The Chinese Communist Party has planted over 100 million recording devices under our noses. This new technology is recording your face, your voice, and your daily routine. It can hack computers or iPads located in a 5-foot radius and send valuable data back to Beijing.
If you spent any time today in a train, grocery store, or crowded café, you passed by somebody carrying this device.You won’t have noticed them. They might even have been a child. If you are the parent of a teenager, chances are this device has already made its way into your home. Its name is TikTok.
These staggering revelations entered the public record earlier this month, when a court settlement in Illinois awarded nearly $100 million to victims of flagrant data theft and privacy violation. In addition to exposing repeated lies by TikTok about the extent of its overreach, the court documents revealed in no uncertain terms the recipient of this enormous quantity of stolen information: the Chinese Communist Party (CCP).
Americans recognize China as our greatest enemy, yet TikTok usage among children continues to grow. While questions have been raised previously about this app’s affect on teenagers’ study habits, body image, and mental health, new revelations paint a sinister picture: TikTok is a weapon of war, insidious and dangerous like no weapon our country has ever faced. Problem is, nobody wants to do anything about it.
Last week, Federal Communications Commissioner Brendan Carr recommended that President Biden and the Council on Foreign Investment in the U.S. (CFIUS) ban TikTok once and for all. The commissioner, who previously urged Apple and Google to remove the app from their stores, spoke out following this new round of revelations concerning data access by parent company ByteDance, a Beijing tech corporation with a close relationship to the CCP.
Currently, the Biden administration is moving forward with a deal they believe can protect the data of TikTok users, but repeated privacy violations by ByteDance prove that these measures are not sufficient. In addition to Carr, officials within the Departments of Justice and Treasury have expressed concern that this deal could allow China to continue to use TikTok for surveillance.
While attempts to prohibit the app fizzled in 2020, the need for a TikTok ban has never been so clear. China is using this app as a backdoor to surveil, infiltrate, and manipulate the lives of more than 100 million Americans. Its capacity for surveillance is so far-reaching that TikTok can even access classified materials from devices that have never installed the app. The new evidence out of Illinois, along with even more proof of espionage discovered by Apple, means that a ban is no longer a discussion but an inevitability.
We can no longer doubt that a child’s favorite video platform is responsible for the greatest intelligence leak to a hostile foreign power seen in our lifetimes. Rather than attempt to bail us out with diplomatic half-measures, President Biden should use CFIUS to eliminate this weapon and plug the leak at its source.
Such a ban may require bipartisan cooperation, and threatens Democrats’ popularity among teens. Yet the only alternative is ceding the most important cybersecurity decision of our lifetimes to Republicans.
THE PEOPLE BEHIND THE APP
It’s like something out of a science fiction movie. Tens of millions of Americans have been seduced by viral pet videos and seven-second dance tutorials to download a free new software, unaware of its dark secret: The app is free because its users are the product, and the buyer is the CCP.
Ideally, a video platform such as TikTok would allow creators from across the world to express themselves without fear of government censorship or surveillance. As co-founder of Triller, I have seen the ways that short-form video content can promote understand and bring people together. Instead, the video landscape is dominated by a dishonest and dangerous software that seeks to exploit its users, who are often the youngest and most vulnerable members of our society.
Today’s teenagers watch more TikTok than YouTube. Yet the newer app is particularly aggressive in its collection of user data, and owned by a shadowy corporation that answers to the Chinese government and the CCP. All TikTok users are introducing into their homes a Trojan horse that can access any device in its range. Our politicians are fully aware of this fact, and President Biden has recently increased efforts to limit Chinese influence in the microchip market. This week, the German government followed suit. Ending TikTok should be next.
Though a ban may provoke some outcry from its users, taking such a dangerous weapon out of the hands of the CCP must take precedence over the risk of seeming “uncool.” For any who doubt the true purpose of this app, look no further than the history of parent company ByteDance.
