Short-form video giant TikTok refuted claims made by the Chief Administrative Officer (CAO) of the U.S. House of Representatives last week and called on her to take down a cyber advisory that urged lawmakers to avoid the platform.
A two-page memo from the CAO has been circulating widely around Capitol Hill in recent days, warning that TikTok is a “high-risk” application that “actively harvests” biometric data as well as a range of other user information, including contacts, location, calendar details, SIM card serial numbers, Wi-Fi network names, and photos.
The U.S. House of Representatives’ Chief Administrative Officer has issued a cyber advisory on TikTok, labeling it “high-risk” with personal info accessed from inside China:
— Brendan Carr (@BrendanCarrFCC) August 17, 2022
“we do not recommend the download or use of this application due to these security and privacy concerns.” pic.twitter.com/F87qwFiHhR
“TikTok is a Chinese-owned company, and any use of this platform should be done with that in mind,” the memo said. “The ‘TikTok’ mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved with its use.”
The memo concludes by saying that the CAO does not recommend its staff use or download the app, citing security concerns.
In a response letter obtained by Politico and dated August 11, TikTok’s head of public policy for the Americas Michael Beckerman wrote that the cyber advisory contained “factual inaccuracies” and that the document needed to be rescinded.
Among other things, Beckerman said TikTok stores U.S. user information in company-run data centers in the U.S. and Singapore. The company recently announced that it is routing all U.S. user traffic to Oracle Cloud Infrastructure, and expects to delete personal information from the data centers.
He also denied that the company uses facial recognition technology, nor does it collect precise GPS location in the U.S. “We collect information about a user’s approximate location based, for example, on a user’s SIM card and IP address,” Beckerman said. “As the CAO knows, other applications use this same data for similar purposes.”
Additionally, he said TikTok does not collect various information highlighted in the cyber advisory, such as SIM serial numbers, active subscription information, or integrated circuit card identification numbers.
Beckerman asked to meet with Catherine Szpindor, the CAO, to discuss the cyber advisory and TikTok’s reply.
TikTok did not respond to questions from The Record about whether it has received a response from the CAO.
The post TikTok asks House of Representatives to rescind cyber advisory about company appeared first on The Record by Recorded Future.
Article Link: TikTok asks House of Representatives to rescind cyber advisory about company