TikTok’s efforts to address US data privacy fears may have holes. A self-proclaimed whistleblower talking to The Washington Post says the social network’s plan to protect American users’ data, Project Texas, has major flaws. The former Trust and Safety team member claims the $1.5 billion initiative will still let TikTok connect to parent company ByteDance’s Toutiao, a well-known Chinese news app. That link could theoretically allow China to access US data. A truly secure approach would require a “complete re-engineering” of the service’s infrastructure, the ex-employee says.
The staffer also claims to have met with the offices of Sen. Chuck Grassley and Sen. Mark Warner to discuss the alleged weaknesses. Representatives for both senators acknowledged that meetings had taken place.
We’ve asked TikTok for comment. Unnamed people at the social media giant tell The Post that the claims are “unfounded,” and the Toutiao code only amounts to a “naming convention and technical relic” that doesn’t tie the app to China. They also believe that the relocation of US data to Oracle servers undercuts the assertion that Toutiao could affect the US business. The whistleblower was only employed for half a year, and he supposedly left months before Project Texas was finalized. He may not know the full picture, in other words.
TikTok has repeatedly denied cooperating with the Chinese government, and there’s no publicly known evidence to that effect. Douyin, the equivalent app available inside China, has completely separate content.
The timing of the purported revelation isn’t good for TikTok. House and Senate bills (Warner co-sponsored the latter bill) could lead to nationwide TikTok bans if they become law, and CEO Shou Zi Chew is set to testify before the House on March 23rd to address security and child safety concerns. Politicians are worried the Chinese government may use TikTok to collect data on Americans and spread propaganda, and the report doesn’t help ease those fears.