How Much of a Threat Is TikTok?

How Much of a Threat Is TikTok?
A man opens the social media app TikTok on his cell phone, in Islamabad, Pakistan, July 21, 2020 (AP photo by Anjum Naveed).
The wildly popular video-sharing platform TikTok and its Chinese parent company, ByteDance, have had a rough couple of months. The government of India banned TikTok in June—along with dozens of other Chinese apps—and authorities in a number of other major markets are investigating TikTok over national security and data privacy concerns. President Donald Trump said last week that he would ban the app in the United States, but then changed his mind and gave his blessing to a proposed deal in which Microsoft would buy TikTok’s operations in the U.S., Canada, New Zealand and Australia. On the Trend Lines podcast this week, Samantha Hoffman and Fergus Ryan, both experts on China at the Australian Strategic Policy Institute, joined WPR’s Elliot Waldman to talk about the extent to which TikTok and ByteDance could be using—and abusing—the app’s user data. They also discussed the broader issues posed by China’s stringent government oversight over its technology sector, and what lessons Western observers can take from the rapid growth of Chinese tech companies. Listen to the full conversation here: And if you like what you hear, subscribe to Trend Lines: Apple Podcasts | RSS | Spotify The following is a partial transcript of the interview. It has been lightly edited for clarity. World Politics Review: According to Secretary of State Mike Pompeo, TikTok users might as well be handing over their private information to the Chinese Communist Party. Is there any evidence of that? Fergus Ryan: I think you only need to look at what ByteDance says themselves. The company says that they store TikTok user data in Singapore and in the United States, but they’re very careful to never say that this data is not being accessed by ByteDance employees back in China. And the reason why they don’t say that, clearly, is because it’s highly likely that they are accessing TikTok user data from Beijing. This makes sense, because if they are to update the app, understand the users that they have, and continue to make the app a better experience for their users, they need to be looking at some data. So, I don’t really have any evidence to suggest that they are not storing the data outside of China. But by their very own admission, they are most certainly still accessing it from China. TikTok’s chief information security officer said in an April blog post that it is the goal of TikTok to “minimize” access to user data by employees in China. The goal was not to completely cut off China-based employees from the user data, but to minimize their access. So even by their own statements, it’s clear that they are still accessing this user data. Where it’s stored is a bit of a red herring. Samantha Hoffman: As Fergus said, the types of data collection that could be taking place, and the uses for it, could be very normal. And in fact, they have to be for the app to continue improving. But then, the next question is, how else has that same data been used? I think it’s hard for an individual TikTok user who’s just using it for fun to understand how a video of them engaging in a social activity could have security implications. At the most basic level, if you think about the kinds of data that TikTok has access to, they have access to data that can be used to make facial recognition and AI algorithms more accurate, for instance. What are the security implications of that? Well, we see in China how such technology is used in very invasive ways for surveillance, and the more accurate it is, the more effective it can be. So, the more kinds of face data that you have, the more effective that’s going to be.

Even byTikTok’s own statements, it’s clear that they are still accessing this user data. Where it’s stored is a bit of a red herring.

Another thing is, if you have a sense of how society or various parts of society are influenced, that can be very useful from a propaganda perspective. It’s the same reason why advertisers would find that data useful. The data could also be exploited by other actors for reasons that affect our security in the long term. In fact, I think there was a California lawsuit filed last year that suggested that TikTok was collecting its users’ face data and sending it back to China. WPR: Part of the debate here in the U.S. has focused on how TikTok’s mining of user data and personal information compares to American tech giants like Google and Facebook, and the kind of data that they collect on users. Would you say it’s a fair comparison between the two? How do they stack up? Hoffman: What a company like TikTok is doing isn’t fundamentally different. The difference, potentially, is the intent, and how that data can be used. From my perspective, and based on the research that I’m doing, the technical side of TikTok isn’t necessarily that unique. It’s more about the intent behind that collection. And sometimes, that can be multiple things. As Fergus and I both said earlier, part of the data collection is about the app and making the service better, but it doesn’t mean that there can’t be many other uses for the same exact data. That’s a problem. So, then you have to look at what the company says and also what its parent company says about, for instance, politics and how it complies with laws, and what laws it complies with. That tells you a little bit more about intent. WPR: Do we know anything about ByteDance, TikTok’s parent company, in terms of its politics and its history of working with the Chinese government? Are there any examples from the past that might be instructive here? Ryan: Yeah, there are many instructive anecdotes to talk about. The most infamous one, at least in China watchers’ circles, was in 2018, when Zhang Yiming, the 37-year-old CEO of ByteDance, got into trouble. He had an app called Neihan Duanzi, which was for sharing funny GIFs, memes and jokes. But the Chinese Communist Party got very paranoid about it. We don’t know exactly why, but one of the best arguments, which certainly makes sense to me, is that the CCP was very scared about how people were starting to organize on the app. What was happening was a lot of the users of this particular app, who generally came not from the major cities in China, but more what they call second- and third-tier cities, started to meet up offline after they’d forged friendships on the app, and were starting to organize. And if there’s anything that makes the Chinese Communist Party paranoid, it’s when people start to group together in organizations that the CCP doesn’t have complete oversight of. So, that’s just the context of what was happening with that app. Anyway, the regulators banned it, and this was an existential crisis for ByteDance, because this was an important part of their app ecosystem. It was a very clear signal from regulators, from the government, and from the party that ByteDance needed to make sure that while it was pursuing its commercial goals, it had to also keep top of mind the goals of the Chinese Communist Party. Now, this isn’t speculation. We know this for a fact, because Zhang Yiming, after this happened, came out and publicly published a letter in which he essentially said that he recognized that he hadn’t been keeping the CCP top of mind. He hadn’t been considering the goals of the party, and how censorship and propaganda are important. And he apologized for it, and he committed to correcting that mistake. After he made this apology, the company went on to hire at least 2,000 extra censors to work at ByteDance. And when they put out the job ads for those censors, they specified that they wanted people who were loyal to the Chinese Communist Party.

