In January of this year, TikTok CEO Shouzi Chew faced severe questioning from US lawmakers about the company’s relationship with the Chinese Communist Party and the potential national security risks it may pose to the United States. Despite repeatedly denying any wrongdoing and reaffirming that TikTok has cut most ties with its Chinese parent company, ByteDance, a different story emerged from 11 former TikTok employees interviewed by Fortune magazine.
According to a report by Fortune on April 15, many of the interviewed former employees, including four who were hired just last year, stated that during their tenure at TikTok, some aspects of the business were intertwined with its parent company, and the company’s claim of independence from China was largely superficial.
Some former employees only agreed to be interviewed by Fortune anonymously, as they feared retaliation from TikTok, including the company withholding restricted stock they had received while still employees.
The information provided by these former employees has raised more questions about the relationship between TikTok and ByteDance, and it has given more ammunition to TikTok’s critics. Concerns have been raised that the Chinese government might exploit TikTok as a “Trojan horse,” using the vast amount of data it collects to monitor Americans.
Evan Turner, a former senior data scientist at TikTok from April to September 2022, told Fortune that during his employment, TikTok concealed ByteDance’s involvement. He initially reported to a senior ByteDance official in Beijing upon being hired. Later, TikTok announced that data of US users would only be stored in the US, assigning Turner to a US manager in Seattle in paperwork. However, he never met this Seattle manager. Instead, a human resources representative disclosed in a video conference that Turner would continue to work with ByteDance executives.
As a part of his job, Turner would send spreadsheets containing data of hundreds of thousands of US users to ByteDance in Beijing every two weeks via email. This data included names, email addresses, IP addresses, as well as geographic and demographic information of TikTok users in the US. All of this happened as TikTok began implementing measures to keep sensitive US user data in the US and only accessible by US employees.
Turner claimed that he was involved in a project that involved providing US data to China. TikTok’s initiative to stop sharing US user data with ByteDance was in response to US regulatory agencies. The company aimed to address the national security concerns TikTok posed to the US government. This “Project Texas” commenced in 2022 with the company announcing that US user data would be stored in US data centers.
However, despite these efforts, US concerns persisted. In March this year, the US House of Representatives passed a bill with an overwhelming majority that would compel ByteDance to divest TikTok within approximately six months of the bill taking effect, or else TikTok would be banned from entering US app stores and network hosting services. The bill still requires Senate approval before it can become law. President Biden has indicated he would sign the bill if passed by Congress.
Anton Dahbura, Executive Director of Information Security Research at Johns Hopkins University, described Turner’s alleged data transmission to China as “very concerning.” He emphasized the potential damage that targeted information like the spreadsheets may cause and highlighted the risks associated with geographic data for phishing attacks.
In another example of potential data sharing between TikTok and ByteDance, former Chief Technical Project Manager for Security Engineering at TikTok, Patrick Spaulding Ryan, and another former American employee of TikTok mentioned some internal software systems of the company. They said these systems were maintained and monitored by ByteDance teams.
These former employees pointed out that due to the Lark internal communication system being operated by ByteDance, ByteDance employees could access discussions among TikTok employees, including those related to US user data.
Another service shared between TikTok and ByteDance was Seal, an identity verification app and VPN network that employees were required to download on their work phone to safeguard their identities, data, and systems from potential risks. Ryan mentioned that these phones were usually personal devices since the company did not provide phones to employees. This software allowed ByteDance to have a foothold on the personal devices of US employees, enabling monitoring by ByteDance staff.
Dahbura from Johns Hopkins University believed that this connection demonstrated that ByteDance and the Chinese government had not made a concerted effort to establish a true firewall between their operations in China and the US.
During a hearing before the House Intelligence Committee on March 12, US Director of National Intelligence Avril Haines suggested that the Chinese government could leverage TikTok to influence the 2024 US elections. FBI Director Christopher Wray viewed TikTok as a national security threat, with the app’s influence operations being difficult to predict and detect.
TikTok, on the other hand, stated that the company neither has nor will share US user data with the Chinese government and viewed the House bill as tantamount to a ban.