Created in 2012, ByteDance has rapidly risen to the forefront of the Chinese tech world, with an annual revenue of $34.3 billion and close to 2 billion active users. The rise of ByteDance has been nothing short of meteoric, and can largely be attributed to two entrepreneurs with close ties to the CCP: tech mogul Zhang Yiming and financier Neil Shen.
An engineer who cut his teeth at Microsoft, Zhang created his company with the intent of serving as a preeminent aggregator of user data. That’s right: The users were always the product. After launching a news service and a meme-sharing app (an early probe into teen audiences), ByteDance ventured into the world of video content with the launch of Douyin, a popular Chinese-language service very similar to TikTok.
Since the start, Zhang set his sights on the global market. The success of Douyin allowed ByteDance to purchase lip-sync app Musical.ly, a rival Chinese product with a young and international userbase. Rather than merge the two Chinese apps together, ByteDance kept Douyin exclusive to the Chinese market and rebranded Musical.ly as TikTok, gaining access to a massive new market for overseas user data.
At first glance, the two apps appear identical. However, the Chinese version is stored on separate servers and has far stricter rules of content moderation. Most importantly, only TikTok uses state-of-the-art technologies to track its users and keep them addicted to short-form content. As noted in a 60 Minutes segment earlier this week, it is revealing that China prohibits TikTok in their own country while pushing it to the children of their international rivals.
Zhang claims to not be a card-carrying member of the CCP. However, he was recognized as a de facto Beijing spokesman in a 2020 filing by the Department of Justice (DOJ). DOJ lawyers demonstrated the ways Zhang has repeatedly promoted the CCP agenda: In 2018, before the rise of TikTok, he even made a public show of submission after one of his other apps was accused of violating “socialist core values.”
Despite its creation by this identified CCP ally, TikTok is based here in Los Angeles and presents itself as partially American-owned. This is a charade. The truth can be exposed with a quick look at the man behind the financial curtain: Neil Shen.
Founder and manager of Sequoia China, the primary shareholder in ByteDance, Shen uses this venture capital firm’s affiliation with its San Francisco parent company to conceal his ties to the CCP. Sequoia China has received direct funding from party entities such as the Chinese Academy of Sciences. Any claims of American ownership are farcical.
Much like his partner, Zhang, Shen is an essential part of the CCP strategy to influence the tech sector both in China and abroad. Best known as the largest single investor in the Chinese tech sphere, he has close ties with party leadership and even employed the daughter of a top Politburo official. In March, was appointed as the sole delegate of the venture capital industry at the Chinese Peoples’ Political Consultative Conference, an arm of the Chinese government that advises the party on economic matters.
LAYERS OF CONCEALMENT EXPOSED
In addition to being financed by a close CCP ally, American TikTok employees have revealed that corporate decision-making involves direct input by Beijing. Despite official statements to the contrary, ByteDance executives exert significant control over the company’s activities in the U.S. and retain the ability to access all user data collected by TikTok.
It must be stated that CCP control over ByteDance is crystal clear. Unlike here in the U.S., Chinese corporations like ByteDance are required to give one of three seats on their board to the government. This gives the CCP de facto control of all decision-making, and ensures that the company’s corporate goals match the goals of the state. Additionally, at least 300 current employees of TikTok and ByteDance have worked or still work at CCP media outlets. American companies that do business with Chinese tech may not realize that they are inevitably working with the CCP.
TikTok has attempted to distance itself from ByteDance despite sharing employees and even a Palo Alto workspace. Yet their own privacy policy admits that the app may “share your information with a parent, subsidiary, or other affiliate of our corporate group.” In other words, if you download TikTok, your name, your location, and even your face are being sent to ByteDance executives in China, who then offer full access to CCPleaders.
These concerns were first raised in 2020, during the Trump administration’s abortive attempt to ban TikTok. When questioned about user data being sent to China, TikTok and ByteDance denied everything. They claimed that all user data is held in the U.S. and Singapore, and is not accessed by the CCP. Thanks to the recently settled class action complaint, we know this was a lie. These new documents reveal exactly what TikTok is stealing from us, and how they do it.
