TikTok is the most used app on the planet with over 1 billion active users. In 2021 it overtook Google to become the most visited website in the world. Despite this momentum, multiple US states have banned the app on government equipment and it is likely that Congress will institute a national ban on TikTok in 2023 with bipartisan consensus. This is because TikTok is the social media extension of an AI platform legally beholden to the Chinese Communist Party (CCP).
Where did TikTok come from?
TikTok is the amalgamation of two other apps, Musical.ly and Douyin (抖音). In 2014, founders Alex Zhu and Luyu Yang created Musical.ly as a short form video app where users could lip-sync and dance to songs (a key TikTok attribute). From Musical.ly’s Shanghai office, the app failed to catch on in China. Yet the efforts directed from the Santa Monica, CA office led to an explosion in popularity amongst American teenagers, leading Zhu and Yang to focus on the US market.
Musical.ly passed the 100 million downloads milestone in mid-2016. Around the same time, Bytedance created Douyin (抖音), a short form video app built specifically for the Chinese market. Douyin’s growth outpaced every other local competitor and within one year it had over 100 million active users. In September 2017, Bytedance expanded Douyin outside of China under the name TikTok, and just two months later purchased Musical.ly for roughly $1 billion. This allowed TikTok to springboard into the international market and in 2018 TikTok and Musical.ly merged into the TikTok that exists today.
Who owns TikTok and what is ByteDance?
Despite attempts by the US government in 2020 to transfer ownership of TikTok to a U.S. entity, TikTok is still wholly owned by ByteDance Ltd. (字节跳动), a Chinese company based in Beijing.
ByteDance was founded in 2012 and is the brainchild of founders Zhang Yiming and Liang Rubo. Their first product was a news aggregator app named Toutiao (头条, “Headlines”) which is one of the most downloaded apps in the world with over 120 million active users. After this success, ByteDance moved on to create a variety of different apps, namely TikTok, Xigua Video, Lark (a Google Workspace/Microsoft Office competitor), and Resso (a Spotify competitor). The common thread across all of these apps is artificial intelligence. Founder Zhang Yiming stated that ByteDance companies are not social media or news businesses, they are AI companies that have different functions. ByteDance’s ultimate goal is to become a global AI platform business. ByteDance has already initiated this effort through their BytePlus offering.
The executives at ByteDance likely see their AI products as playing a foundational or near-monopolistic role in the future global economy, somewhat analogous to Microsoft’s Windows operating system in the past. If ByteDance is able to create and maintain a decisive head start in building the most effective algorithms on the market, they will become the default choice for international firms seeking to integrate AI into their business operations. Being integrated into major international firms at the level of AI would accrue significant revenue for ByteDance. Yet it would also accrue significant strategic advantages for the CCP, who would have a looking glass into any firm that chose to use ByteDance’s AI platform. This is because in China, private business is no private matter.
Unlike US businesses, Chinese firms generally have an internal communist party organization (covered in our previous post), meaning that they are overseen by at least one member of the Chinese Communist Party. As a company of note, ByteDance hosts an active Chinese Communist Party Committee internal to the company, headed by Party Secretary Zhang Fuping. In addition to this, the Cyberspace Administration of China (中华人民共和国国家互联网信息办公室 or CAC) owns a 1% stake (CN) in ByteDance. This stake entitles CAC to a seat on the board, which is currently occupied by Wu Shugang, a former division chief for “local direction” at the online opinion bureau of the CAC. It is important to note that the investment vehicle for CAC, the Chinese Internet Investment Fund (CN) (中国互联网投资基金, CIIF) has invested in numerous companies placed under US trade restrictions through the US Department of Commerce entity list. This list includes Sensetime, Phytium, CloudWalk, and many others.
A defining moment in ByteDance’s history was in 2018 when Neihan Duanzi (内涵段子, “Subtle Jokes”), ByteDance’s app for sharing jokes and silly videos, was ordered to shut down by the National Radio and Television Administration (which reports to the CCP’s Propaganda Department) because it contained “misleading and vulgar content.” At the same time, ByteDance’s Toutiao was pulled from the app store for three weeks for failing to “regulate the dissemination of news in a legal manner.” Zhang Yiming responded to this by releasing a public mea culpa where he stated “一直以来,我们过分强调技术的作用,却没有意识到,技术必须要用社会主义核心价值观来引导...” [All along, we have over-emphasized technology’s utility, yet we have not realized that technology must be led by the socialist core value system…]. In addition, Zhang promised to increase “content controllers,” or censors, from 6,000 to 10,000. The CCP’s crackdown was a sign to ByteDance and other tech companies that they need to conform to the Party or suffer consequences.
