TikTok user data routinely posted on internal messaging system, stored on Chinese servers: NY Times

Introduction

In a recent investigation by The New York Times, it was revealed that sensitive user data from TikTok, including drivers' licenses and addresses, was routinely posted on an internal messaging platform called Lark, which operates similarly to Slack. This information was shared among thousands of employees, including those based in China, between 2019 and 2022. The investigation contradicts recent congressional testimony by TikTok's CEO, who downplayed any access to American user data by engineers in China, claiming that the company has rigorous data access protocols.

According to the documents obtained by The New York Times and interviews with current and former employees, there are significant concerns about how user data was managed and shared within the company. While TikTok is developing a project called "Project Texas," which aims to store U.S. user data on separate servers controlled by the company, this effort seems far from sufficient to ensure data protection as evidenced by the information shared on Lark.

Industry experts noted that ineffectual data privacy practices may stem from TikTok's relatively less mature operational experience compared to other social media companies. The findings raised questions about the adequacy of data protection measures at TikTok, especially given that by late last year, the Lark data was reportedly stored on Chinese servers. When pressed for clarification, TikTok's representatives did not provide a definitive answer regarding the current data storage situation.

A spokesperson for TikTok responded to the allegations, describing the documents as outdated and claiming that they do not accurately depict how user data is handled. The spokesperson also emphasized the progress being made under Project Texas and assured that measures have been implemented to mitigate internal concerns.

One of the more alarming revelations from the investigation is the handling of driver's licenses. Users, often when locked out of their accounts, were required to upload sensitive documents such as passport and driver's license information to prove their identity to customer service representatives. Unfortunately, these sensitive documents would subsequently end up being shared in internal chat rooms within large employee groups, potentially exposing them to unauthorized access.

As debates continue regarding TikTok's ownership and implications for user data safety in the U.S., the investigation raises pressing questions about how user data can be credibly secured and whether it can be effectively segregated from potential oversight by the Chinese government.

Keywords

• TikTok
• user data
• internal messaging system
• Lark
• Chinese servers
• sensitive information
• Project Texas
• congressional testimony
• data access protocols

FAQ

1. What sensitive data was shared on TikTok's internal messaging system? Sensitive data shared included users' driver's licenses, addresses, and other personal information.

2. How did this data end up being shared on Lark? Users uploaded their sensitive data to customer service while troubleshooting account issues, which then got shared on the internal messaging system among employees.

3. What is Project Texas? Project Texas is an initiative by TikTok aimed at storing U.S. user data on dedicated servers controlled and monitored separately from other data systems.

4. Are TikTok's data protection protocols sufficient? The investigation suggests that TikTok's data protection measures may not be sufficiently robust compared to industry standards, raising concerns about data privacy and access.

5. How have TikTok officials responded to these allegations? TikTok representatives called the information outdated and asserted that they are implementing changes to better manage U.S. user data while emphasizing the progress made under Project Texas.