WASHINGTON — U.S. lawmakers grilled the CEO of TikTok over data security and harmful content Thursday, responding skeptically during a tense committee hearing to his assurances that the hugely popular video-sharing app prioritizes user safety and should not be banned.
Shou Zi Chew’s testimony came at a crucial time for the company, which has acquired 150 million American users but is under increasing pressure from U.S. officials. TikTok and its parent company ByteDance have been swept up in a wider geopolitical battle between Beijing and Washington over trade and technology.
In a rare bipartisan effort to reign in the power of a major social media platform, Republican and Democratic lawmakers pressed Chew on a host of topics, ranging from TikTok’s content moderation practices, how the company plans to secure American data from Beijing, and its spying on journalists.
“Mr. Chew, you are here because the American people need the truth about the threat TikTok poses to our national and personal security,” Committee Chair Cathy McMorris Rodgers, a Republican, said in her opening statement. “TikTok has repeatedly chosen a path for more control, more surveillance and more manipulation.”
Chew, a 40-year-old Singapore native, told the House Committee on Energy and Commerce that TikTok prioritizes the safety of its young users and denied allegations that it’s a national security risk. He reiterated the company’s plan to protect U.S. user data by storing all such information on servers maintained and owned by the software giant Oracle.
“Let me state this unequivocally: ByteDance is not an agent of China or any other country,” Chew said.
On Wednesday, the company sent dozens of popular TikTokers to Capitol Hill to lobby lawmakers to preserve the platform. It has also been putting up ads all over Washington that promise to secure users’ data and privacy, and create a safe platform for its young users.
TikTok has been dogged by claims that its Chinese ownership means user data could end up in the hands of the Chinese government or that it could be used to promote narratives favorable to the country’s Communist leaders.
In 2019, the Guardian reported that TikTok was instructing its moderators to censor videos that mention Tiananmen Square and other images unfavorable to the Chinese government. The platform says it has since changed its moderation practices.
ByteDance admitted in December that it fired four employees last summer who accessed data on two journalists, as well as other people connected to them, while attempting to track down the source of a leaked report about the company.
For its part, TikTok has been trying to distance itself from its Chinese origins, saying that 60% percent of its parent company ByteDance is owned by global institutional investors such as Carlyle Group. ByteDance was founded by Chinese entrepreneurs in Beijing in 2012. Responding to a Wall Street Journal report, China said it would oppose any U.S. attempts to force ByteDance to sell the app.
Chew pushed back against the idea that TikTok’s ownership was an issue in itself.
“Trust is about actions we take,” Chew said. “Ownership is not at the core of addressing these concerns.”
In one of the most dramatic moments, Republican Rep. Kat Cammack displayed a TikTok video that showed a shooting gun and a caption that included the House committee holding the hearing, with the exact date before it was formally announced.
“You expect us to believe that you are capable of maintaining the data security, privacy and security of 150 million Americans where you can’t even protect the people in this room,” Cammack said to Chew.
Lawmakers sought to paint a picture of TikTok as a Chinese-influenced company interested in gaining profit at the cost of Americans’ mental and physical health. Committee members showed a host of TikTok videos that encouraged users to harm themselves and commit suicide. Many questioned why the platform’s Chinese counterpart, Douyin, does not have the same controversial and potentially dangerous content as the American product.
Chew responded that it depends on the laws of the country where the app is operating. He said the company has about 40,000 moderators that track harmful content as well as an algorithm that flags material.
“I don’t think I can sit here and say that we are perfect in doing this,” Chew said. “We do work very hard.”
A U.S. ban on an app would be unprecedented and it’s unclear how the government would enforce it.
Experts say officials could try to force Apple and Google to remove TikTok from their app stores. The U.S. could also block access to TikTok’s infrastructure and data, seize its domain names or force internet service providers like Comcast and Verizon to filter TikTok data traffic, said Ahmed Ghappour, a criminal law and computer security expert who teachers at Boston University School of Law.
But a tech savvy user could still get around restrictions by using a virtual private network to make it appear the user is in another country where it’s not blocked, he said.
To avoid a ban, TikTok has been trying to sell officials on a $1.5 billion plan called Project Texas, which routes all U.S. user data to domestic servers owned and maintained by Oracle. Under the project, access to U.S. data is managed by U.S. employees through a separate entity called TikTok U.S. Data Security, which employs 1,500 people, is run independently of ByteDance and would be monitored by outside observers.
As of October, all new U.S. user data was being stored inside the country. The company started deleting all historic U.S. user data from non-Oracle servers this month, in a process expected to be completed later this year, Chew said.
Generally, researchers have said TikTok behaves like other social media companies when it comes to data collection. In an analysis released in 2021, the University of Toronto’s nonprofit Citizen Lab found TikTok and Facebook collect similar amounts of user data.
To block such tracking, Congress, the White House, U.S. armed forces and more than half of U.S. states have banned the use of the app from official devices.
But wiping away all the data tracking associated with the platform might prove difficult. In a report released this month, the Cybersecurity company Feroot said so-called tracking pixels from ByteDance, which collect user information, were found on 30 U.S state websites, including some where the app has been banned.
Other countries including Denmark, Canada, Great Britain and New Zealand, along with the European Union, have already banned TikTok from devices issued to government employees.
David Kennedy, a former government intelligence officer who runs the cybersecurity company TrustedSec, agrees with restricting TikTok access on government-issued phones because they might contain sensitive information. A nationwide ban, however, might be too extreme, he said.
“We have Tesla in China, we have Microsoft in China, we have Apple in China. Are they going to start banning us now?” Kennedy said. “It could escalate very quickly.”
Associated Press reporter Kelvin Chan contributed to this story from London.
This story has been corrected to show Oracle is a software giant, not a server giant.