It is clear that ByteDance does not operate independently from the CCP. The company’s responsibilities to the government are officially outlined in China’s National Intelligence Law of 2017 and National Counter-Espionage Law of 2014. Article 7 of the 2017 law states: “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with the law, and shall protect national intelligence work secrets they are aware of.” All is a comprehensive word. Meanwhile, the 2014 law makes non-compliance with the CCP’s requests illegal, on pain of property seizure.
TikTok makes this plain in the app’s privacy policy where it states that “[the company] may disclose any of the information we collect to respond to [...] government inquiries, and to protect and defend the rights, interests, safety, and security of TikTok Inc. [...].” If ByteDance deviates from the 2017 law, it will suffer the same fate as firms such as Ant Group and LeEco (CN), which both ended up on the wrong side of the Party and lost their independence, preferential treatment, and had key executives “disappeared” or thrown into debtor’s courts.
Bytedance is very likely to fully cooperate under local legal regulations. For example, it is illegal in the Russian Federation to disseminate LGBT+ content. TikTok operates in Russia and Theo Bertram, the company’s director of public policy in Europe, the Middle East and Africa, spoke about TikTok’s removal of LGBT+ content in 2020. “I think the Russian law is terrible [...] But unfortunately we have to comply with legal requests in the countries that we operate.”
Interestingly enough, in support of the Ukraine invasion, Moscow introduced sweeping new censorship laws. In 2022 TikTok said it decided to stop live streaming and uploads in the Russian market due to these laws and therefore reduced its workforce. However, the workforce was not eliminated. The public statement was highly misleading. In fact, TikTok has stayed in Russia and at least through March was allowing Russian state media to post on TikTok, turning the app into an arm of Putin’s propaganda effort.
Returning to Beijing’s 2017 National Security Law, many Chinese firms say that the law’s requirements are never acted upon. However, there are numerous signals that the CCP has chosen to collaborate intimately with ByteDance. In 2020, Toutiao’s main competitor Qutoutiao was abruptly removed from app stores (CN) by Chinese regulators. Earlier this year, Forbes also discovered that around 300 employees across both TikTok and ByteDance formerly worked or concurrently work at Chinese state media outlets such as Xinhua News and China Central Television. These individuals are the CCP’s censors, as Xinhua and China Central TV are both government-owned and report directly to the CCP’s Central Propaganda Department. As the line between ByteDance and the CCP continues to fade, even employees within the company are starting to take note. This year three senior executives at TikTok resigned after it was made clear that many employees take orders and guidance directly from the Beijing office.
Despite concerted efforts on the part of ByteDance to market TikTok as a separate entity, TikTok is owned and controlled by ByteDance, an entity in turn wholly responsible to the Chinese Communist Party.
Why does this matter?
TikTok’s Chinese ownership and CCP affiliation becomes problematic when the app uses methods to collect certain information from US users. These methods include aggressive tracking and storage of location services data, keystroke and screen tap logging through the app and in-app browser, biometric data collection, and the masked extraction and transmission of these data to China.
Location Services
TikTok employs three different signals to locate users’ phones: GPS, WiFi, and cell tower. When combining all three signals, location services can generate extremely detailed geo-locations, sometimes with enough fidelity to know which specific area of your own house the phone is located in.
When location services are denied at the operating system level, TikTok still harvests location data by logging a phone’s IP address. This gives the company a location from where a cell phone is accessing the internet.
This detailed level of location information can be used to track individuals. On 22 December, TikTok announced that members of ByteDance’s internal audit team used IP addresses to track journalists. This means that TikTok has repeatedly lied to the US government about data accessibility. Additionally, this information can be used to build pattern of life analyses on TikTok users. The app knows where you sleep, live, work, travel, who your friends are, how late you stay out at night, and a plethora of other location information. This lets the CCP make high confidence assessments on where specific US citizens went to school, where they were trained, or what governmental department they may work in.
US social media apps are also likely collecting such information alongside TikTok. Fortunately, US companies Google and Apple offer options in Android and iOS to turn off location services and limit the effectiveness of tracking. US firms are also subject to legal restrictions surrounding data collection which ByteDance is not.
Keystroke and Screen Tap Logging
TikTok has also been caught logging keystrokes and screen taps within an in-app browser. The keyboard keys a user touches are likely memorized and saved on TikTok’s servers. The output from this monitoring likely contains passwords that are entered on websites and apps, credit card information, and other personal data. If keystroke access is blocked, screen tap logging acts as a backup.
There are US social media apps that also track this information. However, all of these apps allow the user to open links within their default browser (unlike TikTok) which avoids the issue of keystroke/screen tap logging.
