Billion Dollar Harvest: TikTok’s Threat to National and Personal Security

TikTok needs no introduction; with a billion monthly active users, the short-form video app is ubiquitous in modern culture. What fewer of these users seem to be aware of is TikTok’s ability to harvest massive quantities of their information, from biometric data to every keystroke in the in-app browser. That information is then sent to Chinese data servers, contrary to the claims of the app’s developer ByteDance. This makes TikTok’s tremendous popularity a constant threat to both the personal privacy of its users and the national security of the United States. 

In June, BuzzFeed News obtained leaked audio from discussions between third-party auditors and ByteDance that revealed that employees have constant access to the private data of American users. The discovery was ironically made as the auditors were ensuring that the data was stored on American servers as part of a prospective acquisition of TikTok’s U.S. division by Oracle. The company claims this process was completed, but that it retains “backups” of the information.

BuzzFeed also notes that much of the information will be stored on a server in Virginia that is still accessible to ByteDance, which is consistent with a habit of Oracle to grant the company significant leniency in how it carried out the transition. This is despite the fact the purpose of the acquisition was to prevent China from harvesting oceans of American data to use for potentially hostile purposes. Oracle’s lack of responsibility is unsurprising given it has recently been sued for tracking the nonpublic data of five billion people.

Even before the BuzzFeed investigation was released, numerous findings regarding the extent of the information TikTok collects already made the label “spyware” a fair evaluation. Felix Krause, a security researcher, found that the app tracks all inputs, including taps and keystrokes, in the in-app browser on Apple devices. Not only that, TikTok updated its privacy policy and openly revealed it would start collecting biometric information such as fingerprints and faceprints. As with every other official statement, the company claimed it was safely stored in U.S. data centers and that the information was only used to optimize the user experience. The former claim would turn out to be an outright lie, and the latter can be evaluated similarly through an examination of China’s espionage habits.

China’s mass information harvest has long posed a national security threat through consumer technology, and several of the biggest incidents still occupy no space in the American consciousness. An investigation by Bloomberg discovered that during a security evaluation for a prospective acquisition of a smaller company in 2015, Amazon found that servers built by Supermicro had an extremely small chip on the motherboard not in the blueprints. Further examination showed that the chips were sending secrets from the largest American technology corporations to servers owned by the Chinese government in an operation directed by its military. A foreign power infiltrated the most covert secrets of the most powerful companies in the world, yet few people seem to know.  

Not content with the theft of American corporate secrets, China’s activities reveal a pattern of harnessing the power of big data and artificial intelligence to construct an oppressive society. TikTok is one tool of many, a small part of a growing surveillance network intended to structure society to the ruling party’s liking. A New York Times investigation found that Chinese authorities are linking physical and digital activity to create comprehensive profiles of its citizens. China is likely utilizing the information from foreigners in a similar manner, collected through apps like TikTok and enabled by American officials and corporate leaders who do not care enough to take action against it.

Dismissing these threats as merely paranoia or conspiracy theories is naive as evidence of Chinese encroachment on the American digital landscape grows exponentially. This does not mean the United States is not conducting mass surveillance, particularly considering what was revealed by Edward Snowden in 2013. However, we do not use it for ethnic cleansing or constructing a totalitarian state with a backbone of technology as China does with its social credit system.

Despite this track record, U.S. officials remain oblivious to the threat. As of this month, the Biden administration has begun to draft a deal with ByteDance to “resolve” information security concerns without selling TikTok’s American division, according to The New York Times. The report outlines preliminary terms that fail to address the core issues: review by Oracle of TikTok’s servers and algorithms, and a security board to set policies. Given Oracle’s apathy towards the entire ordeal, this deal gives little hope that ByteDance’s violation of Americans’ privacy will be solved any time soon.

Taking action against TikTok is only one step toward securing personal and national security against China’s flagrant data harvest. The U.S. government and its contractors must have the will to create holistic approaches that acknowledge the gravity of the threat or risk handing our adversaries the information they desire on a silver platter. If both the American public and the government feign ignorance of the dangers of foreign espionage, we are only enabling China’s plans for technological oppression.