Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo-Specific
Australian Users' Data Accessible in China, TikTok Exec Says
Parliament Committee on Foreign Interference in Social Media Grills TikTok ExecsTikTok executives were unable to answer Liberal senator and chair of the committee James Paterson when he questioned them on how many times Australian user data had been accessed by TikTok staff in China, but the executives admitted it had happened.
See Also: Using the Netskope HIPAA Mapping Guide
TikTok employees based in China are able to access Australian users' data, but the data is only accessible on a "very strict basis," the company's head of data security, Will Farrell, on Tuesday told an Australian parliamentary committee examining foreign interference on social media.
TikTok Australian Public Policy Manager Ella Woods-Joyce said that engineers can tweak the algorithm used for specific individuals. She also said that TikTok employees in China are subject to China's national security law introduced in 2017, which calls for any business operating out of mainland China to share users' data with the government under complete anonymity.
But Woods-Joyce repeatedly insisted that the Chinese government has not requested any user data and that TikTok would refuse to supply it if the government did. Yet she failed to explain the legal basis for that decision. "So your evidence is that you would break Chinese law?" Paterson asked, and Wood-Joyce gave no clear answer. "They just want us to believe they would break [the law] to protect TikTok users," Paterson later tweeted.
The TikTok executives also refused to say they are a Chinese company and said they didn't know where TikTok's headquarters are or where the majority of its employees are based, when Paterson questioned them about it.
Canada, the U.S. and the U.K. have banned TikTok from government-owned devices amid growing concerns about the company's connections with the Chinese Communist Party and its alleged espionage and interference in matters of national security. The TikTok executives were questioned at length by the Australian Parliament's Senate Select Committee led by Paterson, which was examining foreign interference on social media.
'Clear Justification' Needed to Access Data, Exec Says
Paterson's questions were aimed at gaining knowledge about the data handling practices of the social media companies and their direct interference in matters concerning the data security of Australian citizens.
Farrell said there were "a number of protections in place," which include employees getting access to limited data required only to do their job. "Employees can't get access without a clear justification and levels of approval," he said.
The data accessed across international borders requires approval of the global security team based in the U.S., which also monitors all the data access periphery. A security review also applies to any employee based in China who tries to change the algorithm, Paterson added.
TikTok Australia and New Zealand Managing Director Lee Hunter in October said that reports about TikTok monitoring specific locations of American citizens were false. "TikTok has never been used to target any members of the U.S. government, activists, public figures or journalists, nor do we serve them a different content experience than other users," Hunter said at the time.
But in December it was revealed that TikTok employees had violated their access and attempted to identify the sources of journalists writing articles criticizing the Chinese government. Hunter told the committee he stands by his words in the original article and blamed "rogue employees" that he said had acted as an insider threat and had since been fired from the company for accessing the data.
Paterson questioned the TikTok executives about whether Australian users' GPS location information was collected, as the privacy policy of the app suggests, but both Hunter and Woods-Joyce said that TikTok did not collect that data - just the nearest IP address.
WeChat Summoned But Fails to Appear
The parliamentary committee summoned the Chinese messaging platform WeChat and its parent company Tencent concerning "compelling evidence has been put to the committee by expert witnesses that WeChat engages in surveillance, censorship and foreign interference on its platform," Paterson said. "WeChat has an estimated user base of 1 million people in Australia yet does not have an Australian presence and does not feel the need to even pretend to participate in the inquiries of a parliament."
"WeChat App and its parent company Tencent Global has been repeatedly invited to appear before the Senate Select Committee on Foreign Interference Through Social Media and repeatedly declined. Their refusal to engage with the parliament reflects very poorly," Paterson tweeted on Monday.
WeChat wrote in a letter to Paterson that since it does not have any offices or employees in Australia, it was not in a position to send a representative for the hearing Tuesday. WeChat said it would provide responsive information to the company in writing instead and is open to addressing any views and questions.
Paterson said WeChat cannot be compelled to appear before the committee but indicated that its refusal to do so showed "contempt for the parliament of Australia," which could lead the committee to include adverse recommendations about WeChat in its report.
"Social media platforms headquartered in China, such as TikTok and WeChat, pose a unique and ever greater risk to our democracy because they are beholden to the Chinese Communist Party, which operates without the oversight and transparency mechanisms we have in rule-of-law democracies," Paterson wrote in an Australian daily newspaper.
"China's national intelligence laws mean these companies and their employees are required to secretly co-operate with Chinese intelligence agencies. Confronting this problem is no easy task. It will require a concerted effort from governments, citizens, and, crucially, the social media platforms on which this conduct is taking place."