ByteDance, TikTok’s Chinese parent company, said on Thursday that an internal investigation found that employees improperly obtained data on U.S. TikTok users, including two journalists.
Over the summer, several members of the ByteDance team tasked with monitoring employee behavior tried to find the source of suspected leaks of internal conversations and business documents to reporters. In doing so, the employees obtained the IP addresses and other data of two journalists, as well as a handful of people connected to the journalists through their TikTok accounts. They tried to determine whether the individuals were within the same distance as ByteDance employees, according to the company, adding that those efforts failed to uncover any leaks.
The investigation was started after an article was published Forbes, the investigation confirmed parts of the report and acknowledged the privacy and security risks associated with TikTok that U.S. lawmakers, governors, and the Trump and Biden administrations have raised for more than two years. More than a dozen states have banned TikTok from government-issued devices, and the company has been in long-running negotiations with the government over security and privacy measures that would block any potential access by ByteDance and the Chinese government to U.S. user data.
ByteDance’s general counsel, Erich Andersen, disclosed the findings, conducted by an outside law firm, in an email to employees on Thursday.
1 member of the team resigned and 3 were fired. Two of the employees are in China and two are in the United States. ByteDance said it had restructured its global compliance team and had removed any access to U.S. data by the unit. ByteDance said the targeted journalists wrote for BuzzFeed and the Financial Times, but declined to identify them and other affected TikTok users.
Mr. Andersen and ByteDance CEO Liang Rubo revealed the findings in separate emails to employees.
“I was very disappointed when I learned of this situation . . . I’m sure you feel the same way,” Mr Leung wrote. “The public trust we have worked so hard to build will be severely damaged by the wrongdoing of a few.”
TikTok’s chief executive, Zhou Shouzi, also sent an email to his employees about the investigation, expressing disappointment and emphasizing the company’s commitment to protecting U.S. data.
“We take data security very seriously,” Zhou said in an email. Over the past 15 months, the company has been working to create a new US-based data storage program as “a testament to that commitment,” he said.
The revelations come as U.S. officials grow increasingly concerned about the privacy and national security risks posed by TikTok, the wildly popular video-sharing app with an estimated 100 million U.S. users. ByteDance acquired TikTok (formerly Musical.ly) in 2017 and has since been the focus of national security officials who say the app is too close to its parent company in China and could place sensitive data such as geographic location and habits, as well as the interests of American users, are in the hands of the Chinese government.
To allay national security concerns, ByteDance has moved the data of U.S. users to a cloud storage system operated by Silicon Valley software company Oracle.
In September, TikTok’s chief operating officer, Vanessa Pappas, testified at a Senate hearing that the app did not share data with the Chinese government. The company has sought to distance the app from ByteDance, saying TikTok has its own corporate structure with offices in Washington, Singapore, New York and Los Angeles.
TikTok has been negotiating with the Biden administration over a data security plan that would put all U.S. data on Oracle’s cloud servers and erect walls around it to prevent Chinese government access. Negotiations began during the Trump administration but have stalled in recent weeks, prompting a series of state and federal actions to limit TikTok’s use.
Congress could vote as early as this week on a proposal to ban TikTok from using any federal equipment.intelligence officials, including the director of the fbi Christopher Freywarning that Chinese officials could steal sensitive data about U.S. citizens for surveillance and spreading propaganda.
TikTok is in the midst of an escalating economic and trade war between the United States and China for technological leadership. The superpower has imposed trade restrictions on foreign-made technology and has poured hundreds of billions of dollars into subsidies and grants to bring technology supply chains back to manufacturing within its borders.
A bill introduced by Sen. Josh Hawley, Republican of Missouri, would ban TikTok on all federal devices, the app’s most sweeping restriction yet. Despite assurances from ByteDance and TikTok, the Chinese government has broad data-collection powers, including on apps by U.S. users linked to Chinese companies, he said.
“TikTok is essentially a back door for the Communist Party to track keystrokes, contact lists and locations, and there is no way to shut it down,” Mr Hawley said in an interview this week. “ByteDance is obliged under Chinese law to hand over data, which is a major privacy risk for Americans.”