(READ) TikTok questioned about allowing Chinese parent company to access 'sensitive data'

Republicans James Comer (R-Kentucky) and Cathy McMorris Rodgers (R-Washington) are launching an investigation to find out whether TikTok allowed its parent company, ByteDance, to access sensitive data belonging to American users.

Comer is the top Republican on the House Oversight Committee.

In a letter to TikTok’s CEO in China, Shou Zi Chew, the lawmakers request all documents and communications outlining the relationship between TikTok and ByteDance, as well as any of their data sharing, access, and storage practices. 

According to a recent Buzzfeed News article, recordings from nine different TikTok employees indicate that individuals in China had access to US users’ data. TikTok executives previously denied this. TikTok has stated that all US data is stored in servers in the US or Singapore, or via US cloud storage. But a TikTok consultant said there is backdoor access to user data in almost all the tools for data visualization, content modernization, and monetization. This raises serious questions about whether millions of US user data has been accessed in China and whether it has fallen into the hands of the Chinese Communist Party (CCP).

These facts are particularly concerning considering the Chinese Communist Party’s crackdown on homegrown technology. In 2017, the CCP passed the National Intelligence Law of the People’s Republic of China. This law requires individuals, organizations, and institutions to assist CCP Public Security and State Security officials in carrying out and executing ‘intelligence’ work.”

It is unclear if this applies to only Chinese companies or encompasses those with any operating footprint in China, like ByteDance—TikTok’s parent company. Unequivocally, the data collected by TikTok on U.S. users, such as browsing and search history, biometrics, location data, and other metadata, would be a massive national security risk in the hands of CCP intelligence.” 

James Comer (R-Kentucky) - House Committee on Oversight and Reform Ranking Member
Cathy McMorris Rodgers (R-Washington) - Committee on Energy and Commerce Ranking Member

Comer is also requesting that Janet Yellen, Secretary of the Treasury and Chair of the Committee on Foreign Investment in the United States, provide a briefing on the status of ongoing negotiations with TikTok to protect US user data from falling into the hands of the CCP.   

The letter to TikTok can be found here and below.

The letter to Secretary Yellen can be found here.

Mr. Shou Zi Chew
Chief Executive Officer
TikTok
5800 Bristol Parkway, Suite 100 Culver City, CA 90230

Dear Mr. Chew:

July 14, 2022

We write to request documents and information regarding recent reports that TikTok allows China-based employees of its parent company, ByteDance, to access non-public U.S. user data, contrary to the company’s previous denials.1 If true, not only did TikTok misrepresent or provide false testimony about its data management and security practices, but it has placed the safety and privacy of millions of U.S. citizens in jeopardy.2

According to a recent Buzzfeed News article, recordings from nine different TikTok employees indicated that individuals in China had access to U.S. users’ data3—a fact that TikTok executives previously denied.4 The article describes situations where U.S. based TikTok employees had to request access to data from their Chinese counterparts. Just as troubling, U.S. employees did not have the knowledge or permission to access data on their own, going so far asto say, “everything is seen in China.”5

Previously and in response to this recent concern, TikTok has stated that all U.S. data is stored in servers in the U.S. or Singapore or via U.S. cloud storage.6 However, leaked audio suggests this may be irrelevant. A TikTok consultant said, “[T]here’s some backdoor to access user data in almost all of [the tools for data visualization, content modernization, and monetization.]”7 This raises serious questions about whether millions of U.S. users’ data has been accessed in China.

These facts are particularly concerning considering the Chinese Communist Party’s (CCP) crackdown on homegrown technology. In 2017, the CCP passed the National Intelligence Law of the People’s Republic of China.8 This law requires individuals, organizations, and institutions to

1 Emily Baker-White, Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China, BUZZFEED NEWS, June 17, 2022.
2 Id.
3 Id.

4 Letter from Hon. Marsha Blackburn, et. al., U.S. Senator, to Shou Zi Chew, Chief Exec. Officer, TikTok (June 27, 2022).
5 Baker-White, supra note 1.
6 Id.

