TikTok Admits to Surveilling US Journalists’ Data

Reading Time: 4 minutes.

TikTok logo with an eye, repeated a bunch of timesTikTok collects more data on its users than any other social network. On top of that, their suggestion algorithms have been caught serving up less “controversial” results, including hiding posts about LGBTQ people, banning users who called out China’s concentration and forced labor camps for Uyghur Muslims, and hiding posts about protests, notably during the BLM protests. The company’s ability to collect data, create an addictive app, and control and persuade user beliefs has made it a target of U.S. legislators. The company has promised not to collect or monitor U.S. data in China, however leaked conversations from over six months ago showed the company has been collecting U.S. user data in China. The company specifically targeted journalists in the U.S. and U.K. External auditors showed there were backdoor access points for nearly all U.S. data.

Now, in the face of mounting evidence, TikTok has claimed it fired the people responsible for spying specifically on journalists, a single person and his team of four people.

An Ongoing Data Problem

In June, Emily Baker-White, then writing for Buzzfeed News, reported on internal workings at ByteDance, TikTok’s Chinese parent company. It included reports from an external auditor who found backdoors in nearly all of ByteDance’s storage of U.S. data, allowing employees in China to access U.S. data they should not have access to. “I feel like with these tools, there’s some backdoor to access user data in almost all of them,” they stated.

On top of that, the report found over 80 hours of internal TikTok meetings. These discussed how China-based employees were able to access the data of U.S.-based users and their non-public data. This could include personal information, locations, and other derived data. They were reportedly capable and knowingly keeping track of this information, and have been discussing it at the company for months.

TikTok denied allegations at the time. However, they began an investigation. Two, it would seem. The first a third party investigation into their practices to figure out who was to blame for the sharing of U.S. data in China. However, at least one group within TikTok began working to figure out who leaked the damning information to journalists. They did this by digitally stalking those U.S. and U.K.-based journalists to see when their paths may have crossed those of ByteDance employees, who they were also tracking.

TikTok Fesses Up

ByteDance used TikTok to track my location — and the locations of two of my colleagues — to try to find our sources. We reported on this back in October, but kept things vague to protect sources. Today ByteDance admitted it, so we can say much more:

ByteDance reportedly tried to figure out a journalists’ sources using her non-public location data in TikTok.

TikTok previously claimed that no one was tracking American users in China. However, a report from Buzzfeed News, by Emily Baker-White, exposed the fact that TikTok knew U.S. user data had been “repeatedly accessed from China.” It was this reporting that made Baker-White a target. She now writes for Forbes, who claims TikTok had spied on three of its reporters, including Baker-White. The Financial Times also claimed to have proof of similar privacy violations for one of their reporters. TikTok, however, has stated that an investigation revealed only two journalists tracked, and has claimed that one manager and four employees, two in the U.S. and two in China, were fired. The manger, Chris Lepitak, supposedly had his team do the spying. His manager, a China-based executive, Song Ye, resigned.

ByteDance was using TikTok data to cut off these journalists’ sources, ending their reporting of activities within TikTok. It was an attack on the freedom of the press in the U.S. and U.K. Why was it so important? It seems hard to believe the 80+ hours of recordings from inside ByteDance were just between these six employees, that literally no one else had motivation to spy on U.S. users.

“This is a direct assault on the idea of a free press and its critical role in a functioning democracy.”

– Randall Lane, Chief Content Officer at Forbes

TikTok global security chief Roland Cloutier resigned in July of 2022, just after Buzzfeed News broke the story of TikTok’s data access. According to Forbes, five other high-ranking executives quit, stating “China is still calling the shots.” One of those begrudged former managers stated, “A lot of our guidance came from HQ, and we weren’t necessarily a part of strategy building.”

It seems clear China’s ByteDance has strict control over TikTok, even in the U.S. where it pledged to step back. Though the company pins the blame of these targeted attacks on just one manager and four of his employees, it seems unlikely. Who would do this without direction? TikTok also seems to report fewer journalists were monitored than Forbes and The Financial Times have reported, which alos raises further questions.

“This new development reinforces serious concerns that the social media platform has permitted TikTok engineers and executives in the People’s Republic of China to repeatedly access private data of U.S. users despite repeated claims to lawmakers and users that this data was protected,”

– Senator Mark Warner (D)

Not Alone: Facebook and Uber Too

TikTok collects far more personal data on its users than any other social network. Still, they’re not the only ones misusing their access to users’ personal data and, specifically, their location. Uber used a “greyball” program to deny ride requests to those who may try to expose the service’s potential wrongdoings. The Electronic Privacy Information Center found Uber had monitored the locations of journalists who wrote about the company. In Sheera Frenkel and Cecilia Kang’s book, An Ugly Truth, they claim Facebook also tracked journalists to try to find the sources of leaks, much in the way TikTok has. However, unlike TikTok, this data remained in the U.S., instead of being shared with China. The amount of Data Facebook collects, while entirely unforgivable, pales in comparison to what TikTok collects from users’ devices.

Great Power, Misused

TikTok became the most visited website in the world in 2021. It has the ability to spy on people all over the world, as well as influence public opinion. These reports show the company has repeatedly used that power irresponsibly. The only way to really take their power away is to not use the service. But where will you find the latest memes and trends then? Are freedom of speech, safety, security, privacy, and civil rights really more important than memes?

Maybe not.

One thing you can do is make yourself more difficult to track. Don’t let apps or websites gain access to your location. If you must, set it to only when you’re using the app. Use an email masking service, like Firefox Relay or Apple’s “Hide My Email” feature to ensure you have a different email address for each of these privacy-invading services. Finally, use a VPN, like those from Proton, NordVPN or ExpressVPN. These can mask your location, which can be derived from your IP address, by masking your address.

Still, your best tool to protect your privacy is to simply not use these apps at all.


Sources:
,