(6th August 2020) By Erich Andersen, General Counsel and Roland Cloutier, Chief Information Security Officer
Over the last several years, we've seen increased concerns about the intersection of consumer services and national security. There is a constant challenge for global platforms that seek to enable users to seamlessly share experiences around a borderless internet, while simultaneously addressing concerns of countries that seek greater "data sovereignty." People want to communicate and share content with each other and they, like all of us, have benefited from global systems. Creating data "silos" in countries challenges the goal of interoperability and free flow of data, but it is indisputable that governments have an obligation to protect their citizens and their information. It is this dichotomy and tension that we hope to address, even if we can’t solve it on our own.
Unfortunately, the laws in many countries, most of which are the products of decades, if not centuries, of legal evolution during a less technically advanced era— are not well developed to meet this challenge and sometimes don’t strike a balance between global interoperability of, for example, consumer services and national interests.
We've seen this tension play out in recent weeks – first in India and most recently in the US. As we've seen governments assert national security concerns in the absence of globally applicable laws that articulate neutral requirements for a level playing field for all businesses, regardless of nationality.
We think there is a better path.
For the last several months, we've been working with our own engineers to identify a way to segment and then safeguard global citizen data. We envision several rings of protection:
- Data Storage
- Access Control
- Data Access Permissions
- Data Transfer Risk Assessments
- Oversight and Accountability
Our approach is one where we start first by looking at data center locations. We have chosen locations that we believe are broadly acceptable to our Community and government policy makers. We announced earlier today that we will be adding a data center in Dublin to serve customers in the EU and the UK. All of these sites will have state of the art physical and network security defenses around these data stores.
We will continue to focus and limit the types of data we collect. There is not a consumer app in the world that is more scrutinized than TikTok right now, and third party experts have noted that we collect less data than our competitors. As part of our continuing commitment to transparency, we disclose the data that we collect, how we use it, and with whom it is shared in our privacy policies, which are regularly updated to align with new laws and to disclose additional scenarios.
Next, we focus on ensuring data access and data transfers are subject to internal controls and appropriate risk assessments. Today, employees who work to support TikTok may access user data to do their jobs, subject to internal data controls, technology safeguards such as encryption, and policies designed to ensure confidentiality of user data.
In the future, we will further restrict access. We will ensure that employees outside the countries where TikTok is available cannot access individual user records. We will limit access for such employees using new, innovative secure development technology that ensures the protection of personal data. This method would allow engineers to run tests to fine tune the operation of our platform, for instance, but restrict access to individual user information.
We think it will be important to work with trusted and qualified vendors to help build these data access systems and take responsibility for oversight and monitoring. There are many world-class organizations that are capable of delivering a solution, as the building blocks are well understood by security technology vendors. We are confident we can deliver a trusted service working with third parties that will fully meet the needs of our community and government leaders.
This approach is not entirely new. It's actually the approach that many governments use to segment access to different data repositories. For example, all governments have tax authorities that store personal tax records. While it may be appropriate for employees of the tax agency to access such records to do their jobs, it may be inappropriate to provide broad access to employees in other agencies. For that reason, the IT department leaders will often segregate tax records so that they can only be accessed by other agencies of the government through controlled interfaces to enable data research and testing. The United States uses similar approaches in other, even more sensitive contexts. For example, the U.S. Government’s consolidated watch list provides different degrees of data access depending on the mission needs of individual agencies.
Roland's time in military and public service organizations gives him first-hand knowledge of the government's expectations and standards for security defense systems. These experiences have given both of us confidence in building similar systems and capabilities for TikTok. We will be applying many of these standards to TikTok so that our system will follow models that are consistent with regulatory entities, government oversight, and our customers.
Of course, in order to have sufficient trust in such a system, there must be a level of third-party oversight. We are currently doing that by inviting security experts to conduct audits of our systems to ensure we have a detailed level of external analysis to prove the security quality of our products. Additionally, we will work with one or more reputable companies to play the role of technology solution provider in our advanced data security and access assurance program.
We hope that in taking these steps we will not only address the reasonable interests held by lawmakers to safeguard access to their citizens' data, but set a new bar in our industry. In our discussions with lawmakers around the world, we are hearing that they are looking for a stronger approach on citizen data storage, access and control across the sector. We believe our plan delivers this. We look forward to discussing our plans in further detail with lawmakers in the months ahead.
To be clear, this approach is going to be both a cost on our business and a limitation that our competitors don't have and won’t have unless laws change or they too choose to more carefully and comprehensively protect data consistent with varied countries’ needs.
We're going to do it nevertheless because we recognize the importance to our stakeholders--including our users and their home country governments--and our responsibility as a global company to be a leader in safety and security. Eventually, we believe countries need to pass laws to create transparent standards and requirements around data access. This will have the added benefit of raising the bar for all participants and ensuring a level playing field that advances competition on the basis of quality innovation and service, rather than diluting competition because of unsubstantiated fears. But until this occurs, we will do our very best both to enable the global sharing of information and differing national standards for how data is protected. This is, in our view, a vastly better way to continue to grow communities like TikTok and avoid the blunt instruments that are national bans on technology solutions.