Category: Chinese Communist Party

@ebakerwhite: Security Failures At TikTok’s Virginia Data Centers: Unescorted Visitors, Mystery Flash Drives And Illicit Crypto Mining@ebakerwhite:

For years, TikTok has told lawmakers that the private data of its U.S. users is secured — and safe from potential influence or exfiltration — in a cluster of data centers located in Northern Virginia.

But interviews with seven current and former employees and more than 60 documents, photos and videos from the data centers reveal that the centers have faced security vulnerabilities ranging from unmarked flash drives plugged into servers to unescorted visitors to boxes of hard drives left unattended in hallways. Sources suggest that these challenges are the result of TikTok trying to grow its data storage capacity very quickly, and sometimes cutting corners along the way.

Documents, photos, and interviews also suggest that TikTok’s data center operations are still tightly enmeshed with ByteDance’s business in China. Among other suppliers, the data centers use servers produced by Inspur, a company that the Pentagon said in 2020 was controlled by the Chinese military and that the Commerce Department added to a sanctions list last month. Documents also show that as recently as last week, server work orders were sent to data center technicians by Beijing ByteDance Technology Co., Ltd., a ByteDance subsidiary partially owned by the Chinese government, which TikTok has repeatedly insisted has no control over its operations.

Read the post on Forbes and also Chris Castle’s panel at MusicBiz conference in 2020.(don’t say you weren’t warned)

@ebakerwhite: TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens

[Well, here it is. Two years ago we warned everyone who would listen that TikTok were apparatchiks for the Chinese Communist Party–by law in China because of the CCP’s civil-military fusion–“If Google is the Joe Camel of data, then TikTok is the Joe Camel of intelligence.” We did panels warning about TikTok including the CEO’s struggle session and the CCP constitution–facts, you know. Tim Ingham warned that on top of everything else, the deals suck. And then there’s Twinkletoes, who is in our view a walking, talking Foreign Agent Registration Act violation.

[According to Emily Baker White writing in Forbes:]

China-based team at TikTok’s parent company, ByteDance, planned to use the TikTok app to monitor the personal location of some specific American citizens, according to materials reviewed by Forbes.

The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang. 

The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.

Read the post on Forbes