Following an internal investigation, TikTok owner ByteDance today confirmed reports from this fall that some of its employees used the popular app to track multiple journalists, including two in the US. The goal of the ByteDance employees? According to The New York Times, to identify anonymous sources who leaked information to the media about the company’s ties to the Chinese government.
Forbes reported that several reporters from its own publication “were part of this covert surveillance campaign.” A Buzzfeed reporter and British Financial Times journalist Cristina Criddle were also under surveillance, FT reported. ByteDance employees reportedly accessed reporters’ TikTok accounts to obtain IP and user data, assessing whether there was any overlap with known locations of ByteDance employees suspected of leaks. ByteDance confirmed that this tactic became so widespread that its employees also monitored the records of some of the journalists’ associates.
According to Forbes, ByteDance has fired Chris Lepitak, the chief internal auditor responsible for the company’s Internal Audit and Risk Control department. ByteDance confirmed that Lepitak’s team was behind the surveillance campaign. In October, Forbes reported that Lepitak was also apparently seeking information on the “location and details of the Oracle server central to TikTok’s plans to restrict foreign access to personal U.S. user data.” That server is key to the Biden administration’s ongoing discussions with TikTok over national security concerns, with the US increasingly wary of China-based ByteDance employees accessing data stored in the US.
Forbes accessed one internal email from TikTok General Counsel Erich Andersen, who confirmed that Lepitak’s team “abused their authority to access TikTok user data” when tracking journalists.
FT reported that four employees were involved and Forbes reported that ByteDance laid off two employees in the US and two in China. ByteDance spokesperson Hilary McQuaide echoed Andersen’s email in a statement saying that “the misconduct of certain individuals, who are no longer employed by ByteDance, was a flagrant abuse of their authority to access user data.”
Ars could not immediately reach ByteDance for comment.
Earlier today, Reuters reported that TikTok began offering the US more concessions, seemingly willing to take any step but putting itself up for sale to allay concerns about China-based employees having access to US user data. The deal will be much harder to close after ByteDance confirmed that US journalists and citizens have already been tracked by China-based employees. Some US lawmakers have already voted to remove TikTok from government devices, and Congress is considering passing a nationwide ban.