TikTok has admitted that it used its own app to spy on reporters as part of an attempt to track down the journalists’ sources, according to an internal email.
The data was accessed by employees of ByteDance, TikTok’s Chinese parent company and was used to track the reporters’ physical movements. The company’s chief internal auditor Chris Lepitak, who led the team involved in the operation, has been fired, while his China-based manager Song Ye has resigned.
They looked at IP addresses of journalists who were using the TikTok app in an attempt to learn if they were in the same location as employees suspected of leaking confidential information. The effort, which targeted former BuzzFeed reporter Emily Baker-White and Financial Times reporter Cristina Criddle among other reporters, was unsuccessful, but resulted in at least four members of staff based in both the US and China improperly accessing the data, according to an email from ByteDance general counsel Erich Andersen. All four have been fired. Company officials said they were taking additional steps to protect user data.
ByteDance chief executive Rubo Liang, the direct manager of Song Ye, said he was “deeply disappointed” in an internal email published by Forbes, where Baker-White now works. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals … I believe this situation will serve as a lesson to us all.”
ByteDance and TikTok had initially issued categorical denials of the allegations when they were first reported. The company claimed it “could not monitor US users in the way the article suggested”, and added that TikTok had never been used to “target” any “members of the US government, activists, public figures or journalists”. Those claims are now acknowledged to be false.
The disclosure, reported earlier by the New York Times, could add to pressure TikTok is facing in Washington from lawmakers and the Biden administration over security concerns about US user data.
Congress is set to pass legislation this week to ban government employees from downloading or using TikTok on their government-owned devices and more than a dozen governors have barred state employees from using TikTok on state-owned devices.
The Financial Times said in a statement that “spying on reporters, interfering with their work or intimidating their sources was completely unacceptable. We’ll be investigating this story more fully before deciding our formal response.”
BuzzFeed News spokesperson Lizzie Grams said the company was deeply disturbed by the report, saying it showed “a blatant disregard for the privacy and rights of journalists as well as TikTok users”.
Forbes reported on Thursday that ByteDance had tracked multiple Forbes journalists including some who formerly worked at BuzzFeed “as part of a covert surveillance campaign” aimed at discovering the source of leaks. Randall Lane, the chief content officer of Forbes, called it “a direct assault on the idea of a free press and its critical role in a functioning democracy”.
TikTok chief executive Shou Zi Chew said the company would “continue to enhance these access protocols, which have already been significantly improved and hardened since this initiative took place”.
after newsletter promotion
Chew said that over the past 15 months the company had been working to build TikTok’s US data security department to ensure protected TikTok US user data stays in the United States.
“We are completing the migration of protected US user data management to the USDS department and have been systematically cutting off access points,” he wrote.
ByteDance also said it was restructuring the internal audit and risk control department, and the global investigations function would be split and restructured.
The committee on foreign investment in the US, a national security body, has for months sought to reach a national security agreement with ByteDance to protect the data of more than 100 million US TikTok users, but it appears no deal will be reached before year’s end.
Republican senator Marco Rubio said of the incident that ByteDance was “desperate to tamp down growing bipartisan concerns about how it enables the Chinese Communist party to use – and potentially weaponise – the data of American citizens. Every day it becomes more clear that we need to ban TikTok.”
