TikTok Inc.
5800 Bristol Pkwy, Suite 100
Culver City, CA 90230
May 4, 2023
Chair Cathy McMorris Rodgers
Ranking Member Frank Pallone, Jr.
U.S. House Committee on Energy and Commerce
Attn: Jessica Herron, Legislative Clerk
2125 Rayburn House Office Building
Washington, D.C. 20515
Dear Chair McMorris Rodgers, Ranking Member Pallone, and Members of the Committee:
Enclosed are responses from TikTok Inc. (“TikTok”) to the Committee’s Questions for the
Record (“QFRs”). TikTok CEO Shou Chew appreciated the opportunity to appear before the
Committee to answer questions, and TikTok likewise welcomes the chance to address the
Committee’s follow-up questions.
All of this is in keeping with TikTok's commitment to transparency and responsiveness in
TikTok's relationship with the Committee. Prior to his testimony, Mr. Chew personally met with
over half the Members of the Committee. TikTok used these meetings as an opportunity not only
to provide information but also to listen carefully to Members’ concerns and incorporate their
feedback into our efforts to constantly improve platform safety and the experience of the more
than 150 million Americans who use TikTok.
Additionally, in the months leading up to the hearing, TikTok provided the Committee with five
briefings on issues including data access and security. TikTok’s briefers stayed until all of the
staff’s questions were answered and addressed follow-up inquiries in writing. TikTok also
provided a sixth briefing, this time on COVID-related content moderation, following the hearing
and again responded in writing to follow-up questions. These briefings supplemented the
documents that TikTok have produced in response to the Committee’s requests.
In keeping with this pattern of engagement, TikTok has endeavored to address the more than 375
QFRs within the 21-day period provided by the Committee. TikTok welcomes the opportunity to
continue to engage in a dialogue on these important issues.
Sincerely,
TikTok
Enclosure
1
Responses to Additional Questions for the Record
The Honorable Cathy McMorris Rodgers
1. On March 21, 2023, Forbes reported that despite TikTok’s 2020 ban in India, TikTok
maintains access to user data. Does TikTok maintain data on citizens of India?
a. If yes, what confidence can this Committee have that American data will be deleted
in a timely manner?
We believe TikTok has fully complied with the Indian ban order since its implementation, which
relates only to preventing public access to the platform in India.
2. What analysis does TikTok perform on users’ contact lists?
Please see this help center page, which provides detailed information about how TikTok may
suggest accounts to users if they choose to share their contact lists with TikTok or based on their
interactions with other account holders. TikTok generally uses contact lists in order to facilitate
in-app connections between users who are connected elsewhere (e.g., via phone contact lists or
on social media platforms).
3. Please detail the steps taken to delete personal data when requested or ordered by a
TikTok user, the parent of a user who is a minor, or others authorized to make such a
request.
All TikTok users in the U.S. can request deletion of their personal information by using TikTok's
webform https://www.tiktok.com/legal/report/privacy or by mailing a request to TikTok. Users
can also delete their account via an account feature within the app. Upon receiving a user's
deletion request, TikTok follows standard procedures to verify the user's identity. Once the
requestor's identity has been verified to be that of the user or a valid agent/representative, the
account is marked for "deletion" and the 30-day grace period begins, during which a user can
change their mind and prevent the deletion of their account. The account is not visible or
accessible by other users during this time. If the user does not take action during the 30-day
period, then their account will be deleted after 30 days. A backup copy, which is accessible only
by internal teams, is kept for 30 more days before being deleted.
Similarly, a parent or guardian may submit a request to delete the information TikTok has
collected from their minor child by contacting TikTok via the webform or mail. TikTok seeks to
verify that the person making the request is the teen's parent or guardian by requiring the person
to submit a completed TikTok’s Parental Access Form, along with limited additional information
about the account, as appropriate and necessary for verification. Upon verification, TikTok
immediately takes the teen's account offline such that it is not visible or accessible by other
users, and all data related to the account is deleted within 30 days.
Data deletion requests are subject to exceptions, as certain information may be retained to
comply with contractual or legal requirements.
2
4. Please outline, by year since 2017, the steps TikTok has taken to protect physical access
to servers containing American data.
TikTok uses reasonable measures to protect information from loss, theft, misuse, unauthorized
access, disclosure, alteration, or destruction. TikTok's physical security responsibilities for the
protection of personnel and property includes, but is not limited to, physical access control,
CCTV monitoring & management, visitor management, and physical security incident
management and reporting.
5. Has TikTok heated content related to any of the following:
a. Members of the Biden Administration, including all political appointees
b. Staff of the Biden Administration
c. Members of Congress
d. Congressional staff
e. Governors
f. State Attorneys General
g. Left of center political activists
h. Right of center political activists
No.