7 Id.
8 Murray Scot Tanner, Beijing’s New National Intelligence Law: From Defense to Offense, Lawfare, July 20, 2017.

Mr. Shou Zi Chew July 14, 2022 Page 2

assist CCP Public Security and State Security officials in carrying out and executing “intelligence” work.9 Specifically, it requires those covered by the law to “support, assist, and cooperate with state intelligence work.”10 It is unclear if this applies to only Chinese companies or encompasses those with any operating footprint in China, like ByteDance—TikTok’s parent company.11

Unequivocally, the data collected by TikTok on U.S. users, such as browsing and search history, biometrics, location data, and other metadata, would be a massive national security risk in the hands of CCP intelligence. Relatedly, U.S. national security agencies and military services banned TikTok from government-owned devices in 2019.12

On June 30, 2022, TikTok responded to a letter from several U.S. Senators.13 The letter did not address several key questions and, in fact, raises others. Therefore, we request the following documents and information by July 28, 2022:

1. All documents, including charters, contracts, and agreements, outlining the corporate relationship between TikTok and ByteDance Ltd. Including, but not limited to documents that show “ByteDance Ltd. Beijing Douyin Information Service Limited does not have any direct or indirect ownership in or control over any TikTok entity” and “employees of Beijing Douyin Information Service Limited are restricted from U.S. user database access.”
2. All documents and communications between or amongst TikTok and ByteDance Ltd. regarding data sharing and storing practices, policies, and procedures either in the U.S. or abroad including but not limited to, TikTok’s “robust cybersecurity controls and authorization approval protocols.”
3. All documents and communications between or amongst TikTok and ByteDance Ltd. employees regarding tools for data visualization, content modernization, and monetization either in the U.S. or abroad.
4. All documents and communication between or amongst TikTok and ByteDance Ltd. employees regarding algorithms that use in whole or in part U.S. users’ data.
5. All documents and communications regarding Project Texas.
6. All documents and communications between or amongst TikTok and ByteDance Ltd. employees regarding Executive Orders 13942 and 14034.

9 Id.
10 Id.
11 Id.
12 See, e.g., Neil Vigdor, U.S. Military Branches Block Access to TikTok App Amid Pentagon Warning, N.Y. TIMES, Jan. 4, 2020.

13 Letter from Shou Zi Chew, Chief Exec. Officer, TikTok, to Hon. Marsha Blackburn, et. al., U.S. Senator (June 30, 2022).

Mr. Shou Zi Chew July 14, 2022 Page 3

Additionally, please make arrangements to brief our Committees’ staff no later than July 21, 2022. During the briefing, please be prepared to provide answers to questions, including but not limited to the following:

1. Your June 30, 2022 letter to the U.S. Senate stated: “[e]mployees outside the U.S., including China-based employees, can have access to Tik Tok U.S. user data . . .”
   1. How many China-based employees have access to U.S. users’ data?
   2. What corporation are the employees in (a) affiliated with?
   3. How many times did a China-based employee use this access?
   4. What is the purpose of this access?
2. The letter stated: “ByteDance engineers around the world may assist in developing these algorithms . . .”
   1. Where, specifically, are these ByteDance engineers located?
   2. What algorithms do ByteDance engineers assist in developing?
   3. Do ByteDance engineers assist in updating these algorithms?
   4. Do ByteDance engineers have access to U.S. users’ data in order to update thealgorithms?
3. The letter stated: “100% of U.S. user traffic is now being routed to Oracle Cloud Infrastructure.” Does the data approved to be sent to China-based employees stay on the U.S. based cloud or is it transferred to a Chinese data storage system?
4. The letter stated: “[we] have not been asked for such data from the CCP. We have not provided U.S. user data to the CCP, nor would we if asked.”
   1. Has TikTok determined that the 2017 National Intelligence Law of the People’s Republic of China does not apply to its data?
   2. Has ByteDance determined that National Intelligence Law of the People’s Republic of China does not apply to its data?
5. The letter stated: “TikTok leases office space in cities across the U.S., including Los Angeles, Austin, Chicago, New York, Detroit, Seattle, DC, and Nashville.” In any of these instances is ByteDance the lease holder and TikTok the tenant?To schedule the briefing or ask any follow-up or related questions, please contact

Committee on Oversight and Reform Republican staff at (202) 225-5074 or Committee on Energy and Commerce Republican staff at (202) 225-3641. The Committee on Oversight and Reform is the principal oversight committee of the U.S. House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X. The Committee on Energy and Commerce has jurisdiction over consumer affairs and consumer protection, interstate and foreign communications, and interstate and foreign commerce generally under House Rule X. Thank you in advance for your cooperation in this matter.

Mr. Shou Zi Chew July 14, 2022 Page 4

_____________________________

James Comer
Ranking Member
Committee on Oversight and Reform

Sincerely,

 

cc: The Honorable Carolyn Maloney, Chairwoman Committee on Oversight and Reform

The Honorable Frank Pallone, Chairman Committee on Energy and Commerce