Comment on this story Comment Gift Article Share

Happy Thursday! The newsletter will be off tomorrow but back Monday. In the meantime, send tips to: cristiano.lima@washpost.com. Below: Apple announced a new security feature to protect against spyware, and European lawmakers want to restrict online political ad targeting. First: Wp Get the full experience. Choose your plan ArrowRight Why lawmakers aren’t buying TikTok’s assurances on China Lawmakers are accusing TikTok of misleading Congress and the public about its security practices in light of reports finding that workers in China repeatedly accessed U.S. user data and that the company remains entangled with Beijing-based parent company ByteDance.

On Tuesday, Sens. Mark Warner (D-Va.) and Marco Rubio (R-Fla.) — the chair and vice chair of the Senate Intelligence Committee — urged the Federal Trade Commission to investigate whether the company engaged in deceptive practices.

Advertisement

The letter marked a major escalation against the company and highlighted how its attempts to assure officials their national security concerns are overblown aren’t landing.

“Warner and Rubio are national security stalwarts and their bipartisan concern that TikTok may have been misleading the public and government officials alike about U.S. data being accessed from inside the PRC significantly raises the stakes for TikTok,” Republican Commissioner Brendan Carr, who recently urged app stores to ban TikTok, told The Technology 202.

In response to the letter, TikTok spokesperson Brooke Oberwetter said in a statement, “For two years, we’ve talked openly about our work to limit access to user data across regions, and in our letter to senators last week we were clear about our progress in limiting access even further.”

Advertisement

Here’s why TikTok’s answers are ringing hollow on Capitol Hill:

TikTok says it won’t share data with China. Could China access it anyway?

Lawmakers have repeatedly pressed TikTok to say whether Chinese government officials have access to U.S. user data on the app through various channels.

“We do not share information with the Chinese government,” Michael Beckerman, TikTok’s head of policy for the Americas, testified to the Senate Commerce Committee in October. He reiterated the remarks during a TV interview Sunday, adding that TikTok would never do so.

But U.S. officials have voiced concern that Chinese authorities could compel TikTok to share that data if it is accessed by workers in China, or through an affiliated organization.

During a 2020 interview with CyberScoop, TikTok Chief Security Officer Roland Cloutier went a step further in his assurances, saying that “neither TikTok data, nor use, occurs in China,” and so Chinese authorities would “not have jurisdiction over the platform.”

Advertisement

“The data doesn’t even exist in China … the biggest fundamental truths are that the Chinese government doesn’t ask for it, because it doesn’t exist in China,” he said. (Cloutier has previously talked about trying to “minimize data access” to U.S. information in China.)

Senators said those remarks were contradicted by a recent BuzzFeed report that “China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users” — suggesting that TikTok user U.S. data can “exist” or “occur” in China. (TikTok has pushed back on the report as “incorrect and not supported by the facts.”)

TikTok overstated ‘firewall’ with Chinese parent company, officials say

Lawmakers are just as concerned about how TikTok fits into the corporate structure of its parent company, Beijing-based tech giant ByteDance, and what it could mean for data access in China.

Advertisement

During TikTok’s first congressional hearing, Sen. Ted Cruz (R-Tex.) grilled Beckerman about the Chinese government taking an ownership stake in a ByteDance subsidiary in China, which controls the company’s domestic Chinese social media and information platforms.

“Would you consider Beijing-ByteDance Technology to be a part of TikTok’s corporate group with whom TikTok could share all of the information it collects?” Cruz said, citing concerns that TikTok’s privacy policy could allow it to share U.S. user data with the subsidiary.

“I want to be clear that that entity has no affiliation with TikTok,” Beckerman replied.

TikTok’s answers did not satisfy Cruz, who asked repeatedly whether the company considers the ByteDance subsidiary an “affiliate” under its privacy policy.

“You answer non-sequiturs and refuse to answer very simple questions,” Cruz said. “That in my experience, when a witness does that, it is because they are hiding something.”

Advertisement

According to the letter from Warner and Rubio, “as recently as March of this year, TikTok officials reiterated to our Committee representations they have previously made that all corporate governance decisions are wholly firewalled from … ByteDance.”

