security

TikTok Has Exposed Celebrities, Politicians' Closest Personal … – Forbes


TikTok and ByteDance staff around the world have been able to freely access the friend lists of the First Family, top internet stars and other public figures, creating national security risks in a heated election year and endangering the privacy of some of the most powerful people on the planet.

By Alexandra S. Levine, Forbes Staff


Beyonce. Ed Sheeran. Charli D’Amelio. The Bidens. Members of Congress. Abortion activists.

They’re just a handful of the high-profile celebrities and public figures whose closest contacts could be searched and scrutinized by nearly any TikTok or ByteDance employee around the world this year with few restrictions, according to people familiar with one of the company’s social graph tools and a trove of internal images, videos, audio and communications related to it that were obtained by Forbes.

Every major social media platform maintains granular information showing who its users are connected to and how—whether they’re closed, private accounts with a small network or open, public handles with tens of millions of followers. The companies also have tools that help them analyze that data. In that way, TikTok is no different than its rivals.

But people who’ve worked there—and at competitors like Meta—believe the social mapping tools used by TikTok and its Chinese parent ByteDance may allow more extensive monitoring of users than those at other companies. What sets TikTok apart, they say, is the apparent lack of controls that exist on such intimate data; the ease with which it can be mined by workers who don’t need access to it; and the inferences staff can make about individual users and their social circles from that data. And despite the company publicly arguing otherwise, sources and experts say that TikTok’s Chinese ownership—and the ability to access such sensitive data in China—magnify concerns over how the tool might be abused.

“Most of the people that will use these things will be responsible, but there is a threat coming from inside the house, too,” said Brian Fishman, former director of Facebook’s team countering terrorism and dangerous organizations. At TikTok, that threat is driven not only by “bigger-picture ownership questions” but also by the possibility that, like at other tech companies, intelligence agents could embed in the workforce and use internal tools to try to gather information on certain users, he said.

Twitter’s former head of security last year told the U.S. government the company had discovered spies and foreign agents on its payroll who were doing just that. The Justice Department also recently sentenced a Saudi Arabian national employed by Twitter to years in federal prison for using the app to spy on critics and political dissidents. U.S. officials have also expressed serious concerns about the Chinese government gathering intel through Americans’ personal contacts and trying to plant or recruit personnel at tech companies, including by mining prospects on LinkedIn.

“Any tool that allows you to connect data points, in the hands of a smart investigator, is a powerful tool,” Fishman added. These tools “need to be restricted in their use, and that use needs to be monitored to make sure that it’s actually suiting an appropriate business need, rather than some kind of personal agenda or political agenda. Both of those are risks.” (Facebook limits access to these kinds of tools and has mechanisms in place to monitor usage and investigate violations, noted Fishman, who left the company at the end of 2021.)

Readers Also Like:  SailPoint extends identity security platform with data security - TechTarget

To protect our sources, Forbes did not disclose the name of the tool to TikTok. Instead, we sent the company a detailed description of the tool and a list of questions about it. TikTok responded that this decision ran “contrary to commonly observed journalistic standards.”

Forbes has refused to provide the name of the specific tool in question, making it impossible for us to address the claims in this story or provide additional context, something readers should bear in mind,” TikTok spokesperson Alex Haurek said in a statement. “We have safeguards in place for our tools and limit access to employees who need it to do their jobs.”

The company did not answer questions about what these safeguards are and whether there are oversight processes in place to monitor usage—and potential abuse—of this type of tool. It would not say whether there are any known instances of misuse of such a tool by people working at or with TikTok or ByteDance, including in China.

In audio obtained by Forbes, a senior TikTok leader suggested it could be problematic if anyone using the tool were able to easily grab information on a cohort of people who support abortion or another polarizing issue.

Some 150 million Americans—nearly half of the United States—use TikTok today, despite persistent scrutiny and national security debates that have threatened to shut down the video app nationwide. Businesses use TikTok to connect with customers. Lawmakers and candidates for office use TikTok to reach constituents. Artists use TikTok to share their work. Activists use TikTok to organize. And fears that the Chinese-owned platform could be used to manipulate political, social or cultural discourse or surveil U.S. citizens have done little to slow that virality. The 2024 presidential race is likely to be an even greater boon to the app, which people are increasingly turning to for news.

Social mapping tools like the ones employed by TikTok and ByteDance can be crucial during high stakes events like elections, helping companies detect influence operations and root out bad actors at home or abroad. There are other legitimate use cases for safety as well: understanding who is connected, and how, can help companies track down potential predators or other groups attempting illegal activity through an app. But some employees who’ve focused on privacy and security at TikTok worry about the fact that nearly anyone with default access to company tools—including staff in China—have been able to easily look up the closest (sometimes deeply personal) contacts and sprawling networks of any account, public or private, on the backend. (It’s generally impossible, or extremely difficult, for the average person to glean this level of insight on the front-end.) Experts and sources described how this could facilitate efforts to sow public dissent, spread disinformation, commit espionage, or dox, bribe and blackmail certain users.


Got a tip about TikTok or ByteDance? Reach out securely to Alexandra S. Levine on Signal/WhatsApp at (310) 526–1242, or email her at alevine@forbes.com.


