TikTok’s chief security officer claimed that the social media company’s servers are separate from any of parent company ByteDance's other services.
Roland Cloutier made the statement in a court document defending the app against US Department of Commerce allegations which he said misrepresented TikTok's storage and data security.
The filing follows the company's lawsuit against the US government over an order to ban the app unless its US division is sold to an American company.
Cloutier filed the document in advance of an upcoming hearing at the US District Court for the District of Columbia. He said the department’s assertion that the “TikTok application was not wholly separate from the Chinese application (Douyin) and the systems of ByteDance,” was not accurate.
He added: “Although some of the same underlying ByteDance technology is used for multiple ByteDance products, that does not mean that those products share the same infrastructure. Rather, these technological building blocks are replicated and integrated separately into each product as part of that product's independent “stack,” where they are tailored to the particular product and subject to that product’s security controls.”
Another allegation that Cloutier has refuted is that TikTok’s US data center provider, China Unicom Americas (CUA), poses a security risk. Cloutier says the app only uses CUA for its data center space and electricity in its capacity as a reseller, and CUA does not provide servers. ByteDance owns and operates all of TikTok's servers in the CUA data center, and CUA has no unauthorized access to the servers.
Another allegation concerned whether the app was sending data to China due to the presence of Chinese IP addresses. Cloutier said this happened in legacy versions of the app and subsequent updates have deleted those addresses.
The CSO also addressed concerns that the app was accessing users’ clipboards. Cloutier said this occurred due to the app integrating Google Ads Software Development Kit (SDK) and issues arose because of a bug in SDK that automatically accessed text in a user’s clipboard data and sent it to the TikTok app. However, Cloutier also claimed the company used a program to police its app from spam, which involved verifying text written on the app via the clipboard so text can be verified. The app having access to the user’s clipboard was later patched out, Cloutier said.
The Executive Order issued by President Trump and TikTok's banning was blocked by an injunction on September 27 by the US District Court for the District of Columbia. "The Government will comply with the injunction and has taken immediate steps to do so, but intends to vigorously defend the E.O. (Executive Order) and the Secretary’s implementation efforts from legal challenges," the commerce department said.
Working with the US Department of Justice authorities have now appealed the injunction and a hearing is set for November 4. Should the ban be enacted, TikTok's US operations are expected to be spun off, with its data hosted on Oracle Cloud.