A recent issue of Wired magazine’s e-newsletter alerted us to confirmation of the national security threat posed by the wildly popular social video platform TikTok, which is owned by a Red Chinese company, ByteDance.
TikTok has always maintained that it is firewalled between ByteDance and its US userbase. But materials seen by Forbes indicate that an internal ByteDance review board, the “Internal Audit and Risk Control department,” planned to direct TikTok to track the location of some specific US users. The group typically focuses on internal, employee issues, but the US-based individuals were reportedly not affiliated with TikTok or ByteDance.
“In at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a US citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected,” Forbes wrote.
Forbes reported the project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.
TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior."
TikTok is reportedly close to signing a contract with the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS), which evaluates the national security risks posed by companies of foreign ownership, and has been investigating whether the company’s Chinese ownership could enable the Chinese government to access personal information about U.S. TikTok users.
In September, President Biden signed an executive order enumerating specific risks that CFIUS should consider when assessing companies of foreign ownership. The order, which states that it intends to “emphasize . . . the risks presented by foreign adversaries’ access to data of United States persons,” focuses specifically on foreign companies’ potential use of data “for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potential adverse impacts on national security.”
Forbes reported the TikTok “internal audit team” uses a data request system known to employees as the “green channel,” according to documents and records from Lark, ByteDance’s internal office management software. These documents and records show that “green channel” requests for information about U.S. employees have pulled that data from mainland China.
ByteDance is not the first tech giant to have considered using an app to monitor specific U.S. users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties. At the time, Uber acknowledged that it had run the program, called “greyball,” but said it was used to deny ride requests to “opponents who collude with officials on secret ‘stings’ meant to entrap drivers,” among other groups.
TikTok did not respond to questions about whether it has ever served different content or experiences to government officials, regulators, activists or journalists than the general public in the TikTok app.
But the material reviewed by Forbes indicates that ByteDance's Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions posed by Forbes about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.
Back in 2020 we pointed out that the TikTok app presents very real security concerns that have drawn the scrutiny of U.S. lawmakers and national security staffers.
Chief among the concerns with the China-based app is that the data it collects on its user base—which, in the United States, is largely between the ages of 16 and 24—goes straight back to Beijing and the Chinese government.
Back in 2020, the Indian government blocked TikTok and 58 other Chinese apps, including WeChat, Baidu Translate, Mi Video Call, Cam Scanner, Weibo and ES File Explorer. However, our friends at NewsMax reported at the time there seemed to be no urgency in the U.S. government about acting on this known threat.
Now, two years have gone by and, even with the mounting evidence of the real threat posed by TikTok, there appears to be little urgency on the part of U.S. policy makers and intelligence officials.
When it banned TikTok, and some 58 other Communist Chinese apps, the Indian government issued a statement noted “raging concerns” with regards to data security and protecting the privacy of its citizens. “The Ministry of Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.”
“The compilation of these data, its mining and profiling by elements hostile to national security and defense of India, which ultimately impinges on the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures,” the statement continued.
“On the basis of these and upon receiving of recent credible inputs that such Apps pose threat to sovereignty and integrity of India, the Government of India has decided to disallow the usage of certain Apps, used in both mobile and non-mobile Internet enabled devices,” the statement said according to Variety's Naman Ramachandran.
Back in 2020 Rachel Bovard’s reporting suggested that TikTok presents the same challenges to United States sovereignty and national security recognized by Indian officials, and that it was very likely placing data on American citizens in the hands of an American geopolitical adversary—the Chinese Communist Party—which that adversary could use for information, leverage, blackmail, identity theft or other nefarious purpose.
And now, thanks to reporting by Forbes, those concerns have been verified as accurate and legitimate.
We urge CHQ readers and friends to call the White House (202-456-1111) to demand that President Biden use his executive authority to ban TikTok and the 58 other Chinese apps, including WeChat, Baidu Translate, Mi Video Call, Cam Scanner, Weibo and ES File Explorer, identified by the Indian government as threats to its national security and sovereignty. Unless Biden has been so compromised by Red China that he can’t act, there’s no reason for the United States to dither in the face of another national security threat from Red China.
2022 Elections
Control of Congress
ByteDance
TikTok
Big tech
Facebook
tracking
data collection
Treasury Department’s Committee on Foreign Investment in the United States (CFIUS)
Biden administration
national security
Green channel
Chinese Communist Party