6. What cybersecurity practices does TikTok require of its third-party service providers,
such as content moderators.
TikTok evaluates and qualifies its vendors and third parties based on its third-party risk
management (TPRM) program, which mandates defined security standards. Additionally,
TikTok takes appropriate steps to ensure its security and privacy measures are maintained by
establishing contractual agreements that require vendors to adhere to the same standards of
confidentiality, availability, and integrity TikTok have made to its customers.
7. Please list the office locations which have employees who focus on content moderation
for TikTok’s platform in the United States.
TikTok has content moderators in Nashville and Phoenix. Those teams are supported by trust
and safety employees working on policies and products in Los Angeles, San Francisco, San Jose,
New York, Washington, DC, Gurgaon and Mumbai.
8. Please quantify the number of TikTok employees who focus on content moderation for
TikTok’s platform in the United States.
More than 40,000 people, including employees and contractors, work alongside innovative
technology to keep TikTok safe. More than 5,000 of these people are focused on content
moderation for the United States.
9. Please quantify the number of contractors employed by TikTok for content moderation
for TikTok’s platform in in the United States.
More than 40,000 people, including employees and contractors, work alongside innovative
technology to keep TikTok safe.
3
10. Is TikTok aware of any zero-day or other cybersecurity vulnerabilities related to
unauthenticated access of TikTok’s content moderation backend? If yes, please outline
when the vulnerability was discovered and any steps taken to address it.
TikTok is unaware of any vulnerabilities having been exploited to allow unauthenticated access
to TikTok's content moderation backend.
11. Like other technology companies, TikTok is ingesting data from multiple sources to
best understand its users. This data can come from internal sources such as likes and
view time, or external sources like data brokers or other large data holders. Please
describe the mechanisms TikTok employs today to receive data from outside entities.
a. Technical mechanisms for data collection;
b. Scope and use of data collected;
c. Description of entities providing information;
TikTok receives data from advertising partners through TikTok Pixel and "Events API", which
are part of TikTok Advertiser Tools. Advertisers, measurement and other partners can elect to
use these tools to share information with TikTok about the actions their customers have taken on
their websites and apps or in stores, such as visits to a particular webpage or adding an item to a
shopping cart.
Advertisers who operate mobile apps can also elect to share their customers' in-app activities
through their mobile measurement partners (e.g. AppsFlyer), which collect the in-app events
(e.g. logins) from the advertiser's app and share the events with TikTok and the advertiser's other
ad platforms (e.g. Meta, Snap).
Advertisers and their partners can also share audience lists with TikTok, in the form of mobile
identifiers for advertising (e.g. Android Advertising ID), hashed email addresses and phone
numbers, through TikTok's "Custom Audience" tool. TikTok then matches these advertiser-
shared identifiers to TikTok users to create audiences that advertisers can target their ads to on
TikTok.
TikTok also receives information from third parties if users choose to sign up or log in to TikTok
using a third-party service such as Facebook, Twitter, Instagram, or Google, or link their TikTok
account to a third-party service, including, for example, the user's public profile information
(such as nickname), email, and contact list (with the user's permission) collected by the third
party. Such information is usually transmitted through the third party's API or SDK tools.
12. Please individually confirm you are not collecting or compiling the following
information:
a. Religious or philosophical beliefs;
b. Political opinions;
c. Genetic data;
d. Biometric data;
e. Data concerning health;
f. Data concerning racial or ethnic origin;
The TikTok app does not solicit or request any user to provide religious or philosophical beliefs,
political opinions, genetic data, data concerning health or data concerning racial or ethnic origin
4
as part of the user experience. However, TikTok does not restrict users from voluntarily
providing such information in their user content.
The term "biometric data" does not have a standard, universal definition, and relevant laws
across various jurisdictions define the term differently. TikTok does not collect any face or voice
information that would enable us to identify a unique individual.
From time to time, TikTok conducts user research through surveys and the like. As part of the
survey, the participants may be asked to voluntarily provide certain information, which may
include, for example, their race or ethnicity.
13. Please list all devices manufacturers with which TikTok has signed a pre-install
contract, such that the app is on a device by default.
TikTok has one agreement with a device manufacturer to pre-install that is operational in the
U.S. Market:
- Motorola
It has an additional four contracts with partners to preload devices in the US:
- T-Mobile
- Ironsource
- Digital Turbine
- Inmobi
14. Are there any channels to track formal or informal contact between TikTok employees
and ByteDance employees? ByteDance employees and Chinese government officials or
senior members of the CCP? TikTok employees and Chinese government officials or
senior members of the CCP? Does TikTok have any mechanism to map or report these
interactions?
