TikTok downplayed the importance of this access. “We employ rigorous access controls and a strict approval process overseen by our U.S.-based leadership team, including technologies like encryption and security monitoring to safeguard sensitive user data,” a TikTok spokeswoman said in a statement.

But one cybersecurity expert said it could expose users to information requests by the Chinese government. “If the legal authorities in China or their parent company demands the data, users have already given them the legal right to turn it over,” said Bryan Cunningham, executive director of the Cybersecurity Policy & Research Institute at the University of California, Irvine.

As CNBC reported in 2019, China’s National Intelligence Law requires Chinese organizations and citizens to “support, assist and cooperate with the state intelligence work.” Another rule in China, the 2014 Counter-Espionage law, has similar mandates.

The close ties between TikTok and its parent company go far beyond user data, the former employees said.

Direction and approvals for all kinds of decision-making, whether it be minor contracts or key strategies, come from ByteDance’s leadership, which is based in China. This results in employees working late hours after long days so they can join meetings with their Beijing counterparts.

TikTok’s dependence on ByteDance extends to its technology. Former employees said that nearly 100% of TikTok’s product development is led by Chinese ByteDance employees. 

The lines are so indistinct that multiple employees described having email addresses for both companies. One employee said that recruiters often find themselves looking for candidates for roles at both companies. 

TikTok acknowledged that employees might have multiple aliases, but said it relies on Google’s enterprise-level Gmail service for its corporate email and their emails are stored on Google servers, where they are logged and monitored for unauthorized access.

In comments to CNBC, TikTok downplayed the importance of its transnational structure. “Like many global technology companies, we have product development and engineering teams all over the world collaborating cross-functionally to build the best product experience for our community, including in the U.S., U.K. and Singapore,” a TikTok spokeswoman said in a statement.

On the personnel side, ByteDance in April appointed Singaporean national Shouzi Chew to the role of TikTok CEO. Prior to Chew’s appointment, TikTok was led in interim by former YouTube executive Vanessa Pappas, who was vaulted into the role after former Disney streaming executive Kevin Mayer resigned in August 2020 after just three months in the role.

Chew already served as ByteDance’s chief financial officer and will continue to hold that position in addition to his new role as TikTok CEO. 

Again, TikTok downplayed the connection. “Since May 2020, TikTok management has reported into the CEO based in the U.S., and now Singapore, who is responsible for all long-term and strategic day-to-day decisions for the business,” a TikTok spokeswoman said in a statement.

The risks of Chinese ties

“Today we take localized approaches, including local moderators, local content and moderation policies, local refinement of global policies, and more,” the company said in a statement at the time.

In November 2020, TikTok’s U.K. Director of Public Policy Elizabeth Kanter admitted during a parliamentary committee hearing that the app had previously censored content that was critical of the Chinese government in regard to forced labor of Uyghur Muslims in China. Afterward, Kanter said she misspoke during the hearing.

“Anytime [the Chinese government has] control over a platform like TikTok that has billions of users and is only getting more popular, it gives them power to feed our mind what we should think about, what we consider truth and what is false,” said Ambuj Kumar, CEO of Fortanix, an encryption-based cybersecurity company. Kumar is an expert on end-to-end encryption, including dealing with China’s special conditions for data encryption.

A bigger and much less discussed concern is the data TikTok collects from its users and how that data could be exploited by the Chinese government. 

TikTok’s privacy policy explains that the app collects all kinds of data. This includes profile data, such as users’ names and profile images, as well as any data users might add through surveys, sweepstakes and contests, such as their gender, age and preferences. 

The app also collects users’ locations, messages sent within the app and information about how people use the app, including their likes, what content they view and how often they use the app. Notably, the app also collects data on users’ interests inferred by the app based on the content that users view. 

Most importantly, TikTok also collects data in the form of the content that users generate on the app or upload to it. This would include the videos that users make. 

Some experts said they’re concerned that content created by a teenager now and uploaded to TikTok, even as an unpublished draft, could come back to haunt that same person if they later land a high-level job at a notable American company or start working within the U.S. government. 

“I’d be shocked if they are not storing all the videos being posted by teenagers,” Kumar said. “Twenty years from now, 30 years from now, 50 years from now when we want to nominate our next justice to the U.S. Supreme Court, at that time they will go back and find everything they can and then they’ll decide what to do with it.”

TikTok is not unique in collecting American user data. American consumer tech companies such as Facebook, Google and Twitter also possess vast troves of information they’ve collected on their users. The difference, according to experts on Sino-U.S. relations and Chinese espionage, is that American companies have many tools at their disposal to protect their users when the U.S. government seeks data, while Chinese companies have to comply with the Chinese government.

“ByteDance is a Chinese company, and they’re subject to Chinese national law, which says that whenever the government asks for the data a company is holding for whatever reason, the company must turn it over. They have no right to appeal,” said Jim Lewis, senior vice president and director, strategic technologies program at the Center for Strategic & International Studies, a foreign affairs think tank. Lewis previously worked for various agencies in the U.S. government, including on Chinese espionage.

