TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens
By Emily Baker-White
20 October 2022
The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.
China-based team at TikTok’s parent company, ByteDance, planned to use the TikTok app to monitor the personal location of some specific American citizens, according to materials reviewed by Forbes.
The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang.
The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.
TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.”
But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.
TikTok is reportedly close to signing a contract with the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS), which evaluates the national security risks posed by companies of foreign ownership, and has been investigating whether the company’s Chinese ownership could enable the Chinese government to access personal information about U.S. TikTok users. (Disclosure: In a past life, I held policy positions at Facebook and Spotify.)
In September, President Biden signed an executive order enumerating specific risks that CFIUS should consider when assessing companies of foreign ownership. The order, which states that it intends to “emphasize . . . the risks presented by foreign adversaries’ access to data of United States persons,” focuses specifically on foreign companies’ potential use of data “for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potential adverse impacts on national security.”
The Treasury Department did not respond to a request for comment.
The Internal Audit and Risk Control team runs regular audits and investigations of TikTok and ByteDance employees, for infractions like conflicts of interest and misuse of company resources, and also for leaks of confidential information. Internal materials reviewed by Forbes show that senior executives, including TikTok CEO Shou Zi Chew, have ordered the team to investigate individual employees, and that it has investigated employees even after they left the company.
The internal audit team uses a data request system known to employees as the “green channel,” according to documents and records from Lark, ByteDance’s internal office management software. These documents and records show that “green channel” requests for information about U.S. employees have pulled that data from mainland China.