July 4, 2022
Social media site TikTok is in hot water with the US government over user data security, and Australian data may be less than secure as well.
Some US senators have put questions to the Chinese-owned company regarding data security as the app undergoes a move to a "new advanced data security controls" with a server system based in the US, having previously used servers across regions, including in China.
TikTok acknowledged that China-based employees "can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorisation approval protocols overseen by our US-based security team."
Marsha Blackburn, a senator from Tennessee, said TikTok "should have come clean from the start but instead tried to shroud their work in secrecy." She said TikTok needs to "come back and testify before Congress."
Australian users' data is stored in servers in the US and Singapore, which raises questions about whether that data is subject to the same security concerns.
Liberal Senator James Paterson has publicly put it to TikTok to address those concerns.
"Australian TikTok users deserve to know whether their private information is equally exposed," Mr Paterson wrote on Twitter.
He asked whether Australian data can be, or has previously been accessed by China-based employees, and on what ground the social media company could refuse a request for data from the Chinese government.
Senator Paterson referenced a letter from TikTok to the Australian Parliament from 2020, in which TikTok's director of public policy assured the previous government it would not bend to such a request from Beijing.
TikTok, owned by Chinese technology conglomerate ByteDance, is one of the world's most popular social media apps, with more than 1 billion active users globally. It counts the United States as its largest market.
More than 7 million Australians spend time on TikTok, and according to a February report, scroll through the site for an average of almost 24 hours per month.
It is not the first time TikTok has admitted that employees in China have access to US user data.
In a 2020 blogpost, Roland Cloutier, TikTok's chief information security officer, said, "Our goal is to minimise data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US."
A BuzzFeed story in June showed ByteDance engineers in China had access to US data between September 2021 and January 2022.
The letter to Congress also said "ByteDance developed the algorithms for both Douyin and TikTok, and therefore some of the same underlying basic technology building blocks are utilised by both products."
TikTok is known as Douyin in China. But TikTok's business logic, algorithm, integration and deployment of systems is specific to the TikTok application and separate from Douyin, the letter said.
Reuters previously reported that while the code for the app, which determines the look and feel of TikTok, has been separated from Douyin, the server code was still partially shared across other ByteDance products. The server code provides basic functionality of the apps such as data storage, algorithms for moderating and recommending content and the management of user profiles.
The Chinese government took a stake and a board seat in a key ByteDance entity in 2021.
TikTok explained in its letter to the US senators that its acquisition of 1 per cent of Beijing Douyin Information Service Ltd was necessary to obtain a news license in China.
Senator Paterson discusses Pelosi's visit to Taiwan, Indo-Pacific tensions, defence strategic review
August 9, 2022
Senator Paterson discusses TikTok, China's mass data harvesting exercise & PJCIS with Peta Credlin
August 5, 2022
US and Australian parliamentary visits to Taiwan 'very common': Senator Paterson on First Edition
August 2, 2022