ByteDance Spying Scandal Isn’t So Much About TikTok, But About The US’s Failure To Pass A Comprehensive Privacy Law

Privacy

from the privacy-is-the-victim dept

Emily Baker-White has quite the story over at Forbes, revealing how ByteDance, the Chinese company that owns TikTok, apparently planned to have its “Internal Audit and Risk Control” department spy on the location of some American citizens:

The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.

[….]

But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

Given the near non-stop moral panics about TikTok from the past few years, I’m am absolutely sure that this will be used (yet again) to argue that TikTok is somehow uniquely problematic, when the reality (yet again) is that what it’s doing is really no different than what a ton of American internet companies already do and have done in the past. Baker-White, who is one of the best reporters on this beat, makes that clear in her reporting:

ByteDance is not the first tech giant to have considered using an app to monitor specific U.S. users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties. At the time, Uber acknowledged that it had run the program, called “greyball,” but said it was used to deny ride requests to “opponents who collude with officials on secret ‘stings’ meant to entrap drivers,” among other groups.

[….]

Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Uber had monitored the location of journalists covering the company. Uber did not specifically respond to this claim. The 2021 book An Ugly Truth alleges that Facebook did the same thing, in an effort to identify the journalists’ sources. Facebook did not respond directly to the assertions in the book, but a spokesperson told the San Jose Mercury News in 2018 that, like other companies, Facebook “routinely use[s] business records in workplace investigations.”

So, rather than making this a big thing about “oh no TikTok/China bad,” this should be a recognition that Congress should stop bickering about stupid stuff, and that includes pushing silly performative legislation, and come up with an actual federal privacy law that gives the public greater ability to protect their own privacy from all sorts of companies.

But, of course, that would take competence, and probably wouldn’t be useful for grandstanding or headlines… so it’ll never happen.

Of course, there are questions about what this means regarding TikTok’s widely discussed plans to separate US user data from ByteDance’s peeking eyes. I thought Oracle was supposed to protect us from all this, right? Right?

Filed Under: location data, privacy, surveillance
Companies: bytedance, facebook, tiktok, uber