Right here’s what to anticipate from lawmakers who will grill TikTok’s CEO on privateness, safety and youngster security

In a extremely anticipated congressional listening to, TikTok CEO Shou Chew will testify in entrance of the Home Power and Commerce Committee Thursday to handle lawmakers’ considerations in regards to the affect of its Chinese language dad or mum firm, its strategy to coping with kids’s psychological well being points and general knowledge safety practices.

The listening to comes as Congress weighs laws that will empower the Biden administration to ban TikTok together with different overseas apps that many politicians in Washington and across the nation say pose a U.S. nationwide safety menace.

In line with his ready testimony, Chew is able to dispute these claims, asserting that TikTok’s dad or mum firm ByteDance is “not an agent of China.” He’ll make the case that TikTok’s $1.5 billion plan (Mission Texas) to firewall People’ knowledge in U.S.-based Oracle servers will put to relaxation any considerations about TikTok’s origins.

Up to now, the Biden administration has not been swayed by the plan and, presently, TikTok reportedly faces an ultimatum: divest its Chinese language proprietor or face a possible ban. Whereas nationwide safety continues to be more likely to be a key theme of Thursday’s listening to, stepping into entrance of the Home’s client safety committee implies that TikTok will even face a few of the questions on privateness and on-line security that its trade friends have additionally been scrutinized over.

Listed here are a few of the key questions Congress could ask:

What knowledge does TikTok accumulate?

In his written testimony, Chew says that TikTok collects “a restricted quantity of data when folks arrange an account, corresponding to date of delivery and username.” The corporate additionally requires an e-mail or a cellphone quantity. He additionally notes what the platform doesn’t require, corresponding to actual names, employment or relationship standing. In line with the testimony, “present variations of the app don’t accumulate exact or approximate GPS [location] knowledge from U.S. customers.”

TikTok’s phrases of service state that the additionally routinely collects data “corresponding to your IP deal with, person agent, cell provider, time zone settings, identifiers for promoting functions, machine IDs, approximate location based mostly in your SIM card and/or IP deal with, keystroke patterns for rhythms, linked audio gadgets.”

Combos of that data can go a great distance in monitoring a person throughout the web and, as a couple of researchers have proven, doubtlessly deanonymizing them. It’s one thing that has sparked privateness considerations about each main tech firm, not simply TikTok.

“One factor that we’re looking for and that we’ve really useful to [members of Congress] is asking questions surrounding the monitoring practices TikTok deploys on gadgets and throughout websites to observe person engagement,” stated Willmary Escoto, U.S. coverage analyst for digital rights group Entry Now.

Entry Now wrote a letter to TikTok in February urgent the corporate on its “Targeted View” instrument, which guarantees to ship adverts to customers who’re most definitely to have interaction for not less than six seconds. Escoto stated Congress must ask if TikTok has studied the potential privateness and human rights affect of the characteristic.

The underside line, consultants say, is that Congress must cross laws that will restrict how all firms accumulate person knowledge, not simply TikTok. It’s one thing the Home Power and Commerce Committee has already expressed a want to do, passing out of committee final yr federal privateness laws that will have positioned guardrails on what knowledge firms can accumulate and use.

“When you’re involved about knowledge practices by TikTok you must be equally involved about U.S. firms doing the identical factor,” stated Calli Schroeder, senior counsel and world privateness counsel on the Digital Privateness Info Heart. “They could say there isn’t the identical nationwide safety angle with U.S. firms however there may be as a result of these firms which can be siphoning up all this knowledge are additionally promoting it. There must be a common commonplace for what’s and isn’t allowed.”

TikTok’s CEO says the corporate “absolutely endorse[s] congressional efforts to undertake complete federal privateness laws.”

How is TikTok defending teenagers?

Youngsters’s privateness and on-line security have change into the trigger du jour for the Home Power and Commerce Committee and social media firms are on the heart of the dialogue. TikTok isn’t any exception.

Because the identify of the listening to suggests, members of Congress plan to probe points together with media stories in regards to the exploitation of kids on TikTok and points relating to teen psychological well being. Given committee efforts to cross two items of laws on this entrance, the problem will probably get important play throughout the listening to.

“TikTok’s colossal data-gathering practices have given them the flexibility to tailor content material at an unprecedented degree. With TikTok’s recognition, this actually has nationwide safety implications, however we can not overstate the unbiased threats to the well being, security and well-being of younger People,” Rep. Doris Matsui, D-Calif., rating member of the Home Power and Commerce Subcommittee on Communications and Expertise, stated in an e-mail to CyberScoop. “This systematic churn of data epitomizes the problematic focusing on of our kids, teenagers, and most weak customers … My precedence will proceed to be defending our kids from these exploitative practices and holding firms accountable.” 