In audio obtained by Forbes, a senior TikTok leader suggested that it could be problematic if anyone using the tool were able to quickly and easily grab information on a cohort of people who support abortion or another polarizing issue. Some of the materials reviewed by Forbes show how the tool could target high-profile people who may be pro-choice, critical of the Chinese government, involved with labor unions or from certain countries, including Ukraine and Russia—in turn revealing all of their connections, who are likely to have similar political beliefs.

Readers Also Like:  'Vulkan' Leak Offers a Peek at Russia's Cyberwar Playbook - WIRED

“If you want to start a movement, if you want to divide people, if you want to do any kind of operation to influence the public on the app, you can just use that information to target those groups,” another person familiar with the tool told Forbes earlier this year. A previous Forbes investigation into the same tool revealed how employees could use it to sift through the same sensitive social information of users in India, despite TikTok being banned there years earlier. The person familiar noted that this demographic data, especially on TikTok’s unmatched Gen Z userbase, could also be highly valuable for commercial purposes.

One query of a male public figure appeared to reveal that he’d been engaging with a prominent Hollywood actress, an OnlyFans star and the female editor-in-chief of a magazine.

A Forbes review of the internal tool—and extensive company materials related to it—show the ease with which employees whose jobs don’t rely on it have been able to use the tool to pull up sensitive information about strangers, acquaintances and major figures in the public eye. All that was needed was a TikToker’s unique identifier or UID, a string of numbers that links each user to extensive company data about them on the backend. Staff could plug that ID into the social mapping tool to retrieve a list of the user’s connections and information about them, with the ability to sort hundreds of friends and acquaintances from closest social ties to more distant ones. Some of these contacts appeared to be people the account was following, and others, phone contacts who that user may have given TikTok access to. (When downloading the app, a popup asks for users’ permission to “sync your contacts to easily find people you know on TikTok,” and you can also opt to sync your Facebook friends, giving TikTok instant access to your entire social network. Users who decline are repeatedly urged, with ever-more aggressive popups each time they open the app, to allow TikTok to access and sync their contacts.)

Take TikTok’s biggest female star, Charli D’Amelio, as an example. Looking at her profile through the TikTok app, it’s not possible to see the small number of people she’s following; the list is hidden due to her privacy settings. But inside the company, employees have been able to plug in her UID—which one source joked is widely known across the workforce—to pull up her contacts, including other internet stars, top musicians, investors and friends.

The tool can also offer an inside look at people’s private personal lives and expose their relationships, a danger for celebrities and average citizens alike that they may not even be aware of. One query of a male public figure appeared to reveal that he’d been engaging with a prominent Hollywood actress, an OnlyFans star and the female editor-in-chief of a magazine, according to materials reviewed by Forbes. Fishman, the former Facebook executive, said exploiting these types of tools to snoop on exes or love interests is more pervasive at tech companies, and can have a greater personal impact, than some of the political possibilities—and just as important to protect against. (This has happened at Facebook itself.)

Readers Also Like:  Coding Tips to Sidestep JavaScript Vulnerabilities - Dark Reading

Other searches in the TikTok tool retrieved the close ties of top CEOs, actors, creators and journalists, which could undermine the safety of their sources. They also fetched the contacts of several Biden family members, U.S. senators, governors, state attorneys general, candidates for public office, political pundits and official campaign accounts. (Forbes has omitted their names to protect both the people whose data is exposed and our sources.) The tool even provided the social circles of the very TikTok executives who have been negotiating with the Biden administration on a national security deal to allay concerns about how the company is handling Americans’ data. TikTok did not comment on any of the specific cases or public figures mentioned in this story. It also did not comment on what it is doing ahead of the 2024 election to safeguard the sensitive information of high-profile users including political figures and those running for office.

“It’s clearly a national security issue. … And in an election year, the stakes are higher.”

Former NSA general counsel Glenn Gerstell

Former National Security Agency general counsel Glenn Gerstell said the problem is much broader than TikTok and that so long as the U.S. fails to pass a national data privacy law, similar issues will persist across most every social media platform. But the differentiating factor here is that TikTok is owned by a Chinese entity that is ultimately subject to the demands of the Chinese government, he said, elevating the tool beyond solely a privacy threat to a possible national security issue as well.

“There’s a real potential there for it to be misused in the hands of a country that is adverse to us, especially in times of conflict, so it’s clearly a national security issue,” Gerstell told Forbes. “I could well see how such information could greatly facilitate the Chinese government’s efforts at disinformation, their efforts at bribery and blackmail, and their efforts at turning people into agents spying for China.”

Having access to any TikTok user’s expansive social web “could sharpen their ability to spread disinformation, either about a candidate or about a policy or about a news development, because they know who talks to whom and how things can spread and where to ‘seed’ fake news so it’s most effective,” he added. “And in an election year, the stakes are higher. Passions run higher. Things move more quickly. So, if completely unchecked, there’s the potential for a bad outcome.”

Emily Baker-White contributed reporting.

MORE FROM FORBES

MORE FROM FORBESThe Words TikTok Parent ByteDance May Be Watching You SayMORE FROM FORBESTikTok Creators’ Financial Info, Social Security Numbers Have Been Stored In ChinaMORE FROM FORBESTikTok Lawyer Says Journalists Are Part Of ‘Anti-TikTok Disinformation’ CampaignMORE FROM FORBESAs TikTok Ban Looms, ByteDance Battles Oracle For Control Of Its AlgorithmMORE FROM FORBESTikTok Has A Matchmaking Service For Employees To Set Up Their Colleagues



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.