The use of the Beijing-based TikTok app by U.S. military service members on their personal phones poses a risk to U.S. national security, a Federal Communications Commission (FCC) official has said.
Most American service members fail to see TikTok as a national security threat, Commissioner Brendan Carr told a House hearing on protecting service members and veterans from scams.
“They treat it as just another app for sharing funny videos or memes. But that’s simply the sheep’s clothing,” Carr said.
TikTok faces scrutiny because its ownership by the Chinese company ByteDance means it must comply with the Chinese Communist Party’s (CCP) direct requests for access to user data under China’s 2017 National Intelligence Law.
Videos of barracks, military equipment, and maneuvers both in the United States and overseas have been uploaded on TikTok as part of a viral trend. In addition, data has also been harvested from wearable fitness devices that collect location data.
“With TikTok, this is a device right in your pocket. It’s going inside of the military installations. You’re looking at location data, which can give people information about troop movements,” Carr said. “There’s a range of ways of that, you know, sensitive data going back to Beijing. With their sophisticated AI, it could ultimately be used to harm U.S. national security.”
In a summary of his testimony at the hearing held by the national security subcommittee of the House Committee on Oversight and Reform, Carr said that TikTok functions as a “sophisticated surveillance tool” at its core.
The app “harvests extensive amounts of sensitive data, from search and browsing history to keystroke patterns, location data, and biometrics including face prints and voiceprints,” he said.
The flow of this data from TikTok to Beijing is of growing concern, especially given that FBI Director Christopher Wray and MI5 Director General Ken McCallum said the CCP is the greatest threat the world faces, Carr noted.
TikTok is a hugely popular short-format video platform that allows users to create, share, and view 15-second videos, often featuring singing, dancing, or comedy. Started in China as “Douyin” in September 2016, it attracted 100 million Chinese users within one year.
The app was relaunched as TikTok internationally in September 2017, attracting dozens of A-list celebrity users and partnerships with the NBA, NFL, and Comedy Central.
By 2020, TikTok reported nearly a billion active users worldwide—less than four years after its launch.
Despite being banned on official military devices, TikTok has grown in popularity among service members and their families. Government officials have urged troops and their dependents to erase the app from their personal phones, Carr noted.
TikTok has for years responded to privacy concerns by making assurances that U.S. data is stored in the United States and not China.
However, Buzzfeed reported on June 17 that 14 statements made by nine different TikTok employees indicated that “engineers in China had access to U.S. data between September 2021 and January 2022, at the very least.”
Following the report, the company admitted that data of TikTok’s U.S. and Australian users can be accessed in mainland China.
“TikTok has engaged in a pattern of misrepresentations regarding both the amount and extent of data it’s collected, as well as how much has been accessed from inside China,” Carr said.
The flow of TikTok’s U.S. user data into China is “particularly troubling” given the Chinese regime’s “track record of engaging in espionage and other nefarious acts,” he added, noting that the director of the FBI said that “the CCP is set on using every tool at their disposal to achieve its ends.”
“Turns out everything is seen in China,” Carr declared.
In a June 30 letter (pdf) to U.S. lawmakers, TikTok said Buzzfeed’s report contained allegations that are “incorrect and are not supported by facts.”
TikTok said that 100 percent of U.S. user data was stored on Oracle cloud servers in the United States, and backed up at data centers in Singapore.
However, the company admitted that China-based employees can access U.S. data under strict cybersecurity controls and authorization protocols.
In response to a query by U.S. lawmakers regarding the disclosure of U.S. user data to the CCP, TikTok CEO Shou Zi Chew briefly said the company hadn’t received such a request and wouldn’t comply if asked.
Carr dismissed TikTok’s responses, saying that moving U.S. data to Oracle servers “doesn’t eliminate the national security concerns.”
Noting the Buzzfeed report quoting a TikTok employee, he said: “Indeed, one TikTok employee threw cold water on that safeguard, stating, ‘It remains to be seen if at some point product and engineering can still figure out how to get access, because in the end of the day, it’s their tools. They built them all in China.’”
“Given TikTok’s pattern of misrepresenting data flows, I called on Apple and Google recently to apply their App Store policies and remove them from the App Store.
Suggested Actions for US Government
Carr made four recommendations to address the national security risks posed by TikTok.
He urged the Committee on Foreign Affairs and Investment in the United States and the Treasury Department to move faster to complete their national security reviews of TikTok.
He called on TikTok to provide a full accounting of all nonpublic U.S. data that’s been accessed from inside China, and encouraged the Federal Trade Commission to prioritize a federal investigation of the same.
“Fourth, that the government should address the continued use of TikTok on military installations as well as any use that depicts U.S. military operations,” Carr said.
Daniel Teng and Hannah Ng contributed to this report.