Jul 29, 2024 3 min read

TikTok’s plans to allay data security concerns were simply insufficient, US government insists in new court submission

The US Department Of Justice last week filed documents in response to TikTok’s lawsuit that is trying to block the sell-or-be-banned law passed by Congress earlier this year. The DoJ sets out various data security concerns and says TikTok’s proposals for overcoming them just weren’t good enough

TikTok’s plans to allay data security concerns were simply insufficient, US government insists in new court submission

The US government says that TikTok’s proposals for addressing data security concerns were ultimately insufficient, despite extensive negotiations, which is why the White House supported the TikTok-targeting sell-or-be-banned law that was passed by US Congress earlier this year

Bringing in Oracle as a US-based overseer of the TikTok platform didn’t help, officials add, because the amount of source code on the TikTok platform would make such an overseer role more or less impossible, even for a company as big as Oracle. 

These statements are made a new court submission responding to TikTok’s ongoing bid to overturn the sell-or-be-banned law through the courts. TikTok and its owner Bytedance has already hit back at that submission, criticising the fact some of the information is redacted, and insisting that the sell-or-be-banned law is still unconstitutional on free speech grounds. 

“The TikTok ban would silence 170 million Americans’ voices, violating the First Amendment”, a TikTok spokesperson says. “As we've said before, the government has never put forth proof of its claims. We remain confident we will prevail in court” . 

American politicians have repeatedly expressed concern that the Chinese government has access to US TikTok user-data via ByteDance, which is a key reason for the law that says ByteDance must sell TikTok or face a ban within the US. 

For its part, TikTok has repeatedly denied there are any data security issues on its platform. The new submission from the US government’s Department Of Justice seeks to set out why those data security concerns are legitimate. 

Among other things, it hones in on the sharing of US userdata via ByteDance’s internal communications system Lark. “TikTok employees have communicated with their co-workers on Lark”, it says, and “at various points in time, have sent significant amounts of restricted US user data to each other through Lark channels to address various operations issues”. 

“This resulted in certain sensitive US personal data being contained in Lark channels”, the submission continues, “and, therefore, stored on Chinese servers and accessible to ByteDance employees located in China”. 

TikTok faced a ban in the US before under former President Donald Trump. That prompted the alliance with Oracle and a big data security initiative called Project Texas, which ByteDance hoped would allay the concerns of the American government. 

In his submission to the court last week, David Newman, Principal Deputy Assistant Attorney General of the DoJ’s National Security Division, says he was part of the team that worked with ByteDance on that initiative. However, the government “was ultimately unable to reach a national security agreement with ByteDance”, because senior government officials concluded that ByteDance's final proposal “would not sufficiently ameliorate the risks”. 

A big part of ByteDance’s proposal was hiring Oracle as a US-based ‘trusted technology partner’ to oversee the TikTok platform and ensure US user data was secure. However, Newman adds, officials weren’t convinced Oracle could effectively perform that role because of the sheer quantity of code. 

“ByteDance’s representations as to the size of the TikTok platform’s source code leave no doubt that a complete review of each line would be a monumental undertaking”, Newman writes. A recent representation from Bytedance said “that the source code contained 2 billion lines of code”. By comparison, Newman adds, “the Zoom application contains 10 million lines of code, and Windows Operating System contains approximately 50 million”. 

“Even if static, Oracle estimated it would require three years to review this body of code”, Newman reveals. “But the source code is not static; ByteDance regularly updates it to add and modify TikTok’s features. Even with Oracle’s considerable resources, perfect review would be an impossibility”. 

TikTok’s lawsuit seeking to overturn the sell-or-be-banned law centres on two main arguments. First, it is impractical and unrealistic to expect ByteDance to sell TikTok, even just within the US, by the beginning of next year, which means the law is basically a ban. 

Which leads to the second argument, that banning the use of TikTok is unconstitutional on free speech grounds. TikTok reckons that last week’s submission does little to counter those core arguments. 

However, DoJ officials were equally adamant last week that the free speech arguments are not valid. According to the FT, they said that there are no issues under the First Amendment of the US constitution because the law is focused on national security threats. 

Meanwhile, China, ByteDance and TikTok Global are not covered by First Amendment rights, and TikTok US “by its own admission is merely a conduit for content moderation decisions made by the Chinese entities”. 

And while a group of TikTok creators are also fighting the new law, those creators do not have a First Amendment right to express themselves via TikTok in particular. 

All these arguments and counterarguments will now be argued in court in September.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to CMU | the music business explained.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.
Privacy Policy