TikTok’s chief security officer says in new court documents that the US Commerce Department has mischaracterized how the app stores and secures user data, as the company renews its motion for a preliminary injunction against the Trump administration’s looming ban.
Roland Cloutier, global chief security officer for TikTok, says in a new court filing, in advance of an upcoming hearing in the US District Court for the District of Columbia, that the Commerce Department made several incorrect assertions about the company’s data security policies and practices.
Cloutier says a September memo from the Commerce Department outlining specific concerns with the app is inaccurate in stating TikTok is not separate from the Chinese version of the app — called Douyin — or from parent company ByteDance’s systems, and that “functionality including storage, internal management, and algorithms is still partially shared across other ByteDance products.”
He says the software stack comprising TikTok is “entirely separate” from the Douyin software stack, meaning each app’s source code and user data are maintained separately.
The government also mischaracterized how TikTok stores US user data, Cloutier says. The commerce memo states that TikTok leases servers from Alibaba Cloud in Singapore and China Unicom Americas (CUA) in the US, which constitute “significant risks.”
Cloutier says CUA provides data center space — the building and electricity — for TikTok, but doesn’t provide servers. ByteDance owns and operates all servers that are stored within the CUA facility, Cloutier says, and the servers are locked within a cage in the facility.