China’s ByteDance Admits It Spied on U.S. Journalists

Employees of Chinese technology behemoth ByteDance inappropriately retrieved data from social media platform TikTok to monitor American journalists in an attempt to trace the source of leaks to the media, the company acknowledged in December 2022. 

Such an admission can be contrasted with TikTok’s widespread efforts to persuade  customers and governments of key markets such as the United States that they safeguard users’ data privacy and that the social media platform does not undermine the national security of these markets. 

However, based on a report by AFP, parent company ByteDance admitted that several staffers obtained two journalists’ data as part of an internal investigation into company information that was disclosed to the media.The company had planned to establish a connection between staff and a Financial Times reporter as well as a former BuzzFeed journalist, based on an email from ByteDance’s general counsel Erich Andersen.

Both journalists hitherto reported on the contents of divulged company materials. None of the employees found to have been embroiled in the case remained as ByteDance employees, Andersen said, though he failed to reveal how many had been fired.

In a declaration to AFP, ByteDance slammed  the “misguided initiative that seriously violated the company’s Code of Conduct.”

Andersen said that a company review of the scheme led by its compliance team and an external law firm found that employees had procured the IP addresses of the journalists to ascertain whether they were in the same location as ByteDance colleagues who allegedly revealed sensitive company information, 

Nonetheless, the scheme was unsuccessful, partially because the IP addresses merely disclosed approximate location data.

Once again, TikTok has come under scrutiny in the United States, and it has been banned from all U.S. House of Representatives-managed devices, based on the House’s administrative arm. This ban imitates a law soon to go into effect forbidding the application on U.S. government devices.

The app is regarded as “high risk due to a number of security issues,” the House’s Chief Administrative Officer (CAO) declared in a message sent to all lawmakers and staff, and must be deleted from all devices managed by the House.

The new rule comes after a wave of actions by U.S. state governments to ban TikTok from government devices. As of the week before Christmas last year, 19 states had at least partially blocked the application from state-managed devices over fears that the Chinese government could use the application to spy on Americans and censor content.

When Donald Trump was President, he tried to ban TikTok in the US or mandate a merger with an American company. The Trump administration, including Secretary of State Mike Pompeo, voiced national security fears over the popular social media application’s Chinese ownership, with Pompeo stating that TikTok might be “feeding data directly to the Chinese Communist Party.” 

For months, TikTok has sought to persuade U.S. authorities that users’ data are safe and stored on servers situated in the country.

Nevertheless, after media reports, TikTok has also acknowledged that China-based employees had access to U.S. users’ data, although the company maintained that such access was under stringent and highly restricted scenarios.  

Furthermore, a closer glance at TikTok’s privacy policy clearly shows that the company can disclose the data it collects with its corporate group, which includes ByteDance.

“We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group,” the privacy policy reads. 

Besides, TikTok’s privacy policy explains that the application collects all types of data. Such details include profile data, like users’ names and profile images, as well as any data users might key in via surveys, sweepstakes and contests, such as their gender, age and preferences. 

Moreover, the application also stores users’ locations, messages sent within the app and information about how people use the application. Users’ likes, what content they view and how often they use the application are also collected. It is noteworthy that Tiktok garners data on users’ interests inferred by the app according to the content that users view. 

Of significance to users is the fact that TikTok also garners data in the form of the content that users create on the app or upload to it. Such information would include the videos that users make. 

 What is more, former employees revealed to CNBC that user data is only the tip of the iceberg to illustrate the degree of close relations between TikTok and its parent company.

Direction and authorizations for all types of decision-making, be it be minor contracts or major strategies, hail from ByteDance’s leadership based in China. Consequently, employees have to work late hours after long days to participate in meetings with their Beijing counterparts.

Additionally, TikTok’s reliance on ByteDance extends to its technology. Past employees revealed that nearly 100 percent of TikTok’s product development is directed by Chinese ByteDance employees. 

To add fuel to the fire, China’s broad-based Internet laws mandate technology firms to aid Beijing with ambiguously-defined “intelligence work,” implying companies could be coerced to reveal network data regardless of willingness to do so. 

Two pieces of Chinese legislation, the 2017 National Intelligence Law and the 2014 Counter-Espionage Law, especially worry governments of TikTok’s key markets and make TikTok’s claims to protect users’ privacy more and more untenable.  

For instance, Article 7 of the first law asserts that “any organization or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law,” elaborating that the state “protects” any individual and organization that helps it.

Consequently, it seems that companies and individuals have no way out when it comes to aiding the Chinese government. Based on the 2014 Counter-Espionage law,“when the state security organ investigates and understands the situation of espionage and collects relevant evidence, the relevant organizations and individuals shall provide it truthfully and may not refuse.”

Such laws echo the concerns of one cybersecurity expert interviewed by CNBC, who said that TikTok could reveal users’ data following information requests from the Chinese authorities. 

“If the legal authorities in China or their parent company demand the data, users have already given them the legal right to turn it over,” said Bryan Cunningham, executive director of the Cybersecurity Policy & Research Institute at the University of California, Irvine. 

TikTok was unveiled internationally in September 2017 and its parent company, ByteDance, bought Musical.ly, a social application that was becoming more popular in the United States, for $1 billion in November 2017. Fast forward a few years and TikTok has swiftly garnered a user base of almost 92 million in the United States, especially among teenagers and young adults. Based on an October 2020 report by Piper Sandler, TikTok has overtaken Instagram as American teenagers’ second-favorite social media app, following Snapchat.