Beijing monitoring your kids through TikTok?

Via Sinocism. If it’s happening in the US then it’s more than likely happening here. 

Buzzfeed obtained audio from 80 internal TikTok meetings that make it sound quite clear that employees in the PRC had access to American user data, even after company representatives testified under oath they did not, and repeatedly said publicly they did not. Almost simultaneous with the publication of the Buzzfeed story, TikTok released a blog post stating that “Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure”, which sure looks like an admission that the Buzzfeed story was correct. It does not really matter what data were involved if TikTok was lying about how it handled them.

US TikTok User Data Has Been Repeatedly Accessed From China, Leaked Audio Shows-Buzzfeed

For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform’s parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users — exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.” (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.)

The recordings range from small-group meetings with company leaders and consultants to policy all-hands presentations and are corroborated by screenshots and other documents, providing a vast amount of evidence to corroborate prior reports of China-based employees accessing US user data. Their contents show that data was accessed far more frequently and recently than previously reported, painting a rich picture of the challenges the world’s most popular social media app has faced in attempting to disentangle its US operations from those of its parent company in Beijing. Ultimately, the tapes suggest that the company may have misled lawmakers, its users, and the public by downplaying that data stored in the US could still be accessed by employees in China.

Delivering on our US data governance | TikTok Newsroom

we’ve changed the default storage location of US user data. Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US.

In addition, we’re working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind.

We’re also making operational changes in line with this work – including the new department we recently established, with US-based leadership, to solely manage US user data for TikTok. Together, these changes will enforce additional employee protections, provide more safeguards, and further minimize data transfer outside of the US. This is an important direction from a systems and data security standpoint, and part of our focus on preserving an interconnected experience for our global community while building a security-first culture.

TikTok’s American Credibility Problem – Interconnected – Kevin Xu

Despite all the rage and rancor about how scary it would be for the Chinese Communist Party to access US user data via TikTok, the Buzzfeed story revealed that what kind of data is considered “protected” data is still “being negotiated” – a euphemistic way of saying the regulation is being “watered down”.

While we don’t know what types of data are considered “protected”, it appears that at least one type of data, the UID [Unique Identifier], is apparently not:

“In a recorded January 2022 meeting, the company’s head of product and user operations announced with a laugh that unique IDs (UIDs) will not be considered protected information under the CFIUS agreement: “The conversation continues to evolve,” they said. “We recently found out that UIDs are things we can have access to, which changes the game a bit.” (Bold emphasis mine)

I emphasized the “with a laugh” detail, because it underscores just how core UID is when it comes to data access control. Any regulation that does not include core data types, like the UID, within the “protected data” definition is basically toothless.

Houses and Holes

Comments

  1. Ronin8317MEMBER

    The whole ‘China is accessing your data’ is CIA propaganda. Why is it be OK for the CCP to access user data in Singapore, but not from Shanghai? If it’s a real security risk, they would have just ban Tik Tok. US is simply pissed that Tik Tok is doing better than Facebook and Twitter. The data is now being hosted by Oracle, whose will do their best to reverse engineer the business.

    • C.M.BurnsMEMBER

      there is no difference between accessing it from Singapore vs Shangai. That’s the point of it (now / eventually) being hosted solely on the Oracle Cloud platform, which has (many) data centres in the US and can guarantee that the data doesn’t travel outside of the US goverment / legislative area of control between user and data centre.

      but critically, at the moment (and historically despite claims to the contrary), US user data was being shared with persons/entities outside of the US and specifically in China.

      • That’s not how Layer 2 works. It can travel/transit anywhere in the world, the key point is where it is stored at rest. The US can then use the Patriot act (if needed) to access said data.

    • +1, I also think we should have massive user data control over companies based in the US like Facebook. In terms of what they are allowed to store about Australian users within US jurisdictions etc..Our privacy act from 1988 is way out of date to handle such things. TikTok should either be banned or forced to store local user data in Australia and Australian data centres.

      • kannigetMEMBER

        if you think its way out of date, you probably shouldn’t look under the covers for how well its implemented. Most government departments are at least trying, Almost all the businesses I have had to deal with cant even spell privacy let alone care about some “stupid law that only applies to government”.