The lawsuit contained damning evidence about the app’s use in Chinese government surveillance and exposed repeated attempts to conceal this fact. Take the previous claim that no data is sent to servers in China:
Defendants used the TikTok app to transfer private and personally identifiable user data and content to the following two servers in China as recently as April 2019: (i) bugly.qq.com and (ii) umeng.com. 221. Private and personally identifiable TikTok user data and content transferred to bugly.qq.com as recently as April 2019 includes at least the following items: (i) the OS version; (ii) the mobile device model; (iii) the WiFi MAC address; (iv) the hardware serial number; (v) the device ID and (vi) the IP address. Private and personally identifiable TikTok user data and content transferred to umeng.com as recently as April 2019 includes these same six items, plus at least the following item: (vii) the number of bytes users’ mobile devices have uploaded and downloaded.
This is unambiguous. An independent analysis has revealed that if you use TikTok, your data is being sent to China. And once your data arrives in China, it is the property of the CCP.
CCP domination of the Beijing tech sector is widely understood. According to risk analyst Gabriel Wildau, companies such as ByteDance have no insulation from party pressure, as “the party-state wants the business community to serve its development objectives and is willing to sacrifice corporate profits to make that happen.”
Chinese tech companies are routinely pressed into performing surveillance or harassment duties on behalf of the CCP, including persecution of the Uyghur minority. One of these companies, the tech giant Baidu, patented a biometric technology that tracks users’ faces to determine ethnicity—a useful tool in the CCP campaign to identify and detain mass numbers of Uyghurs. And as this Illinois lawsuit reveals, Baidu is using these tactics not only to track dissidents in China, but everyday TikTok users right here in the United States:
Baidu, Alibaba, and Tencent—popularly known by the acronym “BAT” – are “China’s original tech titans” and dominate the fields of artificial intelligence, social media, and the internet in China. The private and personally identifiable TikTok user data and content they possess may well be used by the Chinese government in the future, if it has not already. BAT routinely assist the Chinese government in the surveillance and control of its people through biometrics.
Biometric surveillance involves the use of new technology to track specific details of users’ faces and voices—anything that makes us unique as individuals. This kind of data is especially valuable because, unlike a password, this biometric information can never be changed or recovered.
China now leads the world in facial recognition software, and Chinese startups have been sanctioned by Washington for allowing the Chinese government to use their technology to track, harass, and imprison dissidents. TikTok needs to be understood in this context: It is another tool in the CCP arsenal of mass international surveillance.
As the court documents reveal, BAT tech companies operate the Chinese servers that we now know are used to store TikTok data:
The bugly.qq.com server is owned and operated by China-based tech giant Tencent Holdings Limited (“Tencent”), and the umeng.com server is owned and operated by another China-based tech giant Alibaba Holding Group Limited (“Alibaba”). Tencent and Alibaba thus possess TikTok users’ private and personally identifiable data and content. Such data transfers to Tencent and Alibaba servers were accomplished through Tencent and Alibaba source code that Defendants embedded within the TikTok app.
This link between BAT firms and TikTok goes deeper still. Source code created by Baidu is embedded within the app, and TikTok relies on similar biometric techniques to track and capture the faces and voices of users. In 2020, ByteDance VP Ma Wei-Ying gave a speech in English in which he bragged about the company’s use of new techniques to track users and store biometric data in a massive database that can be accessed by the Chinese government. U.S. National Security Adviser Rob O’Brien has warned that all biometric data accessed by ByteDance is inevitably accessed by the CCP.
Additionally, TikTok includes software known as Igexin SDK, notorious for its function as a “back door” to install Chinese spyware on users’ devices. In 2017, Google and Apple removed 500 apps made with Igexin SDK from their store after it was determined that these apps could secretly track users’ phone calls.
Before TikTok, Chinese law enforcement relied more heavily on the products of American tech companies to track users in China and abroad: In the first half of 2017 alone, the CCP requested information from Apple on 35,000 of its users. The rise of TikTok allows the party to cut out the middleman. If the world is hooked on an app developed by a party-controlled company like ByteDance, and financed with party money, then the CCP can track users around the world using homegrown surveillance technology.
