A former employee of TikTok has been meeting with federal lawmakers to discuss flaws in the company’s data security, according to an exclusive interview given to the Washington Post. The former employee alleges that TikTok’s data security flaws could leave over 100 million American users vulnerable to Chinese-based employees of parent company ByteDance. This allegation could undermine the company’s $1.5 billion restructuring plan, known as “Project Texas,” which it claims aims to safeguard domestic user information.
The former employee argues that Project Texas will not be sufficient to address the data security issues and that a “complete re-engineering” of how TikTok works is required. The former employee claims he was fired after he took steps to address data privacy and security issues. His December 2022 letter to TikTok’s CEO accuses senior managers of “intentionally lying” to U.S. government officials about the project’s controls.
Are we watching the fall of TikTok? https://t.co/SsXtfW9v4a
— Daily Caller (@DailyCaller) March 10, 2023
TikTok disputes the former employee’s claims and argues that he misconstrued the plan. TikTok officials said in a statement the “analytic tools” do not allow direct access to user data and that protected U.S. information is now stored on Oracle servers where it can be accessed only in “limited, monitored circumstances.” TikTok officials also argued that the Toutiao code shared by the former employee does not send information back to China and is “nothing more than a naming convention and technical relic.”
Meanwhile, Congress is contemplating a nationwide ban on TikTok. A bipartisan group of senators recently proposed legislation designed to give the Commerce Department authority to ban TikTok and other apps with foreign owners following a “risk-based” assessment. The White House has said it supports the bill but is also waiting for the Committee on Foreign Investment in the United States (CFIUS) negotiations to conclude.
TikTok can collect extensive user data, including video viewing histories, email addresses, and contacts. Chinese law authorizes government authorities to compel tech companies based there to turn over collected user data when needed for its “national intelligence” work. TikTok has argued that Americans’ information would not be subject to that law because it is stored in servers in the U.S. and Singapore. However, skeptics have argued that no technical safeguard can protect private user data from ByteDance’s ownership.
TikTok CEO Shou Zi Chew is set to testify about Project Texas and the possibility of Chinese influence during a congressional hearing later this month.