News

|

National Security

Australia’s TikTok data vulnerable to access by China staff

July 13, 2022

Max Mason

The Australian Financial Review

Wednesday 13 July 2022

TikTok employees around the world, including in China, can access certain data of millions of Australian users.

However, executives at the social media company stressed that strict protocols overseen by its US security team tightly restricted access based on need.

The admission came in a letter to Liberal senator James Paterson, who wrote to TikTok’s Australia general manager Lee Hunter and director of public policy Brent Thomas last week, seeking clarification about local user data after a similar admission to US lawmakers.

In his reply on Tuesday evening, Mr Thomas stressed that TikTok had never provided, never been asked for and would never provide Australian user data to the Chinese government, even if asked. He highlighted comments made by TikTok’s global chief security officer to an Australian Senate committee in 2020 that the data was “not resident in China”.

“There are strict protocols in place to protect Australian user data,” Mr Thomas wrote. “Australian user data is stored in Singapore and the US. Our security teams minimise the number of people who have access to data and limit it only to people who need that access in order to do their jobs.

“We have policies and procedures that limit internal access to Australian user data by our employees, wherever they’re based, based on need.”

Senator Paterson, the opposition spokesman for cybersecurity and countering foreign interference, expressed concern over Australian user data being accessible in mainland China, “putting it within the reach of the Chinese Communist Party”.

“At the very least, it goes against the spirit of their assurances to the parliament and the people of Australia that our user data was safe because it is stored in the United States and Singapore,” he told The Australian Financial Review.

“It’s now time for the Albanese government to wake up and take action on this serious threat to the privacy of 7 million Australian users.”

Senator Paterson had asked in his letter: “Is Australian user data also accessible by TikTok or ByteDance employees in mainland China? Has that data been previously accessed?

“If so, on what basis could they refuse a request from the Chinese government under the National Security Law for access to that Australian user data?”

Mr Thomas told the Financial Review that TikTok’s approach to user data was consistent with the industry and other trusted Australian companies, including banks and telecommunications companies.

“Like TikTok, international employees of these companies occasionally need access to user data in order to do their jobs and that access is subject to strict protocols and robust controls,” he said.

Mr Paterson’s letter was prompted by comments two weeks ago by TikTok chief executive officer Shou Zi Chew. He said China-based employees who cleared a number of internal security protocols could access certain information on TikTok’s US users, including public videos and comments.

His admission came in a letter to nine US senators, who wrote to TikTok following a BuzzFeed News report that said US consumer data was accessed by company engineers in China.

Mr Thomas wrote that access was to subject to “robust controls” and safeguards, such as encryption from certain data, and “authorisation approval protocols overseen by our US-based security team”.

“To facilitate those approvals, we also have an internal data classification system, and the level of approval required for access is based on the sensitivity of the data according to the classification system. The purpose of these processes and protocols is to ensure data is only ever accessed by those who require it to allow our business and our service to function,” Mr Thomas said.

“Whenever a specific job has been completed, permissions to access are once again removed.”

TikTok has come under intense scrutiny due to its ownership by ByteDance, a private Chinese company, and reports and research on the links between ByteDance and the Chinese Communist Party, and the spreading of propaganda and censorship.

China’s National Intelligence Law of 2017 requires organisations and citizens to “support, assist and co-operate with the state intelligence work”.

The legislation was a major consideration for the Australian government’s 2018 ban of Chinese telecommunications companies, including Huawei and ZTE, from providing equipment in the rollout of 5G mobile phone networks.

In June, US Federal Communications Commissioner Brendan Carr shared a letter on Twitter that he sent to Apple chief executive Tim Cook and Alphabet chief executive Sundar Pichai, urging the two technology giants to remove the TikTok app from their online stores over China security concerns.

“TikTok is not what it appears to be on the surface. It is not just an app for sharing funny videos or memes. That’s the sheep’s clothing,” Mr Carr said in the letter.

“At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.”

Recent News

All Posts