The CCP’s control over ByteDance is not a secret. Beijing has an ownership stake in the company and exerts significant control over corporate decision-making. Like the nesting dolls sold in another communist country, the CCP controls ByteDance and ByteDance controls TikTok. These layers of concealment give TikTok users and investors the false sense of a public-private distinction that does not reflect the reality of business in China. When presented with the facts, there can no longer be any doubt that your children’s favorite app is a weapon of the Chinese state.
The CCP is clear in its goals: a global takeover of the artificial intelligence sector, and use of these technologies to track individuals anywhere on earth. Techniques of surveillance, blackmail, and harassment deployed against dissidents in China can and are being used against American citizens.
Just weeks ago, we found the smoking gun: A team of ByteDance officials in Beijing had used TikTok to track the behavior and whereabouts of a U.S. citizen. According to a Forbes exposé, at least one user with no professional relationship with ByteDance was being tracked for unknown purposes on behalf of the government. Once this information is sent to China, there is no way for American users to prevent their data from falling into the hands of the CCP.
FAR-REACHING, AND DANGEROUS, IMPLICATIONS
We know the Chinese government uses TikTok’s data-collection abilities to surveil its users, who number in the hundreds of millions worldwide. But what kinds of user data are they accessing? As the Illinois court documents reveal, everything from the sound of your voice to the drafts in your inbox will be recorded and collected for future use.
TikTok has a simple, friendly interface that encourages users to join through their Facebook or Google account. It’s unlikely that fans of the app realize that this single sign-on feature gives TikTok complete access to the contents of any of those social media accounts. Once TikTok has been downloaded, any kind of sensitive material held in a Gmail account is put at risk.
Even users who do not upload videos are at risk of data collection. When you install TikTok, this app immediately begins searching your device for valuable information. You do not need to create an account or ever open the app:
From each mobile device on which the TikTok app is installed, Defendants take a combination of, among other items, the following user identifiers and mobile device identifiers:
- username, password, age/birthday, email address, and profile image
- user-generated content, including messages sent through the apps
- phone and social network contacts
- the mobile device’s WiFi MAC address, which is the unique hardware number on the WiFi adapter that tells the internet who is connected to it
- the mobile device’s International Mobile Equipment Identity number, which is a unique number given to every mobile device that is used to route calls to one’s phone
- the user’s International Mobile Subscriber Identity number, which is a unique number given to every subscriber to a mobile network
- the IP address which is a numerical label assigned to each user mobile device connected to a computer network that uses the Internet Protocol for communication.
- the device ID, which is a unique, identifying number or group of numbers assigned to the user’s individual mobile device that is separate from the hardware serial number
- the OS version
- the mobile device brand and model
- the hardware serial number, which is the unique, identifying number or group of numbers assigned to the user’s individual mobile device
- the Advertising ID, which is a unique ID for advertising that provides developers with a simple, standard system to monetize their apps
- mobile carrier information
- network information, including the technology that the carrier uses
- browsing history
- cookies
- metadata
- precise physical location, including based on SIM card, cell towers and/or GPS.
Together, all this information allows TikTok and ByteDance, and by extension the government of China, an exceptional ability to track any given individual in the United States. And “track” doesn’t just refer to web-viewing habits—China can pinpoint the physical location of every single person who has TikTok on their device, down to the very floor of a building where a user is standing.
TikTok facial recognition software is another area of great concern. The app’s source code contains lines to detect facial features and face motion, which it uses to predict age, gender, and ethnicity when recommending videos:
When artificial intelligence researcher Marc Faddoul joined TikTok a few days ago, he saw something concerning: When he followed a new account, the profiles recommended by TikTok seemed eerily, physically similar to the profile picture of the first account. Following a young-looking blond woman, for instance, yielded recommendations to follow more young-looking blond women. … Following black men led to recommendations to follow more black men. Following white men with beards produced recommendations for more white men with beards. Following elderly people spawned recommendations for other elderly people. And on and on. … Faddoul also told Recode that he believes it’s more likely that TikTok is using something he calls automatic featurization. This type of recommendation algorithm could take “signals” from profile images to find profile pictures with similar attributes. These kinds of signals would be correlations between the pictures, which could correspond to anything from skin color to having a beard. The algorithm is simply looking for similarities in the photos or profiles. … “What I suspect is happening is that TikTok is featurizing the profile picture,” he says, “and using these features in the recommendation engine.”
