In many ways, the U.S. and China aren't the best of friends. In one way or another, each side will continue to see and blame the other for doing what they're not supposed to do.
And this time, leaked recordings from over 80 internal TikTok meetings suggest that TikTok data from users in the United States has been allegedly transferred to China and accessed by the social media app’s parent company ByteDance.
The allegation mirrors the allegations made by former U.S. President Donald Trump, when he proposed the ban on the app in the U.S., something that ultimately didn't happen.
The recordings that were leaked, as first reported by BuzzFeed News, included 14 statements from nine different TikTok employees, suggesting that engineers in China had access to U.S. data between September 2021 and January 2022 at least.
“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another recording, a director referred to one Beijing-based engineer as a "Master Admin" who "has access to everything."
User data is expensive, and this is why it has long been a commodity, especially in the black market and underground forums.
And this leaked recordings mean that TikTok may have misled lawmakers, its users, and also the public, by downplaying that data stored in the U.S. could still be accessed by employees in China.
But still, TikTok is reportedly working on ‘Project Texas’, which is a way to redirect users' "protected" data so that it does not flow into China.
Project Texas is where a 100% "of U.S. user traffic is being routed to Oracle Cloud Infrastructure," said TikTok in a newsroom post.
The idea for this project sparked when the Trump administration engineered a deal for Oracle to store all of TikTok’s U.S. data, citing fears the Chinese-owned app would help Beijing spy on Americans. Oracle set out to win the TikTok data storage contract, leveraging U.S.-China antagonism, thanks to Oracle CEO Larry Ellison’s personal relationship with Trump.
However, after Trump lost the 2020 election, the TikTok deal entered a period of limbo and eventually fell apart when Joe Biden took over and becomes the President of the U.S..
This time, thanks to the leaked recordings which revealed the data privacy scandal, Oracle has finally won TikTok’s business.
TikTok is one of the most popular social media platforms, especially with children and young adults, having more than 1 billion active users worldwide. And having users in the U.S. have their data sent to China, is certainly not the best of interest of the U.S. government.
And here, Project Texas can help solve it.
For Oracle, this is a big win, considering that the company is slowly losing pace in the cloud space against Google, Amazon and Microsoft.
"We still use our U.S. and Singapore data centers for backup, but as we continue our work we expect to delete U.S. users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the U.S.," TikTok said in another newsroom post.
While this should make things easier for TikTok to avoid ban and other issues, there is one major drawback.
TikTok’s head of global cyber and data defense reportedly said in the conversations that while Oracle would be providing the physical data storage space for Project Texas, TikTok would still control the software layer.
What this means, its employees in China can still have a certain degree of access.
So here, while TikTok physically stores all data in the U.S., that seemingly won't stop employees in China from accessing it.
"I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting," one employee reportedly said. "It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our [virtual machines] on top of it."
"We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses."