[ad_1]
According to documents examined by Forbes, the parent company of TikTok, ByteDance has planned to track specific Americansâ physical locations.
ByteDanceâs Internal Audit and Risk Control division, overseen by Beijing-based executive Song Ye, who answers to ByteDance cofounder and CEO Rubo Liang, was in charge of the project.
Visit Forbesâ Emily Baker-White for more.
The teamâs primary focus is looking into alleged wrongdoing by current and former ByteDance workers. However, the documents reveal that the Internal Audit team also intended to get TikTok information about a U.S. citizenâs location in at least two instances who had never worked for the company. Although it is unclear from the documents whether information about these Americans was ever gathered, the idea was for a Beijing-based ByteDance team to acquire location information from the devices of American users.
According to Maureen Shanahan, a spokesperson for TikTok, the app uses usersâ IP addresses to gather approximate location data in order to, among other things, âhelp show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.â
However, the information Forbes has seen shows that ByteDanceâs Internal Audit team intended to utilise this location data to monitor specific American citizens, not to target ads or for any of these other purposes. In order to safeguard sources, Forbes is not identifying the type of monitoring that is being planned or why it is being done. If any activists, public figures, journalists, or members of the U.S. government have been explicitly targeted by Internal Audit, they have not been identified by TikTok or ByteDance.
TikTok is reportedly close to signing a contract with the Treasury Departmentâs Committee on Foreign Investment in the United States (CFIUS), which evaluates the national security risks posed by companies of foreign ownership, and has been investigating whether the companyâs Chinese ownership could enable the Chinese government to access personal information about U.S. TikTok users.
In September, President Biden signed an executive order enumerating specific risks that CFIUS should consider when assessing companies of foreign ownership. The order, which states that it intends to âemphasize . . . the risks presented by foreign adversariesâ access to data of United States persons,â focuses specifically on foreign companiesâ potential use of data âfor the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potential adverse impacts on national security.â
The Treasury Department did not respond to a request for comment.
Regular audits and investigations of TikTok and ByteDance workers are conducted by the internal audit and risk control team to check for violations like conflicts of interest, improper use of corporate resources, and disclosure of sensitive data. According to internal documents Forbes reviewed, senior executives, including TikTok CEO Shou Zi Chew, had instructed the team to look into specific workers, and the investigation had continued even after those employees had departed the business.
Documents and records from Lark, ByteDanceâs internal office management software, show that the internal audit team employs a data request method known to workers as the âgreen channel.â These documents and records demonstrate that information about American employees was obtained from the Chinese mainland through âgreen channelâ requests.
âLike most companies our size, we have an internal audit function responsible for objectively auditing and evaluating the company and our employeesâ adherence to our codes of conduct,â said ByteDance spokesperson Jennifer Banks in a statement. âThis team provides its recommendations to the leadership team.â
ByteDance is not the first tech giant to have considered using an app to monitor specific U.S. users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties. At the time, Uber acknowledged that it had run the program, called âgreyball,â but said it was used to deny ride requests to âopponents who collude with officials on secret âstingsâ meant to entrap drivers,â among other groups.
TikTok did not respond to questions about whether it has ever served different content or experiences to government officials, regulators, activists or journalists than the general public in the TikTok app.
According to reports, Facebook and Uber both kept tabs on the whereabouts of journalists using their apps. According to a 2015 investigation by the Electronic Privacy Information Center, Uber had tracked the whereabouts of journalists who covered the business. Uber did not directly address this assertion. An Ugly Truth, a book published in 2021, claims that Facebook engaged in a similar practise to identify the journalistsâ sources. Although a spokesman told the San Jose Mercury News in 2018 that Facebook âroutinely use[s] business records in employment investigations,â Facebook did not specifically address the claims made in the book.
However, a crucial aspect sets apart ByteDanceâs planned collection of personal user data from those instances: In a recent letter to lawmakers, TikTok stated that âonly authorised personnel, in accordance with protocols being developed with the U.S. Government,â will have access to certain U.S. user data, likely including location. If Internal Audit executive Song Ye or other members of the division are considered âapproved personnelâ for the purposes of these protocols, TikTok and ByteDance did not respond to inquiries regarding this.
These assurances are a part of TikTokâs massive Project Texas effort to rebuild its internal systems so that Chinese employees wonât have access to a variety of âprotectedâ identifying information about users of the TikTok app in the United States, such as their phone numbers, birthdays, and draught videos. The companyâs efforts in this area are crucial.
Vanessa Pappas, the chief operating officer of TikTok, stated at a Senate hearing in September that the upcoming CFIUS contract will âsatisfy all national security concernsâ over the app. However, a few senators showed scepticism. Following a June BuzzFeed News report revealing that ByteDance employees in China had repeatedly accessed U.S. user data, the Senate Intelligence Committee launched an investigation into whether TikTok misled lawmakers by withholding information about the access of U.S. data earlier this year by employees based in China.
The company uses methods including encryption and âsecurity monitoringâ to keep data secure, access approval is monitored by U.S. staff, and employees are given access to U.S. data âas-needed,â according to a statement from TikTok spokeswoman Shanahan.
Itâs unclear what part ByteDanceâs Internal Audit team will play in TikTokâs efforts to restrict access to U.S. user data by personnel headquartered in China, particularly given the teamâs ambitions to track the movements of some American citizens using the TikTok app. However, a fraud risk assessment prepared by a team member in late 2021 raised issues with data storage, stating that, in the opinion of the staff members in charge of the companyâs data,âit is impossible to keep data that should not be stored in CN from being retained in CN-based servers, even after ByteDance stands up a primary storage cetner [sic] in Singapore. [Lark data is saved in China.]â (brackets in original).
Furthermore, a leaked audio discussion from January 2022 reveals that the Beijing-based team was already gathering further details about Project Texas at that time. A member of TikTokâs U.S. Trust & Safety team described an odd chat to his manager during the call: Chris Lepitak, TikTokâs Chief Internal Auditor, had urged the employee to meet at a restaurant in the LA area after hours. The employee was then questioned in-depth by Lepitak, who answers to Song Ye in Beijing, regarding the location and specifics of the Oracle server, which is essential to TikTokâs intentions to restrict foreign access to sensitive user data in the United States. The worker admitted to his manager that the interaction had âfreaked him out.â When contacted about this exchange, neither TikTok nor ByteDance provided a response.
[ad_2]
Source link