A former TikTok employee voiced concerns to The Washington Post and congressional investigators about the safety of Americans’ user data, revelations that the Post writes could “undermine” Project Texas, a “$1.5 billion restructuring plan.”
The former employee worked at TikTok’s Trust and Safety division as a head of a unit for six months. They “spoke on the condition of anonymity because of fear of retaliation” and “said he worked to address the data-privacy issues internally but was fired after raising his concerns,” according to the Post. The article states that this individual “said he has not yet filed an official whistleblower complaint with the [Securities and Exchange Commission], and his claims have not been corroborated by an official investigation.”
The anonymous individual told congressional investigators that Project Texas, which is the aforementioned restructuring plan that “TikTok has promoted widely in Washington as a way to neutralize the risk of data theft or misuse by the Chinese government.” He said that there are issues that “could leave data from TikTok’s more than 100 million U.S. users exposed to China-based employees of its parent company ByteDance, even as the company races to implement new safety rules walling off domestic user information.”
According to the Post, “TikTok and ByteDance officials have since 2019 been negotiating with a group of federal officials, known as the Committee on Foreign Investment in the United States, about which privacy standards and technical safeguards they’d need to adopt to satisfy U.S. national-security concerns. The company finalized its proposal in August and presented it to CFIUS, but it has yet to be approved, and CFIUS officials have declined to explain why.”
The former employee gave the Post evidence and documents: one piece of evidence is “a snippet of code he said showed that TikTok could connect with systems linked to Toutiao, a popular Chinese news app run by ByteDance. That connection, he said, could allow for surreptitious interference in the flow of U.S. data.”
TikTok officials commented on the former employee’s statements, saying that he “misconstrued the plan and that his termination, months before it was finalized, means he ‘would have no knowledge of the current status of Project Texas and the many significant milestones the initiative has reached over the last year.’” TikTok officials also said that his allegations regarding Toutiao are “unfounded” and that “the code snippet he shared did not indicate any correlation or connectivity between the two apps.”
The former employee also shared documents that contained information about the Safety Operations team at TikTok, “which oversaw technical risk management and compliance issues, including which employees had access to company tools and user data.” The individual says that the technical concerns could be resolved using “doable and feasible” solutions “that would go beyond Project Texas’s protocols.”
He also shared with the Post a letter he wrote in December to the CEO of TikTok, Shou Zi Chew, in which he stated senior managers at the company were “responsible for the internal fraud pertaining to implementation of Project Texas.” The letter also said that these managers intentionally lied to U.S. government officials about how the project’s “controls had been tested and verified,” according to the article.
“Various TikTok executives were unduly pressuring me to sign off on Project Texas as if it was something accomplished [a] long time ago,” he wrote. He demanded a “rapid internal investigation to ensure true risk management and my reinstatement,” the Post reports.
An email the Post reviewed stated that “ByteDance’s head of global legal compliance acknowledged receiving his letter of concerns and said the company would ‘review them with expediency.’” The former employee says that the company “has not offered any updates since.”
Tech whistleblowers have been speaking out in recent years about security failures and where the companies’ priorities lie: Frances Haugen brought to light allegations about Facebook’s decisions to put profits before the safety of its users and highlighted the harm that young children, especially girls, are placed in by social media platforms. Sophie Zhang voiced concerns about fake accounts on Facebook and the social media company’s lack of emphasis on rooting out inauthentic content – which she stated had real-world consequences in a number of countries. Thomas Le Bonniec sounded the alarm about Apple’s Siri virtual assistant, who has access to recordings that individuals may think are private, and the lack of action when he came across highly concerning recordings while working for an Apple contractor. Mark MacGann released what is now known as the Uber Files, which “contain a number of shocking revelations about the tech giant, including how it sought to exploit violence against its own drivers, lobby foreign leaders and Russian oligarchs, avoid police investigations, and skirt tax authorities,” previous WNN reporting states. Tech whistleblowers continue to make waves in the media and bring to light critical issues about platforms many people use every day.