Under intense scrutiny from Washington that could lead to a potential ban, the top attorney for TikTok and its Chinese parent company ByteDance defended the social media platform’s plan to safeguard U.S. user data from China.
“The basic approach that we’re following is to make it physically impossible for any government, including the Chinese government, to get access to U.S. user data,” said general counsel Erich Andersen during a wide-ranging interview with The Associated Press at a cybersecurity conference in Sausalito, California, on Friday sponsored by the Hewlett Foundation and Aspen Digital and featuring top government officials, tech executives and journalists.
ByteDance will continue to develop its new app called Lemon8, Andersen said.
“We’re obviously going to do our best with the Lemon8 app to comply with U.S. law and to make sure we do the right thing here,” Andersen said, referring to the new social app developed by ByteDance that resembles Instagram and Pinterest. “But I think we got a long way to go with that application — it’s pretty much a startup phase.”
ByteDance’s most known app, TikTok, is under intense scrutiny over concerns it could hand over user data to the Chinese government or push pro-Beijing propaganda and misinformation on its behalf. Lemon8 was introduced across app stores in Japan in April 2020 and has been rolled out in more countries since then. It’s available for download in the U.S. and could face similar scrutiny to TikTok.
Leaders at the FBI, CIA and officials at other government agencies have warned that ByteDance could be forced to give user data — such as browsing history, IP addresses and biometric identifiers — to Beijing under a 2017 law that compels companies to cooperate with the government for matters involving China’s national security. Another Chinese law, implemented in 2014, has similar mandates.
To assuage concerns from U.S. officials, TikTok has been emphasizing a $1.5 billion proposal, called Project Texas, to store all U.S. user data on servers owned and maintained by the software giant Oracle. Under the plan, access to U.S. data would be managed by U.S. employees through a separate entity called TikTok U.S. Data Security, which is run independently of ByteDance and monitored by outside observers.
Some lawmakers have said that’s not enough. But despite skepticism about the project, TikTok says it is moving forward anyway.
“We’re investing in a system where people don’t have to believe the Chinese government and they don’t have to believe us,” Andersen said.
He also wondered if the skepticism was being driven by something else.
“Where are we falling short here?” he said. “At some point you get beyond the cybersecurity risk assessment, etcetera, and you get to ‘We don’t like your nationality.'”
TikTok CEO Shou Zi Chew has said the company started deleting all historic U.S. user data from non-Oracle servers this month and expects that process to be completed this year. During a congressional hearing held last week, Chew said migrating the data to Oracle will keep it out of China’s hands, but also acknowledged China-based employees may still have access to it before the process wraps up.
TikTok maintains it has never been requested to turn over any kind of data and won’t do so if asked. But whether those promises, or Project Texas, will allow it to stay operating in the U.S. remains to be seen.