        • Yep, I’m sure it’s true. At least in Europe they have GDPR and US (California) has CCPA which has forced Tech Firms to change the jurisdictions that data is stored in and for how long etc.. but we need to go a lot further and demand companies only store data with strict rules around how it’s used and the consumer should have ultimate control over it and be able to request data is removed from company databases.

          • C.M.BurnsMEMBER

            GDPR applies to all data belonging to any (even a single) EU citizen, anywhere in the world. So qantas and all the banks (for example) have/had massive GDPR compliance initiatives because they were inevitably handling EU citizen’s data.

            the reason they all did so was because the EU made the cost of the fines for breaches / non-compliance so big (and their ability to enforce them is legitmate) that they couldn’t be simply ignored

          • Yes, I agree the fine must be high enough to force compliance. If Australia adopts a similar standard to the EU then many companies will already have gone down that route so it won’t be much more work.

          • At the end of the day it all comes.down to who do you trust, doesn’t it? Where ever our data (& that of high value targets for hostile governments ) is stored engineers will have the ability to access it and send it to their manager or for example the CCP. Just like your phone, PC, TV you are trusting your data to the companies who offer them, these laws are good generally when applied in good faith, but not going to stop bad actors, are they?

  2. Hugh PavletichMEMBER

    China’s Consumer Confidence Crisis Will Leave Permanent Scars … Bloomberg

    https://www.bloomberg.com/news/articles/2022-06-20/china-covid-lockdowns-tank-consumer-sentiment?srnd=premium-asia

    … concluding …

    … When Covid control brings an economy to a standstill long enough, the collateral damage is unemployment. In recent months, the word “layoff” has been trending on Baidu Inc.’s search engine. In May urban unemployment in major cities hit 6.9%, the highest since the National Bureau of Statistics survey started in 2013. Young people are especially worried: The jobless rate among those age 16 to 24 hit 18.4%. For those new college graduates who did get job offers, the average starting salary of 6,507 yuan ($924) a month is 12% lower than a year ago, according to online recruitment site Zhaopin Ltd.

    Meanwhile, there’s hardly any unemployment support from the government—and no mention of stimulus checks at all. Despite his talk of common prosperity, President Xi Jinping detests welfare states. In early 2020, when more than 70 million people were out of work, only 2 million claimed unemployment benefits. Even the so-called consumption vouchers that local governments distribute, often designed to support the automotive and electronics industries in their areas, are worth little.

    With poor job prospects and barely any social safety net, consumers, who still have mortgage and grocery bills to pay, can’t possibly feel good about their future. When the Chinese finally emerge from their lockdowns, they’ll be scarred, even more thrifty and risk-averse than before.

  3. MathiasMEMBER

    lol Chick Tok.

    Is China stealing Discord Data as well?
    https://www.youtube.com/watch?v=uvNkdAggUGU

    Facebook, Twitter, Google and heaps of other places profiteering by selling your data… which in a lot of cases ends up in the hands of intelligence agencys ( US or Chinese ).

    Most people say, ” But what do I have to hide? “.

    How to turn an Innocent Australian into a Spy for a Foreign Government

    Blackmail… Extortion… ” We managed to acquire information you put into a website on xyz day which we are in possession of. If you dont want that information released publically ( character assassination ) or for us to tell your wife about xyz pr0n website, then we only ask you just do a tiny little task for us. “.

    -then-

    ” We thankyou for helping us with that little task we asked you to do. We would like to remind you that by already helping us you have made yourself a Traitor to your own Country, committed a crime and you could now potentially face legal prosecution if your own government ever found out that you helped us. We suggest you do as we say and you can rest assured that nobody will ever know that you’ve ever helped us. Of course, should you refuse to help us, we cant guarantee your secret wont end up released to your own government whereby they may prosecute you. We think its best you continue to help us and for doing so, we will make sure to continue to reward you ” … and now your trapped.

    Its not like they havent had a go at Australias Parliament to acquire such information on our Politicians a while ago.
    https://www.youtube.com/watch?v=lh_kBbjkoQM

    • That is an excellent post that should have gone viral. The subject matter was also on Our Brain (ABC TV) last night, a series everyone should watch on iView, the one on multitasking especially!

Leave a reply

You must be logged in to post a comment. Log in now