A spokesperson for the Senate Intelligence Committee, who was not authorized to speak on the record, said the representations were made during a call held with TikTok in response to reports the company was skewing content on the war in Ukraine.

The exchanges are now drawing fresh scrutiny after BuzzFeed reported that a TikTok team tasked with managing access to sensitive U.S. data “reports to ByteDance leadership in China.”

Another data point that is stoking concern about TikTok’s parent company: In responding to a separate letter from Senate Republicans last month, TikTok CEO Shou Zi Chew said “ByteDance engineers around the world may assist in developing” TikTok’s algorithms. The revelation raised questions about how the company feeds content to users.

Our top tabs

Apple unveiled a new security measure to block spyware

Apple software’s new “Lockdown Mode” will block many attachments on messages and prevent links from previewing on devices belonging to potential victims of government spyware, Joseph Menn reports. Apple is releasing the feature on test versions of its operating system and plans to roll out the feature more broadly in the fall.

Advertisement

“The vast majority of users” won’t need to use the feature, said Apple head of security engineering Ivan Krstić. Users will be able to easily toggle the feature on and off.

“Apple’s lockdown tactic resolves a long-standing tension in its design approach between security concerns and the pursuit of easy-to-use, highly functional capabilities,” Menn wrote. “The extra usability made the phones more vulnerable to attack through iMessage, FaceTime and other software. Lockdown Mode gives users the choice of whether to maintain those features. When activated, it limits what the phone can do.”

Apple sued the Israeli firm NSO Group and notified potential victims of its Pegasus spyware after The Post and 16 media partners reported last year that Pegasus was used to target activists, journalists and executives. The Biden administration also put NSO on a blacklist last year, restricting its ability to receive American technologies.

European lawmakers propose restrictions on political ad targeting

Under the proposal, tech companies wouldn’t be allowed to display political ads based on online tracking and profiling, Politico Europe’s Clothilde Goujard reports. “Political parties could soon only target voters via online ads based on data they themselves choose to share, including their gender, age, location and language,” Goujard writes.

Advertisement

Policymakers are working to get the rules ready by European elections in 2024.

“The move could have a significant effect on online political advertising, where politicians and foreign actors alike have in past years been able to display paid-for political messages to voters based on their behaviors and troves” of data, Goujard writes. “The manipulation of voters through microtargeting was at the heart of the Cambridge Analytica scandal in 2018.”

U.K.-backed review recommends ban on sharing sexual ‘deepfakes’

The review by the U.K.’s independent Law Commission came as the technology behind fake but realistic-looking sexual images and videos of people advances, the Financial Times’s Cristina Criddle reports.

U.K. laws don’t do enough to respond to “disturbing and abusive new behaviors born in the smartphone era,” the commission argued. The commission had been looking into current laws relating to nonconsensual intimate images since 2019, Criddle reports.

Advertisement

“The review comes as the long-awaited Online Safety Bill makes its way through parliament,” Criddle writes. “Many of the Law Commissions’ previous recommendations have already been added to the legislation, including criminalizing revenge porn and cyberflashing, where an indecent image is shared without the recipient’s consent.” The U.K. government told the Financial Times that the bill would “force internet firms to protect people better from a range of image-based abuse — including deepfakes,” and it’ll review the recommendations.

Policymakers from the European Union to California and Virginia have introduced rules targeting deepfakes. “Under a new E.U. code of practice, regulators can fine technology companies up to 6 percent of their global turnover if they do not crack down on deepfakes,” Criddle writes.

Inside the industry

Competition watch

Hill happenings

Trending

Daybook

The Atlantic Council hosts an event on new U.K. data protection rules Tuesday at 9 a.m.

Pat Gelsinger Intel CEO discusses semiconductor manufacturing and government support at a Washington Post Live event Tuesday at noon.

Before you log off

That’s all for today — thank you so much for joining us! Make sure to tell others to subscribe to The Technology 202 here. Get in touch with tips, feedback or greetings on Twitter or email.

GiftOutline Gift Article