TikTok called out for misusing Citizen Lab research

TikTok CEO Shou Zi Chew was questioned in a U.S. government hearing on Thursday over the relationship between the fast-growing social media platform and its Chinese parent company, ByteDance.

In Chew’s pre-written opening statement, the chief executive cited a report from internet watchdog Citizen Lab, saying that “there was no overt data transmission by TikTok to the Chinese government and that TikTok did not contact any servers within China.”

According to Citizen Lab director Ron Deibert, this is a misrepresentation of what the report found.

When Chew’s testimony was published before the hearing, Deibert took to Twitter with a statement, expressing his disappointment with how this research was misconstrued.

According to Deibert, who founded Citizen Lab at the University of Toronto in 2001, researchers found in the 2021 study that they had no insight into what happened with user data once it’s collected and sent back to TikTok’s servers.

Deibert said in his statement, “Although we had no way to determine whether or not it had happened, we even speculated about possible mechanisms through which the Chinese government might use unconventional techniques to obtain TikTok user data via pressure on ByteDance.”

The report also surfaced concerns that TikTok has some dormant code originally written for Douyin, the Chinese version of TikTok.

“We are concerned with the possibility where TikTok’s server-returned configuration values could enable those dormant code written for Douyin, which might lead to China-specific features being enabled,” the report reads.

Congressman Bill Johnson (R-OH) referenced the Citizen Lab report while questioning Chew, pointing out the discrepancies between TikTok’s positioning of the report and what the report actually says.

Per the research, TikTok and Douyin both contain code that can handle a special subset of server-returned search responses. In TikTok’s case, this might apply when a user searches for terms like “suicide,” for example — instead of surfacing videos, the search page will direct the user to a hub of suicide prevention resources.

Douyin has the same module in its code, but it’s more restrictive, since the Chinese government has far greater regulation over speech than the U.S. government.

Citizen Lab’s report says, “Even though the search censorship modules in TikTok and Douyin predefined the same set of restrictions that can be applied, Douyin applied these restrictions differently from TikTok by returning different values from the server.”

Rep. Johnson voiced concern over the similarity of this code.

“Specific censorship parameters from Douyin are present in TikTok, but just turned off,” the congressman said.

Johnson repeatedly asked Chew to say whether or not he had directed engineers to change this code. Chew dodged the question by pointing out that third-party experts have access to monitor TikTok’s code; Johnson admonished him for not answering what he posed as a yes or no question.

This was a constant throughout the hearing, in which congresspeople would ask Chew complicated questions, then demand a one-word response.

In his statement, Citizen Lab’s director pointed out that many of his concerns about TikTok are not unique to that single platform; they mirror those of other U.S.-owned companies.

“The conversation about potential privacy and national security concerns with TikTok should serve as a reminder that most social media apps are unacceptably invasive-by-design,” Deibert wrote.

Read more about the TikTok hearing on TechCrunch