This data collection, which happens completely without the consent of the users, is especially concerning in light of China’s push to create an international biometric database.
Any users who have ever activated the in-app camera may find themselves included in Chinese government databases, and can be tracked by Chinese spyware for the rest of their lives. This kind of a database represents an unprecedented privacy threat. With the rise of “deep fake” manipulated videos, access to our faces and voices can be used to blackmail everyday citizens or sow distrust in our leaders and institutions.
Another important feature is the app’s ability to access the user’s clipboard, a feature not disclosed in its terms of service, which means any text, image, or web link that is ever copied may be held forever on ByteDance servers. Not even unsent messages are safe. TikTok records keystrokes, which means that any words or letters ever typed on a device will potentially be recorded, regardless of whether these words are ever uploaded to the internet.
Perhaps the most threatening security implication involves Apple’s Handoff function—a usually innocuous feature that allows TikTok to access information stored on other devices with a shared Apple account. This is how Apple users can access their SMS inbox from their laptops. But when given to the wrong hands, Handoff allows a hacker who has gained access to a cell phone to break into connected devices, such as a government-issued laptop with the same Apple login. This feature also allows communication between different Apple accounts, and the Illinois court docs allege that TikTok has used this feature to access data stored on entirely unconnected devices located nearby.
These revelations paint a clear picture: TikTok operates like a highly effective piece of malware that spreads, like a virus, to effectively any electronic device in its proximity. People who have installed the app lose control of their data even if they never use TikTok, and simple physical contact with another online device can expose others’ data and documents.
Former congressional national security advisor Klon Kitchen, now a senior fellow at the American Enterprise Institute, summarized the threat on 60 Minutes:
Imagine you woke up tomorrow morning and you saw a news report that China had distributed 100 million sensors around the United States, and that any time an American walked past one of these sensors, this sensor automatically collected off of your phone your name, your home address, your personal network, who you’re friends with, your online viewing habits and a whole host of other pieces of information. Well, that’s precisely what TikTok is. It has 100 million U.S. users; it collects all of that information.
If the cause for alarm is still not clear, let me illustrate how easily this app can threaten our national security. A congressional staffer with top secret security clearance is handling documents concerning electric-grid vulnerabilities in their congressperson’s district. These documents are stored on a laptop computer that is only accessed for work purposes. Even if this laptop is kept in a tote bag or in the trunk of a car, a five-second encounter with a nearby TikTok user allows the app access to the mailbox or documents stored on the staffer’s laptop. The electric grid documents are collected by ByteDance employees, who send them to the ever-growing Chinese database of stolen American intelligence. Now consider that 1.2 million people have top secret security clearance, and a full 2.8 million have some access to classified government materials. Most likely, this situation has already happened.
Cyberspace is the front line of the escalating United States conflict with China. Hackers employed by the Chinese government have gained access to at least six state governments and multiple federal agencies. Teams of Chinese hackers have stolen technology from research universities and corporate secrets from many prominent businesses. In 2018, CCP hackers seized data from half-a-billion customers of Marriott hotels.These underhanded tactics are an assault on both national security and free trade. As per the FBI:
The Chinese government is fighting a generational fight to surpass our country in economic and technological leadership. But not through legitimate innovation, not through fair and lawful competition, and not by giving their citizens the freedom of thought and speech and creativity we treasure here in the United States. Instead, they’ve shown that they’re willing to steal their way up the economic ladder at our expense.
