TikTok Security Officer Touts New Oversight Framework as Congress Pushes for Ban
The “Project Texas” initiative ensures that all of TikTok’s U.S. data security operations are overseen by independent parties.
Em McPhie
WASHINGTON, March 7, 2023 — As lawmakers grow increasingly wary of TikTok’s risks to national security, the company is developing a complex framework with significant government and third-party oversight in a bid to continue its United States operations.
“It’s going to be an unprecedented amount of transparency,” said Will Farrell, interim security officer at TikTok, in a keynote address at State of the Net on Monday.
Don’t miss the Big Tech & Speech Summit on Thursday, March 9 from 8:30 a.m. to 3:30 p.m. Broadband Breakfast is making a webinar of the summit available. Registrants and webinar participants receive two months’ complimentary membership in the Broadband Breakfast Club.
TikTok’s efforts to win U.S. government approval come in the face of growing Congressional hostility toward the platform. Sens. Mark Warner, D-Va., and John Thune, R-S.D., on Tuesday unveiled a bill aimed at giving President Joe Biden the ability to impose a complete ban of the app.
Farrell claimed the new framework would be a comprehensive answer to widespread concerns of unauthorized access to data and Chinese state influence over content. “I can’t explain how hard and complex this is… We’ve been working on this for close to two years,” he said.
TikTok’s U.S. data security initiative — internally named “Project Texas” — is largely a product of the company’s ongoing negotiations with the inter-agency Committee on Foreign Investment in the United States, which first opened an investigation into TikTok’s national security risks in 2019.
‘Project Texas’ will emphasize third-party oversight
The initiative’s title references its partnership with Austin-based software company Oracle, which will house U.S. user data and review TikTok source code.
In June 2022, TikTok wrote in a letter to several senators that all U.S. user data was being being routed to Oracle by default and that the company would eventually “delete U.S. users’ protected data from our own systems and fully pivot to Oracle cloud servers located in the U.S.”
Another key component of Project Texas is a new subsidiary entity, TikTok U.S. Data Security, Inc., which will replicate many of TikTok’s existing processes for U.S. users with several additional layers of oversight. USDS will be governed by an independent board of directors, which in turn will report to CFIUS.
Including Oracle, USDS and CFIUS, Farrell said that “at least seven independent third parties” would be overseeing TikTok’s U.S. data security operations.
“We’re breaking new ground here — no one’s ever done anything like this before,” Farrell said. “Essentially what we’re doing is every single line of code… every single line of code has to be inspected by Oracle and another third-party source code inspector approved by the U.S. government.”
Oracle and the third-party inspector will also thoroughly check the moderation models and recommendation algorithms to ensure that they don’t have “a bias or political agenda,” Farrell said.
Many lawmakers still skeptical about TikTok’s data security practices
Despite TikTok’s efforts, the legislation proposed by Warner and Thune sets the stage for a national ban of the platform — and several other members of Congress have previously indicated their potential support.
In February, Sens. Richard Blumenthal, D-Conn., and Jerry Moran, R-Kan., urged CFIUS to “swiftly conclude its investigation and impose strict structural restrictions between TikTok’s American operations and its Chinese parent company, ByteDance.”
In a letter to Treasury Secretary and CFIUS Chair Janet Yellen, the senators expressed “profound concern” about TikTok’s future U.S. operations and warned that the committee “should not put its imprimatur on a deal with TikTok if it cannot fully ensure our personal data and access to information is free from spying and interference from the Chinese government.”
“Moreover, monitoring and hosting requirements will never address the distrust earned from ByteDance’s past conduct,” the senators added.
In December 2022, the chairs of the House Foreign Affairs Committee and the House Armed Services Committee sent a letter to Yellen and other officials saying that the reported negotiations were “deeply concerning.”
“At present, it does not appear the draft agreement reportedly favored by Treasury would require ByteDance, and by extension [People’s Republic of China] authorities, to give up control of its algorithm,” wrote Reps. Michael McCaul, R-Texas, and Mike Rogers, R-Ala.