TikTok Whistleblower Tells Congress Data Protections Don’t Stop Chinese Access
A former TikTok employee turned whistleblower has reportedly met with multiple U.S. senators expressing concerns TikTok’s plan to secure U.S. user data won’t go far enough to stop possible Chinese espionage. The whistleblower told The Washington Post in an interview that the company’s policy plan, dubbed Project Texas, doesn’t go far enough and that properly ensuring U.S. data is secured from Chinese employees requires nothing short of a “complete re-engineering” of the way the app works.
Those allegations come just days after another whistleblower raised concerns regarding TikTok’s U.S. user controls. Combined, the comments could fan the flames for what looks like growing bipartisan support for a full-on nationwide TikTok ban.
Who is this TikTok whistleblower?
The former TikTok employee turned whistleblower told the Post he worked at the company for around six months ending in early 2022 as a risk manager and head of a unit in TikTok’s Safety Operations team. Part of that job, he claims, put hin in charge of knowing which employees had access to certain tools and user data. He claims he was fired after speaking up about his data privacy concerns. Though he left TikTok prior to its finalization of the so-called Project Texas policy, he maintains he saw enough evidence to suggest the guardrails put in place to placate U.S. regulators fearful of Chinese employees viewing U.S. user data were insufficient. The whistleblower has reportedly already met with staffers from Iowa Sen. Chuck Grassley and Virginia Sen. Mark Warner’s offices.
Specifically, the whistleblower reportedly shared a snippet of code with the Post which they say shows TikTok’s code connecting with Toutiao, a Chinese news app also run by TikTok’s parent company, ByteDance. The whistleblower alleges that connection could let Chinese employees intercept and potentially view U.S. user data. Gizmodo could not independently confirm those claims.
A TikTok spokesperson refuted the whistleblower’s allegations, telling Gizmodo the project he was criticising wasn’t completed until after his departure from the company.
“Anyone who left the company in February of 2022 would have no knowledge of the current status of Project Texas and the many significant milestones the initiative has reached over the last year in our efforts to further safeguard our community and our platform in the United States,” the TikTok spokesperson said in an email.
The spokesperson said Project Texas was, in fact, a full re-engineering of the app. Additionally, the spokesperson said most of the employees who had knowledge of Project Texas’ components during the time of the whistleblower’s employment did not have full access to the entirety of the project.
The whistleblower, meanwhile reportedly did not advocate for an outright nationwide ban. Instead, he said the problems could be solved but would require further steps than what is included in the Project Texas proposal.
What is Project Texas?
As a refresher, TikTok has an estimated 100 million U.S. users but is owned by ByteDance, a Beijing-based company. For years, lawmakers from both sides of the aisle have worried that Chinese ownership could lead to a situation where government officials could theoretically request and view U.S. user data. TikTok says its U.S. business runs and operates independently of China, however, recent reports have shown Chinese ByteDance employees have, in some cases, had access to U.S. user data. TikTok has previously rejected lawmakers’ most sensational national security allegations related to Chinese surveillance which still lacks much concrete evidence.
That’s where Project Texas comes in. As part of that proposal, TikTok says it would silo its U.S. operation into a subsidiary called TikTok U.S. Data Security whose leadership would require U.S. government approval. Under project Texas, TikTok says all U.S. user data and critical code would move to Oracle’s cloud infrastructure. The company reportedly sent its finalised data privacy proposal to the U.S Committee on Foreign Investment in the United States last August but it has yet to be approved.
Two whistleblowers come forward in one week
The Post interview came just days after another alleged whistleblower came forward in a letter sent to ByteDance by Republican Missouri Rep. Josh Hawley. That whistleblower, first revealed by Axios, alleged TikTok’s access controls on U.S. data were “superficial” at best. TikTok and ByteDance employees, he alleged, possess the ability to “switch between Chinese and U.S. data with nothing more than the click of a button.” Gizmodo could not independently confirm these claims.
“I have seen first-hand China-based engineers flipping over to non-China datasets and creating scheduled tasks to backup, aggregate, and analyse data,” the whistleblower alleged in the letter. “TikTok and ByteDance are functionally the same company.”
Combined, those whistleblower comments could ratchet up lawmakers’ renewed interest in passing legislation aimed at banning TikTok outright. That scenario, which once seemed laughable just a few weeks prior, has quickly picked up steam and appeared to attract support from major players on both sides of the political aisle. President Biden has already signed into law legislation banning TikTok’s use by an estimated 4 million federal employees. Nearly 30 other states have recently passed similar local legislation banning the app from use by workers employed by the state.
Calls for legislation that could ban TikTok outright are on the rise too. Earlier this month, Republican lawmakers rushed through a bill that would grant the Biden administration the ability to impose a nationwide TikTok ban and compel the president to do so in certain scenarios. This week, the White House endorsed a new bipartisan bill that would give the president the authority to restrict or ban foreign-linked software or electronics deemed a national security risk by the Commerce Department.