Biometric Data Collection
TikTok also collects biometric information from users, specifically faceprints, and voiceprints. By having the biometric prints of an individual user’s face and voice, the CCP is able to identify that individual for the rest of their life, whether they use TikTok in the future or not. An individual’s biometric information could be collected at airport customs (as it often is already) or a surveillance camera on the street. This information could then be run against TikTok records to identify the individual with a very high degree of confidence.
In early 2022 the HBO series “Euphoria” was taking the US by storm and TikTok capitalized on this trend by making a Euphoria filter to add visuals to users’ eyes. This filter required taking a close up photo/video of your eye. Phones such as Samsung’s Galaxy devices are able to take iris prints which are unique to every individual. This seemingly innocuous and fun filter was a way for TikTok to gain vast troves of biometric data. The hashtag #euphoriafilter has been used over 62.4 million times.
Voiceprints are also an increasingly important subcategory of AI development in China and the Chinese Internet Investment Fund is actively investing in AI speech recognition and generation firms like SpeechOcean. These data can be used to make audio deep fakes, AI generated audio recordings that sound like specific people saying things that they never actually said.
While many individuals dismiss the idea that this type of data could be used against them, the CCP actively uses biometric data to monitor users who “violate the law or commit crimes.” Violating the law can be something as simple as disseminating “misleading or vulgar content,” which includes anything that the CCP doesn’t like.
Masked Extraction and Transmission of Data
Technical analysis has shown that the TikTok app allows multiple third-party trackers to collect user data. This makes it nearly impossible to analyze who exactly is collecting the data and what data is being collected. These trackers are also active after a user leaves the TikTok app. While the use of third-party trackers means that users don’t know who is collecting which data (masked extraction), we do know that data is sent to China. In a separate technical analysis, Phones with TikTok installed connected to mainland China multiple times.
How does this compare to Western social media apps? In the above cited technical analysis, none of the other apps used nearly as many third-party trackers. The average per app was 4 third-party trackers and 2 first-party trackers (with some apps using no third-party trackers, like WhatsApp). TikTok scored 13 third-party trackers and 1 first-party tracker.
Where Does the Data Go?
So, TikTok knows where a user goes, private information that is typed into the user’s phone, and can identify this user in the future even if they don’t use the app anymore. Some users may acknowledge that such detailed data are collected and may claim they do not care that TikTok collects such data. But this is not the end of the story, only the beginning.
Right on the TikTok website, within the privacy policy, TikTok states that “TikTok may transmit your data to its servers or data centers outside of the United States for storage and/or processing.” A fairly anodyne clause, but it is an obvious hint that TikTok users' information is being stored and processed (or at least accessed) in mainland China. As stated above, technical analysis of phones with TikTok installed have shown these phones connecting multiple times to mainland China-based internet infrastructure.
TikTok has denied that data gets sent to China or that Mainland Chinese-based employees even have access to US user data. TikTok execs have claimed that the privacy policy clause is meant to cover backup operations in Singapore. However, this has been a lie every time TikTok has made the claim. It is clear that Chinese employees have casual access to US user data and that requests were made to track the physical location of specific American citizens. As mentioned above, this access was confirmed when ByteDance acknowledged that members of their Beijing-based internal audit team accessed US user data in order to track the locations of journalists.
Two things should be clear. One, TikTok is firmly under the CCP’s control. And two, TikTok is very willing to be evasive or lie about this fact.
What is the CCP Doing with TikTok Data?
TikTok accumulates user data, and then applies AI algorithms in a feedback loop. One AI algorithm curates users’ “For You” feed, which analyzes likes, how long users watch specific videos, comments, watch-again rates, and other data to curate the most popular videos.
To close the feedback loop, another AI algorithm aids users in creating viral videos. TikTok will suggest music, hashtags, filters, and other content features that the algorithm knows are found in successful videos. All of these features are designed to increase retention and reduce exit rate, basically the same as any other social media app. TikTok wants the most attention it can get from users.
The departure point from Western social media is that TikTok is legally inextricably linked to the CCP. And fortunately, the CCP has an extensive document outlining goals for AI development. Section 1 of the document states that “AI technologies [...] will significantly elevate the capability and level of social governance, playing an irreplaceable role in effectively maintaining social stability.”
Of course, we have already witnessed the CCP deploy AI technology to maintain social stability in the notorious case of the Uyghur genocide. The CCP desires massive amounts of data to plug into separate AI algorithms aimed at behavior modification, the end goal being the protection of the CCP and the destruction of its perceived enemies.
The mountains of private data collected by TikTok allow AI algorithms to develop very detailed profiles of specific American citizens. These data can then be used to develop and target specific messages that these users are predisposed to find engaging. If the CCP desired to influence US elections, magnify culturally divisive issues in America, or shape the opinions of US citizens towards China, TikTok is the perfect tool to do so.
