Chinese Communist Party Used TikTok As Backdoor Access To Track Hong Kong Protestors, Says Former Executive
A former executive at ByteDance, the parent company of popular video-sharing app TikTok, has made serious allegations in a legal filing, claiming that a committee comprising members of China’s Communist Party gained access to the data of TikTok users in Hong Kong back in 2018, an allegation that the firm continues to deny.
According to the former executive, the committee specifically targeted civil rights activists and protesters in Hong Kong during that period, accessing various user data from TikTok. This included network information, SIM card identifications, IP addresses, and even user communications within the app. The intent behind this alleged data access was to identify and locate the users involved.
The former executive, Yintao Yu, had served as the head of engineering for ByteDance’s U.S. offices from August 2017 to November 2018 and is currently a resident of California. During his tenure, Yu worked primarily in ByteDance’s Menlo Park, California office, with occasional visits to the Los Angeles and Beijing offices.
In response to the allegations, a ByteDance spokeswoman stated, “We strongly refute these baseless claims and allegations made in the complaint.”
The spokeswoman clarified that Yu had been involved in developing an app called Flipagram, which had been discontinued years ago for business reasons. She further emphasized that Yu’s termination occurred in 2018 and that he had not raised these accusations in the five years since.
“His actions are clearly intended to garner media attention,” she added.
Yu’s attorney, Charles Jung, a partner at the law firm Nassiri & Jung, explained that his client decided to come forward now due to perceived misdirection in the testimony provided by TikTok CEO Shou Zi Chew during a congressional hearing in March.
“By testifying in court, my client is putting himself at risk. However, the power of truth is what’s necessary to bring about social change,” Jung said.
These allegations arise at a time when TikTok is actively attempting to convince U.S. policymakers that the app is secure for its users. Concerns have been raised by U.S. politicians about potential Chinese government influence over TikTok’s data and content promotion capabilities.
In May, TikTok filed a lawsuit challenging the state of Montana’s new restriction on the usage of the Chinese-owned app, the first state to do so. TikTok claims the prohibition, which goes into force on January 1, violates the company’s and users’ First Amendment rights.
The lawsuit, filed in Montana District Court, also claims that the ban is pre-empted by federal law because it intrudes on matters of sole federal concern and violates the Commerce Clause of the US Constitution, which limits states’ authority to enact legislation that unduly burdens interstate and foreign commerce.
To alleviate the data security concerns, TikTok has also established a new subsidiary to house its U.S. data, aiming to ensure that TikTok U.S. user data remains outside the purview of Chinese law.
If the existing plan submitted to the national security authorities is not accepted, the only solution left would be to divest, either through a sale or an initial public offering, people aware of the situation explain. However, the Chinese authorities would have to give the green light to such an arrangement.
TikTok, which is being investigated by the Committee on Foreign Investment in the United States, committed last year to implement a number of security measures in response to US regulators’ concerns. This $1.5-billion lobbying idea, dubbed Project Texas, entails bringing in US IT behemoth Oracle Corp. to hold US user data and assess its software, as well as establishing a three-person government-approved oversight board.
TikTok executives have consistently denied sharing user data with the Chinese government. During his congressional testimony, Chew explicitly stated that he had seen no evidence of Chinese government access to such data, emphasizing that they had never requested it and that TikTok had not provided any.
The Hong Kong market has posed unique challenges for TikTok. While ByteDance has maintained separate apps for users in mainland China and the rest of the world, TikTok is only available outside mainland China. Hong Kong, while operating under distinct governance from the mainland, has seen increasing influence from Beijing in recent years. In response to concerns surrounding a national security law granting Beijing broader control over the city, ByteDance withdrew TikTok from Hong Kong in 2020.
The allegations of using the Chinese app to track users is not new and coming from a vacuum. In December, ByteDance itself confirmed that it conducted an internal investigation and discovered that employees tracked multiple journalists covering the company, improperly gaining access to their location and user data in an attempt to determine whether they had been in the same locations as ByteDance employees.
The findings of ByteDance’s internal inquiry, which was led by the company’s global legal compliance team in collaboration with an outside law firm, were announced today in an email to employees.
General counsel Erich Andersen wrote to staff that a “misguided plan was developed and carried out by a few individuals within the Internal Audit department this past summer,” adding that those involved “misused their authority to obtain access to TikTok user data” in violation of its code of conduct.
ByteDance removed Chris Lepitak, its chief internal auditor who led the team responsible for the monitoring measures, as a result of the investigation. Song Ye, the Chinese executive to whom Lepitak reported and who reports directly to ByteDance CEO Rubo Liang, resigned.
Yu’s recent lawsuit against ByteDance also accuses the company of systematically scraping content from competing social media platforms and posting it on TikTok to artificially inflate the app’s popularity. Furthermore, the suit alleges that ByteDance fabricated users and exaggerated key engagement metrics.
An email from 2017, reviewed by The Wall Street Journal, reveals that ByteDance’s engineering and product managers discussed a scraping operation targeting content from over 2 million Instagram creators, exploring ways to enhance and accelerate the process.
According to Yu’s lawsuit, he reported his concerns about these practices to his manager, who was responsible for the TikTok algorithm. However, the suit alleges that Yu’s manager dismissed his concerns, and as a result, ByteDance unjustly terminated Yu’s employment in retaliation.
Information for this briefing was found via The Wall Street Journal and the sources mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
