Ted Cruz’s questioning of TikTok policy chief Michael Beckerman revealed that the company has no good answers about its China ties.
Ted Cruz’s questioning of TikTok policy chief Michael Beckerman revealed that the company has no good answers about its China ties.
T ikTok probably felt it was safe to send an executive — Michael Beckerman, the head of its public-policy shop — to testify before Congress for the first time ever this week. After all, the furor over the company’s Chinese ownership had fallen out of the headlines, and the Senate Commerce, Science, and Transportation Committee hearing’s focus was “Protecting Kids Online” — a contentious issue, to be sure, but not one that has to do with the app’s role as a Trojan horse for a foreign dictatorship.
TikTok, which is owned by Chinese tech giant ByteDance, has had a good run of late. Upon taking office, President Biden rescinded his predecessor’s orders banning the app, which had in the meantime been blocked by a federal judge, in favor of a broader data-security policy overhaul to be rolled out later. All of that put TikTok’s China ties on the back burner.
Until this week, when a few Republican senators took the opportunity to press Beckerman on his company’s legal obligation to bow to potential Chinese-government demands for U.S. user data. Senators Marsha Blackburn (Tenn.) and Dan Sullivan (Alaska) joined in on the bloodletting, the former homing in on TikTok servers run by Alibaba — the e-commerce giant in a Chinese Communist Party vise — and the latter on the app’s previous censorship of such topics as the Uyghur genocide. But Ted Cruz made the initial and deepest cuts.
During a painful ten-minute exchange with Beckerman, Cruz attempted to get simple yes or no answers to questions about ByteDance’s organizational structure and privacy policy. The structure of the Chinese tech giant, many suspect, is vague by design: to prevent curious Westerners, worried that ByteDance and its subsidiaries are required to submit to any and all of Beijing’s requests under Chinese laws enacted in 2014, 2015, and 2017, in addition to a new data-security law put in place this June, from understanding how the company works. As Cruz sought transparency from Beckerman, the executive’s testimony only exacerbated these concerns.
The questions to which the Texas senator sought answers were straightforward: Does TikTok consider ByteDance to be a part of TikTok’s “corporate group,” as the term is used in its privacy policy? Does Beckerman consider Beijing ByteDance Technology Company (ByteDance’s China-focused subsidiary) to be a part of TikTok’s corporate group and an “other affiliate” per the app’s privacy policy, such that TikTok could share all of the information it collects with that company?
Beckerman fought to provide non-answers, which suggested that, were he to answer plainly, TikTok’s practices would be exposed to even greater criticism.
Why Cruz pressed Beckerman on the minutiae here — focusing on ByteDance and its subsidiaries — has to do with how TikTok presents its privacy policy to its U.S. users. The app’s privacy policy clearly states: “We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group.” If U.S. users agree to the policy, and the two other entities are considered part of the same “corporate group” or an “affiliate” of that group per the policy, then Americans are agreeing to let TikTok potentially share their data with entities based in China that are far more susceptible than TikTok alone to Chinese-government requests for user data. Oh, and that data? TikTok’s privacy policy was updated this summer, as Samantha Hoffman of the Australian Strategic Policy Institute (ASPI) pointed out, so that the app “may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints.” (For now, Beckerman told Cruz, the app doesn’t actually collect that info from U.S. users.)
In short, Beckerman failed to say that TikTok’s privacy policy would bar his company from potentially sending U.S. users’ biometric information to entities that are legally obligated to comply with Chinese government orders. He failed to say that because he was under oath and would face legal ramifications if he were to lie to Congress.
Beckerman’s evasive responses are instructive here. Instead of answering about whether ByteDance is part of TikTok’s corporate group, he first attempted to argue that independent researchers have found that “data that TikTok has on the app . . . is of low sensitivity.” Indeed, University of Toronto researchers did reach that conclusion, and noted that TikTok’s policies are no worse than Facebook’s handling of similar data. But as Cruz pointed out, that wasn’t the question. The Toronto research is irrelevant, because even if TikTok isn’t currently sending U.S. user data to Beijing, its privacy policy, as written, does not prohibit such transfers in the future. Unlike Facebook, which doesn’t operate in China, ByteDance is uniquely susceptible to Chinese government pressure. In fact, the policy affirmatively grants TikTok the ability to send its users’ data to other parties, as long as the data goes to a “parent, subsidiary, or other affiliate” of its “corporate group.” So Beckerman eventually conceded the obvious: that, yes, ByteDance, the parent company, is part of TikTok’s corporate group.
This means that TikTok users assent to having their data transferred to the Beijing-based parent company — which has hosted an “internal party committee” headed by a ByteDance executive since 2017. As Yaqiu Wang of Human Rights Watch wrote, those committee members “regularly gather to study President Xi Jinping’s speeches and pledge to follow the party in technological innovation.”
The TikTok exec put up even more of a fight, however, when Cruz asked about Beijing ByteDance Technology. That subsidiary’s properties include Douyin — the Chinese version of TikTok that, according to ASPI, cooperates with the Xinjiang authorities to spread propaganda whitewashing the Uyghur genocide — and other apps.
Beijing ByteDance Technology is so clearly compromised that were TikTok to admit that it is an affiliate under the policy, that would be tantamount to admitting that TikTok has to honor Chinese-government requests for U.S. user data. In August, the Chinese government took one of the entity’s three board seats, installing Wu Shugang, a longtime party-state official, and taking a 1 percent stake in the subsidiary company via a state-backed investment fund.
Beckerman fell back on an answer emphasizing that Beijing ByteDance Technology “has no affiliation with TikTok” because the former has to do with domestic Chinese licenses not connected with TikTok. That’s a slippery answer, in that it sounds like a no to Cruz’s question. But the question was more specific, and Beckerman’s answer evades saying whether the Chinese subsidiary is an “other affiliate” under the privacy policy.
Cruz asked the question several more times — at least nine times over the course of six minutes — eliciting the same evasive answer. Beckerman grew more visibly frustrated with each iteration of the question, clearly grimacing, until he accused Cruz of lobbing “gotcha questions.” Cruz pressed him again: “Is this company an ‘other affiliate’ as defined in your privacy policy? Yes or no?”
Finally, Beckerman offered this: “Senator, the way I answered — I’m not aware of that. That is the answer to the question.”
If Beckerman could have answered the question with an emphatic no, he would have done so. But he could not and did not deny that TikTok can, according to its privacy policy, send U.S. users’ data to that sister company. So TikTok’s man in Washington walked away from that hearing, his company’s reputation bruised, against the backdrop of the Biden administration’s ongoing review of U.S. data-security policy, a separate TikTok investigation by the Committee on Foreign Investment in the U.S., and congressional GOP proposals to ban the app when the Republicans retake the majority. But at least he didn’t perjure himself.