With Project Texas, security chief Will Farrell says TikTok will work with US partner Oracle to firewall its code and data against interference from the Chinese government or anybody else.
With a non-trivial segment of Washington legislators unwilling to trust TikTok, the social network’s interim US security head gave a talk there Monday about how the American subsidiary of the Chinese firm ByteDance will subject itself to a trust-no-one level of scrutiny.
“The goal here is to have a massive amount of oversight, so you don’t have to take our word for it,” Will Farrell, interim security officer at TikTok US, said in a keynote at the State of the Net tech-policy conference.(Opens in a new window)
Over a quick 15 minutes—a compressed presentation that Farrell called “a bit of a motorcycle ride through an art museum”—he ushered attendees through “Project Texas(Opens in a new window),” TikTok’s attempt with its US partner Oracle to firewall its code and data against interference from the Chinese government or anybody else.
The first of five pillars begins with a new governing entity in the US branch of TikTok’s organizational chart: TikTok US Data Security(Opens in a new window). It will be run by “a completely independent board,” Farell says, consisting of three people with no prior affiliation with TikTok or ByteDance. They must have a fiduciary responsibility to the US government and be approved by the US government.
“This goes beyond what any tech company is going today,” according to Farrell, who notes that the feds could effectively fire him if they were not comfortable with his work. “It’s much closer to government contractors.”
The second pillar consists of a series of technological controls to lock in TikTok’s US operations against possible snooping from overseas. “We’ve taken everything that is TikTok, isolated it and replicated it in the Oracle cloud,” he says, adding that its mobile app will operate inside an Oracle sandbox that will only allow designated data flows.
Third, Farrell tips a software-integrity regime that will have TikTok code audited and will place Oracle in a gatekeeper role for mobile app updates to ensure that these programs aren’t conducting any surreptitious monitoring.
“Every single line of code has to be inspected by Oracle and another third-party inspector certified by the US government,” Farrell says.
The development cycle of TikTok’s mobile apps will in turn get placed in a sort of protective custody with Oracle: “Oracle is actually going to compile the app, and they’re going to hand-deliver it to Apple and Google.”
Farrell did not address how these extra cycles of supervision might hold up bug fixes the next time researchers find a vulnerability in the app.
The fourth pillar involves TikTok’s content recommendation and moderation, which critics have pointed to as potential avenues for Chinese propaganda. Farrell explains that a Content Advisory Council checked by third parties will audit the systems that moderate out unwanted content and recommend and promote content deemed enjoyable by its algorithms.
“They’re going to check every single one of those moderation models,” he says. He expanded on that in an answer to an audience question: “We’re going to be the first company that opens up all of their AI models.”
The fifth pillar will consist of “at least seven independent third parties” to oversee TikTok’s US operations, starting with the Committee on Foreign Investment in the United States. CFIUS can force a foreign owner to sell off a US asset, as it did in 2019 when it compelled the Chinese firm Beijing Kunlun Tech to unload the gay dating app Grindr.
It’s unclear whether these moves or the apparently comparable “Project Clover” planned for Europe (as reported by The Wall Street Journal(Opens in a new window) on Monday) will be enough to appease uneasy policymakers in the US, Canada, the European Union, and other parts of the West.
Meanwhile, US lawmakers have yet to get close to passing a privacy bill that might curb the trade in personal data collected from smartphone apps—an information flood that China and most any other country with sufficient funding can tap into at their leisure.
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
Advertisement
Rob Pegoraro writes about interesting problems and possibilities in computers, gadgets, apps, services, telecom, and other things that beep or blink. He’s covered such developments as the evolution of the cell phone from 1G to 5G, the fall and rise of Apple, Google’s growth from obscure Yahoo rival to verb status, and the transformation of social media from CompuServe forums to Facebook’s billions of users. Pegoraro has met most of the founders of the internet and once received a single-word email reply from Steve Jobs.
Read Rob’s full bio
Advertisement
PCMag.com is a leading authority on technology, delivering lab-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
PCMag supports Group Black and its mission to increase greater diversity in media voices and media ownerships.
© 1996-2023 Ziff Davis, LLC., a Ziff Davis company. All Rights Reserved.
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.