“If the Chinese government wants to look at the data that ByteDance is collecting, they can do so, and no one can say anything about it,” Lewis said.

The Chinese government’s track record when it comes to human rights and widespread surveillance is reason for concern.

“Given the Chinese government’s authoritarian bent and attitudes, that’s where people are really concerned with what they might do,” said Daniel Castro, vice president at the Information Technology and Innovation Foundation, a nonprofit, nonpartisan think tank.

In particular, these experts cite the 2015 hack of the Office of Personnel Management, in which intruders stole more than 22 million records of U.S. government employees and their friends and family. The hackers behind the breach were believed to have been working for the Chinese government.

“They’ve collected ten of millions of pieces of data on Americans,” said Lewis. “This is big data. In the U.S. they use it for advertising … in China, the state uses it for intelligence purposes.”

Americans who decide to use TikTok should do so with the understanding that they are likely handing their data over to a Chinese company subject to the Chinese government, said Bill Evanina, CEO of Evanina Group, which provides companies with consultation for risk-based decisions regarding complex geopolitics.

“When you’re going to download TikTok … and you click on that ‘I agree to terms’ — what’s in that is critical,” Evanina said.

Not all experts, however, are concerned that TikTok is a threat. 

Graham Webster, editor in chief of the Stanford-New America DigiChina Project at the Stanford University Cyber Policy Center, notes that most of the data that TikTok collects could just as easily be gathered by the Chinese government through other services. China doesn’t need its own consumer app to exploit Americans’ data, he said. 

“I find it to be a very low-probability threat model for actual national security concerns,” Webster said. 

What TikTok could do to calm fears

As TikTok waits to see how the Biden administration decides to proceed, the company could take a number of steps to provide the new president and the American public with assurances that their data won’t be misused. 

A first step would be for TikTok to be more transparent about what its data collection process is. For cybersecurity experts, specific details would go a long way toward gaining it credibility.

Jason Crabtree, CEO of cybersecurity company Qomplex, formerly served as a senior advisor to the U.S. Army Cyber Command during the Obama administration. He said TikTok should be clear on what it collects, where it is stored, how long it is stored for, and which employees of which companies have access to the data.

A TikTok information sheet states that the company stores U.S. user data in Virginia with a backup in Singapore and strict controls on employee access. The company does not specify which user data it collects, saying “the TikTok app is not unique in the amount of information it collects, compared to other mobile apps.” The company says it stores data “for as long as it is necessary to provide you with the service” or “as long as we have a legitimate business purpose in keeping such data or where we are subject to a legal obligation to retain the data.” The company also says any user may submit a request to access or delete their information and TikTok will respond to the request consistent with applicable law.

“If all those things are documented and attested to, you have a much better shot at explaining to the U.S. public, to regulators and other interested parties why this is no issue to consumers,” Crabtree said. “If you don’t or are unwilling to provide real clarity then that’s something people should rightfully be really concerned about.”

Another tactic would be for ByteDance to proceed with the plan it had outlined toward the end of the Trump presidency and sell TikTok to a U.S. company that Americans already trust. After Trump signed the order that could have potentially banned TikTok, the company entered talks with Microsoft but didn’t reach a deal. At one point, there was an agreement in place to sell minority stakes to Walmart and Oracle, although the sale was never finalized. For some cybersecurity experts, anything short of this would not be enough to evoke trust in TikTok’s handling of American data. 

“As long as TikTok is a subsidiary of ByteDance, I certainly will not be satisfied with any purported technological fixes,” Cunningham said. 

Rather than focusing specifically on TikTok or Chinese apps, the U.S. should make stronger privacy regulations to protect Americans from all tech companies, including those with ties to adversary nations, Webster said.

“The solution ought to be comprehensive privacy protection for everyone, protecting you from American companies and Chinese companies,” Webster said.

Source link

Random Posts

  • Information From The World Of Social Media, Computer And Technology

    In this telecommunication world, there may be neck-to-neck competitors between numerous worldwide manufacturers. The management unit (usually called a control system or central controller) manages the pc’s varied parts; it reads and interprets (decodes) the program instructions, transforming them into […]

  • Realme 6 Price In India

    On this interval, cell phones embody superior applied sciences and high quality features. In proper now’s digital age, mobiles have flip right into a necessity in our lives. And we won’t deny the reality that be it residence, workplace, college, […]

  • Tesla sues former employee for allegedly stealing software code

    Vehicles pass the Tesla Inc. assembly plant in Fremont, California, U.S., on Monday, May 11, 2020. David Paul Morris | Bloomberg | Getty Images Tesla is suing a former employee and software engineer named Alex Khatilov, alleging trade secret theft […]

  • Lg Gt505

    Welcome to Devices 360’s mobile phone finder. Fixd was one of many biggest Kickstarter campaigns ever. It is a revolutionary device that allows YOU to know what’s incorrect with your automotive earlier than taking it in to a mechanic to […]