×

No evidence of TikTok national security threat but reason for concern, experts say

By Max Zahn, ABC News Mar 28, 2023 | 11:29 AM
Karl Tapales/Getty Images

(NEW YORK) — Social media app TikTok faces mounting bipartisan hostility in Washington D.C., where Biden administration officials and lawmakers are weighing a possible ban of the platform.

The app, which counts more than 150 million U.S. users each month but is owned by a China-based parent company, has faced growing scrutiny from government officials over fears that user data could fall into the possession of the Chinese government and the app could be weaponized by China to spread misinformation.

However, there is no evidence that TikTok has shared U.S. user data with the Chinese government or that the Chinese government has asked the app to do so, cybersecurity experts told ABC News.

Still, there’s reason to believe that the Chinese government could compel the company to share data on U.S. users or manipulate content on the app to forward a pro-China agenda, considering the nation’s authority over domestic companies and previous misleading statements made by TikTok on related issues, the experts added.

“We don’t have smoking-gun evidence,” Sarah Bauerle-Danzman, a professor who specializes in national security and business investment at Indiana University, told ABC News. “But we do know that if the [Chinese government] asks TikTok for any data, they would be compelled to provide it and we also probably wouldn’t know if they did.”

In a statement, TikTok cited Project Texas, an initiative that the company says keeps all U.S. user data on servers within the country.

“The whole point of Project Texas is to put TikTok U.S. user data and systems outside the reach or influence of any foreign government,” the company said in a statement to ABC News.

“Today, all new protected U.S. user data is stored exclusively in infrastructure in the United States, and today all access to that environment is managed exclusively by TikTok U.S. Data Security, a team led by Americans, in America,” the company added.

Here’s what we know and don’t know about the national security threat posed by TikTok.
No evidence that TikTok has shared US user data with the Chinese government

A key fear among lawmakers and other government officials is that TikTok could share sweeping data on U.S. users with the Chinese government or the Chinese government could force the platform to manipulate the content displayed to U.S.-based users.

But there is no evidence available that suggests TikTok has shared U.S. user data or altered content for U.S. users at the behest of the Chinese government, cybersecurity experts said.

“We actually lack any evidence that China is regularly or systematically collecting TikTok data,” Ahmed Ghappour, a professor at Boston University who focuses on computer security and criminal law, told ABC News.

“We lack any evidence that China has attempted to compel TikTok to manipulate user recommendations or user data in any way that would rise to the level of a national security threat,” he added.

TikTok CEO Shou Chew pointed to the lack of evidence during roughly five hours of testimony before a House committee on Thursday.

“I think a lot of risks that are pointed out are hypothetical and theoretical risks,” Chew responded. “I have not seen any evidence.”

“I’m eagerly awaiting discussions where we talk about evidence,” he added.

In fact, some House members critical of TikTok acknowledged the lack of evidence.

Rep. Dan Crenshaw, R-Texas, closed the proceeding with a line of questions focused on potential data sharing between TikTok and the Chinese government.

“Maybe you haven’t done it yet,” Crenshaw said, addressing Chew. “But my point is that you might have to.”

“If you want to know why Democrats and Republicans have come together on this,” Crenshaw added. “That’s why.”

Despite a lack of evidence for the national security threat posed by TikTok, it remains a legitimate theoretical concern, since China has shown a previous willingness to exploit user data and wields extensive authority over domestic companies, cybersecurity experts said.

“We know that China is very aggressive when it comes to spying,” James Lewis, a data security expert at the Center for Strategic and International Studies, told ABC News. “TikTok hasn’t been caught. The Chinese have been caught.”

For instance, in 2015, hackers working on behalf of China broke into the computer system of the Office of Personnel Management, a federal agency, compromising the data of as many as 4 million federal employees, the Washington Post reported.

Last month, the U.S. military shot down a Chinese spy balloon off the coast of South Carolina, ending days of travel that took the balloon across the continental United States.

U.S. Secretary of State Antony Blinken postponed a trip to Beijing just hours before he was set to depart. Blinken called the balloon a “clear violation” of U.S. sovereignty and international law. Days later, China accused the U.S. of flying spy balloons into its airspace without permission more than 10 times since the start of 2022 — an allegation that the U.S. denied.

Meanwhile, China’s use of digital surveillance on its own residents is well-documented, including the deployment of app-based data to spy on residents as part of its response to the COVID-19 pandemic.

Under Chinese law, the government could force TikTok-parent company ByteDance to turnover U.S. user data and manipulate content displayed on the app, cybersecurity experts said, noting that a lack of transparency makes it difficult to determine whether such a request has taken place.

“There wouldn’t be a paper trail necessarily that would be available to the public to see if this were to occur,” Bauerle-Danzman said.

TikTok has repeatedly denied sharing U.S. user data with the Chinese government or receiving a request along those lines.

However, the company has previously provided misleading information on related issues, some experts said.

TikTok engineers based in China gained access to intimate information on U.S. users between September 2021 and January 2022, even after a TikTok executive told the Senate in sworn testimony in October 2021 that a “world-renowned, US-based security team” determined which employees accessed such data, BuzzFeed reported in June.

“TikTok has a documented history of saying one thing and not always being accurate about that information,” Bauerle-Danzman said.

In response to concerns about U.S. user data, Chew has touted Project Texas, an ongoing effort that he says keeps all data on U.S. users within the country through a partnership with Oracle. During his testimony before the House, Chew said ByteDance remains capable of accessing user data but will no longer be able to do so after TikTok completes Project Texas.

Chew also said the company would welcome information security controls approved by a U.S. government monitor and enforced by a third party.

“Trust must be earned through action, not words,” Chew said.

ABC News’ Britt Clennett, Karson Yiu and Morgan Winsor contributed reporting.

Copyright © 2023, ABC Audio. All rights reserved.