In his written testimony, Chew factors to a number of precautions the corporate has taken to guard teenagers, together with limiting display time for customers beneath 18 by default and dealing with the Nationwide Heart for Lacking & Exploited Youngsters. Chew stated TikTok helps potential updates to federal kids’s privateness legislation in addition to conversations round age verification, each gadgets Congress is contemplating.

Sen. Ed Markey, D-Mass., co-author of the unique Youngsters’s On-line Privateness Safety Act, has already used the listening to to resume requires passing an up to date model, which he plans to reintroduce. “Right here’s the fact: asserting that TikTok stands alone because the one platform that poses a critical surveillance menace to our nation’s youth is intentionally lacking the Massive Tech forest for the TikTok tree,” Markey stated in an announcement. “My replace to the Youngsters’s On-line Privateness Safety Act provides younger folks and their mother and father a web based invoice of rights that will rein in Massive Tech and cease these firms from placing earnings over folks.”

How will TikTok sustain its dedication to transparency?

TikTok has made opening the hood to its inside workings a key promoting level of its proposed settlement with the administration. In February, the corporate launched a analysis API permitting U.S. tutorial researchers to investigate public content material. It’s a stark distinction to how friends corresponding to Twitter, which minimize off entry to its API solely, and Fb, which has gone after researchers in court docket, have approached the problem.

Rep. Lori Trahan, D-Mass., plans on asking Chew in regards to the latest announcement and the way it intends to ensure researchers have ample entry, in keeping with her workplace.

How has TikTok handled previous worker violations of person privateness?

One of many clearest examples to this point of TikTok’s Chinese language possession posing a menace to customers is when workers of its dad or mum firm ByteDance accessed TikTok knowledge to spy on two U.S. journalists to smell out leaks on the firm. TikTok acknowledged the violation and the workers had been fired, however the scandal raised main considerations about what other forms of spying might be occurring on the platform. Forbes and different shops reported this month that the Justice Division is now investigating the incident.

Chew says in his written testimony that he has “zero tolerance” for the habits and TikTok has since restructured the division and put new insurance policies in place. However consultants say that Congress can’t ignore the corporate’s previous points.

“I’m all for shifting ahead, however I feel this is among the occasions the place we are able to’t ignore previous practices both,” stated Brandon Pugh, coverage director of cybersecurity and rising threats on the R Avenue Institute. He stated that it’s essential for Congress to know what TikTok’s knowledge assortment practices had been earlier than Mission Texas in addition to the newest data on TikTok’s course of to delete all historic U.S. person knowledge.

It’s price noting that TikTok isn’t the primary tech big to have workers inappropriately entry person knowledge. In 2014, an Uber supervisor accessed the information of a journalist writing in regards to the firm.  In August, the U.S. convicted two Twitter workers for accessing firm knowledge to spy on Saudi dissidents. In testimony in entrance of the Senate Judiciary Committee, Twitter’s former head of safety Peiter “Mudge” Zatko alleged that the corporate lacked protocols to trace how workers accessed inside knowledge and could be blind to extra spying because of this.

What affect might the corporate’s partnership with Oracle have on client privateness?

Mission Texas hinges on TikTok’s enterprise partnership with Oracle, which, as of June, has been routing all American knowledge for the app. Oracle additionally began auditing TikTok’s algorithms and content material moderation in August, Axios reported. The partnership has raised eyebrows from privateness advocates given Oracle’s data-tracking enterprise arm.

A TikTok spokesperson instructed CyberScoop that Oracle’s entry is expounded solely to its function in Mission Texas to audit and monitor TikTok’s compliance with its commitments to the U.S. In 2020, privateness advocates stated TikTok’s reference to Oracle, a well known knowledge dealer, might pose a threat to customers. In response, Oracle stated these worries amounted to “hypothesis, hyperbole and innuendo.”

Congress ought to have critical questions for the White Home, too.

Whereas Chew can be within the scorching seat, most of the looming questions on a potential TikTok ban are ones that solely the Biden administration can reply. Civil liberties teams, privateness consultants and a few members of Congress say that the administration has but to indicate what China can get from TikTok that it couldn’t purchase from America’s sturdy knowledge dealer trade, one which has thrived in no small half as a result of a scarcity of federal privateness protections.

“I’d actually like to listen to from the administration what they suppose China can do with TikTok knowledge that they will’t do with knowledge from different knowledge brokers,” stated EPIC’s Schroeder.