Here’s more details about the access ByteDance had to U.S. TikTok user data

Even with the clock now officially ticking for ByteDance to either sell TikTok or face a ban in the U.S., new evidence continues to surface about the Chinese parent company’s failures to keep U.S. user data separate from the rest of the organization.

Tiktok’s former lead technical program manager for security engineering went on the record with Fortune, asserting that ByteDance retained control over some of the computer systems used by TikTok employees, according to a new piece published by my colleague Alexandra Sternlicht yesterday. Those internal systems spanned messaging as well as product and tech management software—and they left U.S. user data vulnerable to China-based ByteDance workers.

“There’s a front door that everyone is looking at, but the way to access the network is through employees,” Ryan told Sternlicht, describing his stint at the company between 2020 and 2022.

The revelations underscore the challenge facing businesses trying to balance geopolitical strictures with the realities of operating a global internet company, in which dispersed teams need to communicate frequently and access common data. TikTok’s U.S. Data Security team, which was focused on keeping U.S. user data sequestered, frequently moved data out of that isolated environment by using an internal communications platform called Lark/Feishu that was controlled by ByteDance in China, Ryan and another former TikTok employee told Sternlicht.

While there is no evidence that the Chinese government actually took advantage of this access to spy on Americans, the latest example of the data wall’s porous nature bolsters the argument of those who want TikTok banned in the U.S.

There’s more:

TikTok has given conflicting timelines for when it completed shifting the version of Lark used by U.S. data security workers to be entirely in the U.S. Asked by The New York Times in May 2023 about the topic, a TikTok spokesperson said U.S. user data was still being moved. When that transfer was complete, messages involving U.S. user data would be hosted on a separate “internal collaboration tool” (alluding to the U.S.-based Lark), the spokesperson said.

But more than a year later, TikTok’s policy team gave a different story in a post on X. It said the “secure environment for protected U.S. data,” overseen by the U.S. data security team, had been completed in January 2023—months before the Times published its story.

In response to a question by Fortune about the discrepancy, a TikTok spokesperson provided yet another timeline. In this telling, the secure data environment, or servers and data centers, for the U.S.-only version of Lark was completed in January 2023. But Project Texas, the actual isolation of U.S. user data within that infrastructure, is ongoing, the spokesperson said without giving an expected date of completion.

Some of TikTok’s other software that is used by employees to do their jobs also leaves the door open to monitoring by ByteDance’s China-based workers, Ryan said. That’s because these services are mostly hosted in, or accessible from ByteDance and TikTok’s internal network, which is largely based in China, says Ryan. In theory, ByteDance workers with certain clearances may be able to see what U.S.-based TikTok employees using these systems are doing. However, Ryan couldn’t point to specific instances of U.S. user data being shared across these systems, which included Atlassian’s Jira product management software and Asana, used for tracking the status of tasks assigned to workers and for project management.

For its part, a TikTok spokesperson asserted that “This reporting is inaccurate and is clearly driven by anonymous sources with a preconceived agenda.” TikTok’s user data, the company said, was stored in Virginia and Singapore in 2022, and away from China. It declined to respond to allegations that some of its enterprise systems were hosted in China through at least 2022.

You can read Sternlicht’s full story here.

In other news…Fortune yesterday won four National Headliner Awards for our 2023 cover story on OpenAI, our piece about employers' efforts to help people with substance-abuse problems reintegrate into the workforce, our Jason Blum profile, and our special digital issue that delved into Elon Musk’s universe.

See you tomorrow,

Jessica Mathews
Twitter: @jessicakmathews
Email: jessica.mathews@fortune.com
Submit a deal for the Term Sheet newsletter here.

Joe Abrams curated the deals section of today's newsletter.

This story was originally featured on Fortune.com

Here’s more details about the access ByteDance had to U.S. TikTok user data

In Other News

Drake and Kendrick take their feud to 2024 BET Awards with competing nominations

Taylor Swift and Travis Kelce look loved up during private dinner in Lake Como

Is iMessage not working? Thousands of users report Apple service down Thursday aftern…

Why we care so much about the Dow, the stock market’s dumbest index

Frank Sinatra's favorite appetizer is perfect for spring

Chick-fil-A is adding a new chicken sandwich to the menu

Grandparents-to-be go viral with their reaction to baby news: 'A pregnancy?!'

For $6.6 million, you can own part of a town in California

2024 PGA Championship live updates: Scottie Scheffler at -4; Xander Schauffele leads

What's the latest on MLB's injured aces? Checking in on Gerrit Cole and others

Pentagon's temporary pier off Gaza is ready to begin delivering aid

Damaging thunderstorms to jolt Gulf Coast states into the weekend

Related articles

Related articles

Related articles