On Friday, TikTok announced that it had begun routing data from US users to US servers owned by Oracle. But a timely report from BuzzFeed News questions what TikTok’s promise really delivers, claiming that TikTok employees in China have “repeatedly” accessed US users’ data over the course of at least several months.
In recordings of internal staff meetings and presentations obtained by: BuzzFeed News, TikTok employees reportedly had to ask their colleagues in China to access U.S. user data, as they did not have access to this data themselves. A member of TikTok’s trust and security team is said to have stated that “Everything is seen in China”, while another employee said a China-based engineer “had access to everything”.
These events reportedly occurred from at least September 2021 and January 2022, following similar allegations set forth by CNBC last year.
TikTok has been criticized for years for potentially exposing US users’ data to China, where TikTok’s parent company, ByteDance, is based. In 2020, former President Donald Trump threatened TikTok with a nationwide ban and attempted to force the company to separate its US-based assets from ByteDance, calling it a threat to national security.
While TikTok never really did selling its US-based assets, it discussed making US software company Oracle its “trusted technology partner.” The deal appeared to be on its last legs after President Joe Biden took office, but resurfaced in March with reports of something called Project Texas.
Referring to Oracle’s Texas-based headquarters, this initiative is supposed to monitor US users’ data on Oracle’s servers and block access by China-based ByteDance. It appears that some form of this deal is now underway as TikTok has announced the transition to Oracle’s servers.
“For more than a year, we’ve been working with Oracle on several measures as part of our commercial relationship to better protect our app, systems and the security of US user data,” said Albert Calamug, TikTok’s head of US security and public policy. “Today, 100% of US user traffic is redirected to Oracle Cloud Infrastructure.”
The company adds that it will use its Virginia and Singapore-based servers for backups, but it aims to remove users’ private data from those servers in order to “run completely to Oracle cloud servers in the US”. It’s unclear when TikTok plans to make a full shift to Oracle’s servers, and the company did not immediately respond. The edge‘s request for comment.
“These are critical steps, but there is more we can do,” Calamug continues. “We know we are one of the most researched platforms from a security perspective, and we strive to remove any doubt about the security of US user data.”