Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security."
The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols.
The contents of the letter, first reported by The New York Times, shares more details about TikTok's plans to address data security concerns through a multi-pronged initiative codenamed "Project Texas."
"Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the memo.
This includes what it calls a narrow set of non-sensitive TikTok U.S. user data, such as public videos and comments, to meet interoperability requirements, while emphasizing that this access will be "very limited" in scope and pursuant to protocols developed in collaboration with the U.S. government.
TikTok, a popular social video-sharing service from Beijing-based ByteDance, has long remained in the crosshairs of U.S. lawmakers over national security risks that could arise from the Chinese government requesting data belonging to U.S. users directly from its parent firm.
But in the letter, the company aimed to reassure that it has never been asked to provide data to the Chinese authorities and that it would not accede to such government inquiries.
TikTok further reiterated that 100% of U.S. user data is routed to Oracle cloud infrastructure located in the U.S., and that it's working with the enterprise software firm on more advanced data security controls that it hopes to finalize "in the near future."
Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!Don't Miss Out – Save Your Seat!
On top of that, the ByteDance-owned company said it's planning to delete U.S. data from its own backup servers in Singapore and the U.S. and fully switch to Oracle cloud servers situated in the U.S.
The latest wave of scrutiny into TikTok follows a report from BuzzFeed News that alleged frequent access by ByteDance staff, citing anonymous employees, who said "everything is seen in China" and referenced a "Master Admin" who "has access to everything."
The company called the allegations and insinuations as "incorrect and are not supported by facts," noting that people who work on these projects "do not have visibility into the full picture."