TikTok is a video messaging app that was developed in the People’s Republic of China and is owned by ByteDance, another PRC company. The Wall Street Journal published a Q&A on the app last Tuesday.
I have some thoughts, too.
For background, here are some of the data that TikTok collects just because you’re using it.
…location data and your internet address, according to its privacy policy, and it tracks the type of device you are using to access its platform. It stores your browsing and search history as well as the content of messages you exchange with others on the app.
How to locate your device in the Net, where you’ve been virtually, and what you say in your correspondence. That’s just for starters.
If you opt in, TikTok says it can collect your phone and social-network contacts, your GPS position, and your personal information such as age and phone number along with any user-generated content you post, such as photos and videos. It can store payment information, too. TikTok also gets a sense of what makes you tick. It can track the videos you like, share, watch….
Your physical location, and all that personally identifying information. It exposes your contacts, too, without their having any opportunity to reject “opting in.”
Now, some of the rest of the story:
Why is the US concerned?
Beijing performing mass data collection on American citizens….
…a vast database of information that could be used for espionage…if TikTok’s user data could be obtained by the Chinese government, that would enhance any such efforts. “You can use [artificial intelligence tools] to sort through it and find an awful lot of data….”
And this:
A TikTok spokesman said that the Chinese government has never asked the company for user data and that it would refuse such a request. “TikTok has an American CEO and is owned by a private company that is backed by some of the best-known US investors[.]”
This is a disingenuous claim. What the PRC has or has not done in the past in this regard is wholly irrelevant to what it can do. The more important thing, too, is what it can do. Under a PRC 2017 national intelligence law, all PRC companies and people are required to comply with any and all intel community requests for intel-related information. What is intel-related is determined by the intel community. Under the just-passed Hong Kong national security law, the PRC government has arrogated to itself the authority to go after any entity or person it deems a national security threat—wherever that entity or person is located, under whatever sovereign nation jurisdiction that entity or person resides, in the world.
TikTok, owned by ByteDance, is as subject to those laws as is ByteDance.
Does TikTok share any information with ByteDance, its China-based parent?
TikTok stores its data on American users on servers in the US and Singapore, but its website says that information can be shared with ByteDance or other affiliates.
Not only can be shared, but will be. Nor will it matter what firewalls ByteDance might claim to have erected between it and its subordinate—limiting the number of employees who have access to user data and the scenarios where data access is enabled, for instance—the parent organization can tear them down at will. And can be expected to, as necessary, to satisfy information demands from the PRC’s intel community.
As for those “other affiliates”—some of them may well be within the PRC.
What happens to your data if you quit TikTok?
Users can ask TikTok to delete their data, and the company has said in its policy that it will respond in a manner consistent with applicable law upon verifying your identity.
Users are supposed to believe TikTok’s wide-eyed innocent claim to have complied, even though they have no means of independently verifying TikTok’s assertion. But the kicker is that manner consistent with applicable law caveat. Two of those applicable laws are the PRC’s security laws mentioned above.
This is not a bit of software that should appear anywhere on anyone’s device.