With a non-trivial segment of Washington legislators unwilling to trust TikTok, the social network’s interim US security head gave a talk there Monday about how the American subsidiary of the Chinese firm ByteDance will subject itself to a trust-no-one level of scrutiny.

“The goal here is to have a massive amount of oversight, so you don’t have to take our word for it,” Will Farrell, interim security officer at TikTok US, said in a keynote at the State of the Net tech-policy conference.(Opens in a new window) 

Over a quick 15 minutes—a compressed presentation that Farrell called “a bit of a motorcycle ride through an art museum”—he ushered attendees through “Project Texas(Opens in a new window),” TikTok’s attempt with its US partner Oracle to firewall its code and data against interference from the Chinese government or anybody else.

The first of five pillars begins with a new governing entity in the US branch of TikTok’s organizational chart: TikTok US Data Security(Opens in a new window). It will be run by “a completely independent board,” Farell says, consisting of three people with no prior affiliation with TikTok or ByteDance. They must have a fiduciary responsibility to the US government and be approved by the US government. 

“This goes beyond what any tech company is going today,” according to Farrell, who notes that the feds could effectively fire him if they were not comfortable with his work. “It’s much closer to government contractors.” 

The second pillar consists of a series of technological controls to lock in TikTok’s US operations against possible snooping from overseas. “We’ve taken everything that is TikTok, isolated it and replicated it in the Oracle cloud,” he says, adding that its mobile app will operate inside an Oracle sandbox that will only allow designated data flows.

Third, Farrell tips a software-integrity regime that will have TikTok code audited and will place Oracle in a gatekeeper role for mobile app updates to ensure that these programs aren’t conducting any surreptitious monitoring

“Every single line of code has to be inspected by Oracle and another third-party inspector certified by the US government,” Farrell says. 

The development cycle of TikTok’s mobile apps will in turn get placed in a sort of protective custody with Oracle: “Oracle is actually going to compile the app, and they’re going to hand-deliver it to Apple and Google.” 

Farrell did not address how these extra cycles of supervision might hold up bug fixes the next time researchers find a vulnerability in the app.

The fourth pillar involves TikTok’s content recommendation and moderation, which critics have pointed to as potential avenues for Chinese propaganda. Farrell explains that a Content Advisory Council checked by third parties will audit the systems that moderate out unwanted content and recommend and promote content deemed enjoyable by its algorithms. 

Recommended by Our Editors

“They’re going to check every single one of those moderation models,” he says. He expanded on that in an answer to an audience question: “We’re going to be the first company that opens up all of their AI models.”

The fifth pillar will consist of “at least seven independent third parties” to oversee TikTok’s US operations, starting with the Committee on Foreign Investment in the United States. CFIUS can force a foreign owner to sell off a US asset, as it did in 2019 when it compelled the Chinese firm Beijing Kunlun Tech to unload the gay dating app Grindr

It’s unclear whether these moves or the apparently comparable “Project Clover” planned for Europe (as reported by The Wall Street Journal(Opens in a new window) on Monday) will be enough to appease uneasy policymakers in the US, Canada, the European Union, and other parts of the West.

Meanwhile, US lawmakers have yet to get close to passing a privacy bill that might curb the trade in personal data collected from smartphone apps—an information flood that China and most any other country with sufficient funding can tap into at their leisure.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})”>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

The post TikTok Plans to Keep Your Data Safe With a ‘Massive Amount of Oversight’ first appeared on

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

TikTok Plans to Keep Your Data Safe With a ‘Massive Amount of Oversight’

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.
TikTok Plans to Keep Your Data Safe With a ‘Massive Amount of Oversight’

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.

TikTok Plans to Keep Your Data Safe With a ‘Massive Amount of Oversight’TikTok Plans to Keep Your Data Safe With a ‘Massive Amount of Oversight’

You may also like

Notify of
Inline Feedbacks
View all comments

More in Tech News