The FBI has teams working around the clock to counter the efforts of Beijing cybercriminals. But as the Chinese and American economies become increasingly interconnected, particularly in the world of tech, more avenues open for unscrupulous actors to gain access to sensitive information pertaining to business or the military. If TikTok usage continues to spread, Chinese hackers may be able to access this kind of material without needing to crack a single encryption.
In an attempt to staunch the bleeding, the Department of Defense has blocked its members from accessing TikTok. Thanks to the Handover feature and other methods of inter-device communication, this is not sufficient. Servicemembers’ devices constantly communicate with the devices of a child, friend, or spouse who has ByteDance software installed. Much like the current ongoing security negotiations with TikTok, this kind of quick fix cannot be effective at stopping China from accessing Americans’ information. If the White House is serious about protecting our data and keeping us safe, then they will recognize that there is no way to outsmart such an effective weapon. The only recourse is to ban it.
Because if they don’t do it, somebody else will.
A TIKTOK BAN IS INEVITABLE—AND OVERDUE
Inaction on this front leaves the Biden Administration and the entire Democratic party wide open to criticism by Republican opponents. Figures such as Mike Pompeo have criticized Barack Obama and other Democrats for normalizing TikTok usage by using the platform for voter outreach.
While many criticized Trump administration efforts to ban the app or divest it from Chinese ownership, Democratic leaders such as Senator Mark Warner have acknowledged that “Donald Trump was right on TikTok,” stating: “If your kids are on TikTok … the ability for China to have undue influence is, I think, a much greater challenge and a much more immediate threat than any kind of actual, armed conflict.”
A bipartisan letter penned by Senators Chuck Schumer and Tom Cotton to the National Security Council in 2020 underscored these concerns, emphasizing that “TikTok is a potential counterintelligence threat we cannot ignore.” Over the summer, Senator Cotton urged Treasury Secretary and CFIUS chair Janet Yellen to discuss with President Biden the possibility of resuming the discussed ban on TikTok.
Revelations from the recent $100 million settlement in Illinois vindicate attempts to ban TikTok by the previous administration. This new proof of TikTok’s use as a weapon by the CCP should compel the White House to finish the job. There is an international precedent for such action: Other governments, such as India, Pakistan, and Indonesia, have already enacted bans on TikTok.
Such a ban is also well within the authority of the federal government. Statements by U.S. lawmakers suggest bipartisan interest in potential legislation to prohibit the app. Alternatively, CFIUS can shape our regulatory landscape in ways that make it impossible for malicious apps such as TikTok to operate legally.
So far, the Biden administration has still been unwilling to criticize TikTok directly. In addition to the ongoing negotiations that may do more to protect ByteDance and our security, a recent press conference highlighting intelligence threats from China neglected to mention which app or tech company is at the center of Chinese espionage operations.
This hesitation is understandable. TikTok is particularly popular among young people—Pew Research Center reports that nearly half of those under 30 use the app. However, recent polling data indicates that a majority of Americans ages 18–24 and a plurality of those ages 25–34 support a ban. Any potential Gen-Z ire will evaporate once TikTok is supplanted by a new short-form video platform, just like Vine or Periscope before it. Its replacement will not be a weapon of war created by a hostile foreign power.
Commissioner Carr believes that a ban on TikTok is inevitable. This was followed by IAC Chairman Barry Diller’s prediction that the app will be banned.
The writing is on the wall. I urge the Biden Administration to use CFIUS to ban the app as soon as possible and not leave this to a future administration.
As I noted in my previous op-ed, President Biden has already shown the good sense to ban TikTok usage by campaign staffers, close associates, and even members of his family. The next step is extending this protection to the rest of the country.
Whichever party bans this rapidly growing software will prove they have the courage to defend our country from foreign threats and the foresight to identify dangers that were unimaginable before our social media age. If President Biden banishes TikTok from our shores, he will dismantle the greatest weapon China has in its assault on our safety and our liberty, and demonstrate that Americans’ lives are not for sale.
Ryan Kavanaugh is the 26th highest grossing movie producer of all time and the co-founder of Triller, one of three fastest growing social media apps.