The kinds of data that TikTok has access to can be used to make facial recognition and AI algorithms more accurate.

So, what I’ve just outlined is actually quite remarkable. If a non-Chinese person in the United States or Australia or the U.K., or anywhere on the planet outside of China, heard, for example, that Mark Zuckerberg had put out a letter saying that he was so sorry for not supporting Donald Trump’s policy prescriptions and campaign, and that he was committing himself to serving only the Republican Party in the United States, everyone would be rightly shocked and appalled. WPR: It would certainly buy him back a lot of goodwill that he’s lost among Republicans here, though. Ryan: Yes, probably it would. It might be a sort of “Hail Mary” move now, to stave off being banned. But I think it’s important to step back and ask how would we think about this if it was in a different context? I think most people would be really shocked that the head of a tech company, or the head of a social media platform, would say such a thing. But that’s precisely what happened with Zhang Yiming and ByteDance. Hoffman: Another interesting thing is the increasing presence of party committees, in ByteDance and in other tech companies, over the last several years. One thing that you sometimes hear from analysts in reference to the party committees that are embedded in these organizations, is, “Oh, they don’t really mean much. They’re just there because they have to be there, but people don’t really like participating.” I think that’s not the point. The point is that they’re there, and they have to be there in order for a business to survive, increasingly. That on its own is important. I remember one conversation that I had while visiting China about two-and-a-half years ago. The person I was talking to noticed that I was taking pictures of propaganda signs, and he said, “I don’t understand why you’re taking a picture of that, because it doesn’t mean anything to me.” My response is, well, why are you hanging it in this building, then? Why is it on that billboard if it doesn’t matter?” It’s kind of the same thing when you think about the party. It’s not just an obligation that people post and forget about; it’s one that matters. And if it matters for a company that’s based in China, it also affects companies that are based outside of China, but have significant interests in China. We saw Zoom, earlier this year, claim that it was complying with local law when it removed users from its platform who were organizing a Tiananmen commemoration event. In fact, we see companies that don’t have any particular structural link to China doing this all the time to comply with laws. sometimes it’s not even clear what laws they’re complying with—only that they were pressured to do so. So, if that level of pressure exists for companies that are even outside of China, imagine what it’s like for a company that’s operating there.

Keep reading for free!

Get instant access to the rest of this article by submitting your email address below. You'll also get access to three articles of your choice each month and our free newsletter:

Or, Subscribe now to get full access.

Already a subscriber? Log in here .

What you’ll get with an All-Access subscription to World Politics Review:

A WPR subscription is like no other resource — it’s like having a personal curator and expert analyst of global affairs news. Subscribe now, and you’ll get:

  • Immediate and instant access to the full searchable library of tens of thousands of articles.
  • Daily articles with original analysis, written by leading topic experts, delivered to you every weekday.
  • Regular in-depth articles with deep dives into important issues and countries.
  • The Daily Review email, with our take on the day’s most important news, the latest WPR analysis, what’s on our radar, and more.
  • The Weekly Review email, with quick summaries of the week’s most important coverage, and what’s to come.
  • Completely ad-free reading.

And all of this is available to you when you subscribe today.