Social-Media
TikTok Chief Security Officer states that its servers are now independent from ByteDance.
TikTok's chief security officer states in new court documents that the US Department of Commerce has mischaracterized how the app stores and secures user data, as the company renews its motion for a preliminary injunction against the Trump administration 's looming ban.
Roland Cloutier, Global Chief Technology Officer for TikTok, said in a recent legal filing in anticipation of the pending trial in the U.S. District Court for the District of Columbia, that the Commerce Department has made a variety of false claims about the company's data technology policy and procedures.
Cloutier claims that a September memo from the Commerce Department outlining particular software issues is erroneous in claiming that TikTok is not independent from the Chinese edition of the app — called Douyin — or from the ByteDance systems parent business, and that functionality, including data, internal control, and algorithms, is indeed partly shared across other ByteDance products.
He says that the TikTok software stack is "entirely distinct" from the Douyin software stack, meaning that each application's source code and user details are kept separate.
The government also mischaracterized how TikTok stores US user info, says Cloutier. The Commercial Memo states that TikTok rents Alibaba Cloud servers in Singapore and China Unicom Americas (CUA) in the US, which represent "major threats."
Cloutier says that CUA provides TikTok with data center space — building and electricity — but does not have servers. ByteDance maintains and manages all servers that are housed inside the CUA building, says Cloutier, and the servers are sealed within the facility's enclosure.
As TikTok rents cloud space from other firms, Cloutier says, this does not mean that TikTok has access to confidential knowledge. User data is encrypted and sharded, which ensures that it is broken into multiple bits through a variety of servers, he added.
In addition, Cloutier states that outdated source code with Chinese IP addresses has been deleted from legacy versions of the TikTok software. He says a bug that has already been removed from TikTok user clipboard material, along with an anti-spam software that has accessed clipboard info.
And Cloutier says that if asked, TikTok would not have complied with the Chinese government's request for user data, another issue of the trade department.
Back in August, President Donald Trump released an order declaring that security issues around TikTok and WeChat, both China-based applications, constituted a national emergency. He invoked the International Emergency Economic Powers Act (IEEPA), which allows him to prohibit transactions between US and foreign entities. The President then released an order on 14 August granting TikTok parent company ByteDance 90 days to either sell or spin off its TikTok business in the United States. The order is expected to come into force on 12 November which will essentially suspend the service of the app.
On 18 September, the Commerce Department released an order to block transactions with ByteDance and WeChat, effective 20 September. On September 19, however, a preliminary agreement was announced to develop a new business, TikTok Global, based in the US, that would process and store data for all users of TikTok based in the US. Under the terms of the arrangement, Oracle will become TikTok's trusted security partner.
Trade Secretary Wilbur Ross then postponed the ban until 27 September, but US District Judge Carl Nichols granted a temporary injunction on 27 September banning the ban.
A hearing on the application of the injunction by the Department of Justice is scheduled for 4 November.