It also allows Beijing-based censors to find users critical of the CCP and exact retribution. This has already happened, as posts critical of China or the CCP have been de-promoted or banned. TikTok has also been caught censoring LGBT+ content, videos discussing the Uyghur genocide, and Tibetan freedom. With ByteDance calling the shots, TikTok is covertly beholden to the CCP’s strategic directives.
US regulators display massive naivete by allowing CCP AI-enabled programs access to US citizens personal data. In addition to the above problems with AI, the following use cases are also of concern.
Self-Censorship
While blunt censorship is always a problem, just as insidious is the chilling effect of such measures. TikTok is already the most popular app with Americans under 30, and user profiles with a large number of followers can be highly lucrative. The users running these profiles want their posts to get views, so they know to avoid topics that could cause the ire of censors. An outright ban of a user’s account could lead to the loss of their source of income.
TikTok users are aware of these dynamics, which has given rise to algospeak (algorithm speak) across the platform. For example, users posting about LGBT+ issues often use the tag #le$bian instead of typing the full word lesbian, which is more likely to draw the attention of automated or human-in-the-loop moderators. This game of censorship cat-and-mouse will be depressingly familiar to long time observers of China’s great firewall protected internet ecosystem.
Targeting Specific US Citizens for Gain
China has a well-documented history of stealing a huge variety of trade secrets, research, intellectual property, business strategy, and a wealth of other kinds of information. Targeting the people who have this information is made far easier when their every movement and identity is tracked by TikTok. The same goes for US citizens working in national security, who are far easier to compromise or collect against when they allow TikTok to track them. Unfortunately, the target does not always need to download TikTok. If a family member or friend happens to be using the app, the CCP is almost certainly able to collect much of the same information.
As mentioned above, an example of targeting specific US citizens for gain took place on 22 December, 2022. Beijing-based ByteDance employees used TikTok to access the location information of two US journalists. They did this in order to discover if ByteDance employees were talking to the press. Similar tactics could be used in support of strategic CCP interests, as well as giving Chinese companies unfair advantages in commercial competition.
Pushing Harmful Content
TikTok has a proven tendency to feed underage users content relating to eating disorders, self-harm, expressing symptoms of mental distress, and suicide. At the same time, Douyin (what TikTok is called inside China) has a mandatory “youth mode” for users 14 and below, becoming optional for users 15 and up. Youth mode makes the app impossible to open up at night, serves up educational videos, STEM content, patriotic propaganda, and asks the user to take breaks after too much time spent on the app.
It is clear that the CCP believes TikTok to be incredibly harmful, which is why it is given a free reign in the US while Douyin is kept on a tight leash. Whether or not the strategy is effective, Beijing is happy influencing American teenagers to cook chicken in NyQuil while influencing Chinese teenagers to take patriotic pride in the CCP’s glorious achievements.
Consequences for Strategic Competition:
It is highly likely that TikTok will be banned in 2023 and almost certain that it will be banned eventually. Once this happens, it will likely lead to a domino effect where other Chinese apps with similar problems (TeMu, WeChat, Alipay) are also banned or limited. There will be two primary consequences of these bans. First, it will accelerate the bifurcation of the internet. Second, there will likely be greater restrictions on US investment in Chinese companies.
The CCP already sections off the domestic Chinese internet by operating the Great Firewall. Since the current international institutions guiding trade were founded decades before the internet, trade norms have failed to keep pace with internet technology. The CCP has exploited this asynchrony to the hilt, maintaining full membership in the free trade-based World Trade Organization (WTO), while completely walling off the Chinese internet from the outside world. This allowed the CCP to protect and grow massive internet-based companies which don’t have to compete to survive. These state companies are now ready to steal business in international markets, while relying on the protected domestic market to pump cash into their employee payrolls and research and development budgets.
This is full-blown old world colonial mercantilism which cannot be tolerated. Most US technology firms have already been banned from the Chinese market and the CCP has limited tit-for-tat options in the tech field if TikTok were to be banned. Still, the CCP is almost certain to respond in kind somehow. The CCP’s actions and the likely US response will eventually tear the global internet into two spheres, one led by Beijing, and the other led by Washington. This in turn, will accelerate the on-going economic delinkage between the US and China.
US investment in Chinese private companies is largely limited to strategic industries such AI, life sciences, general IT, etc. This means that US investment firms and asset managers such as BlackRock, Vanguard, and Fidelity are investing in many companies which are actively working against US national security. While structural problems in China’s economy resulted in a decrease in US investment in Chinese firms in 2022, this organic shift is not enough. As more US-backed Chinese firms flagrantly violate US law or are added to the entity list, it is likely that the President or Congress will add restrictions on what Chinese industries US firms may invest in.
In summary, anyone who has TikTok on their devices should immediately delete it.