The company uses an internal communication and collaboration platform. There is no formal
tracking mechanism for external communications.
15. Please quantify how many TikTok employees have a matrixed reporting structure such
that they report to both a TikTok supervisor and a ByteDance supervisor.
Neither ByteDance nor TikTok maintain this type of granular data regarding matrixed reporting
structures.
16. Please provide an organization chart which identifies all reporting relationships, both
formal and informal, between TikTok, ByteDance, and all ByteDance’s subsidiaries and
partners.
Please refer to ByteDance's website and the section entitled "Corporate Structure".
5
17. It was reported that TikTok’s head of e-commerce directly reports to ByteDance’s e-
commerce chief. Is this correct? Are there any other TikTok employees that report
directly to ByteDance employees?
Yes.
18. Please quantify the number of algorithm engineers TikTok employs in the People’s
Republic of China.
Like many global companies, TikTok has engineering teams around the world. As a general rule,
TikTok looks to minimize the number of people who have access to user data and limit it to
those who need the access in order to do their jobs, and Project Texas will restrict access to
protected U.S. user data to USDS personnel. TikTok employs access controls like encryption and
security monitoring to secure data.
19. Please quantify the number of algorithm engineers TikTok employes in the United
States.
Like many global companies, TikTok has engineering teams around the world. As a general rule,
TikTok looks to minimize the number of people who have access to user data and limit it to
those who need the access in order to do their jobs. TikTok continually assesses and reassigns
engineering resources to meet business needs.
20. Please provide the address of TikTok’s office location in Beijing.
TikTok does not have a dedicated office in Beijing and the TikTok app is not available in
mainland China. TikTok does have employees who work in Beijing. One of the offices is located
at 228, 2nd Floor, Building 1, No. 23 Courtyard A, North Third Ring Road West, Haidian
District, Beijing.
21. Please provide the address of ByteDance’s office location in Beijing.
ByteDance has a number of offices in Beijing. The largest office is at Dazhongsi Square No.A18,
West Beisanhuan Road, Haidian District, Beijing.
22. Please provide the address of ByteDance’s office location in the Cayman Island.
VISTRA (CAYMAN) LIMITED P. O. Box 31119 Grand Pavilion, Hibiscus Way, 802 West Bay
Road, Grand Cayman, KY1 - 1205 Cayman Islands.
23. Please provide the address of TikTok’s office location in the Cayman Island.
VISTRA (CAYMAN) LIMITED P. O. Box 31119 Grand Pavilion, Hibiscus Way, 802 West Bay
Road, Grand Cayman, KY1 - 1205 Cayman Islands.
6
24. Please provide the number of TikTok employees at each of the following locations:
a. Cayman Island;
b. Los Angeles;
c. Washington, D.C.;
d. Beijing;
TikTok is a privately held company with approximately 7,000 employees in the US. We do not
comment on these specific employee figures.
25. Please provide the number of ByteDance employees at each of the following locations:
a. Cayman Island;
b. Los Angeles;
c. Washington, D.C.;
d. Beijing;
TikTok is a privately held company with approximately 7,000 employees in the US. We do not
comment on these specific employee figures.
26. Please list the dates and individual instances where ByteDance or TikTok employees
accessed the data of Forbes journalists Emily Baker-White, Katharine Schwab, and
Richard Nieva.
As stated in the written testimony, TikTok has provided the Committee with a briefing on this
subject and is committed to ongoing cooperation. In particular, to demonstrate that TikTok has
zero tolerance for the former employees’ misconduct, TikTok has provided the Committee with a
factual briefing through the outside law firm that is conducting the investigation into the matter.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
Based on the investigation to date, it is understood that the former employees' misconduct related
to Baker-White involved a number of steps taken between July and October 2022. The
investigation to date has not revealed any evidence that any access to Baker-White’s user data
has occurred since that time.
27. Please list all internal data on Emily Baker-White, Katharine Schwab, and Richard
Nieva which was accessed by ByteDance or TikTok employees during the Project Raven
investigation, including but not limited to IP address, MAC address, and network
connection.
As a preliminary matter, “Project Raven” refers to the authorized investigation into the potential
leak of confidential information that was published in Emily Baker-White’s June 17, 2022
BuzzFeed News article. This investigation was overseen by members of the Legal team and
outside counsel. Project Raven involved the review of internal documents and communications
related to the leaked information. Based on the investigation to date, there is no evidence that
TikTok user data was accessed by employees in connection with Project Raven.
Separate from Project Raven, and without informing inside or outside counsel, some members of
IARC independently tried to use certain novel techniques—some of which involved accessing or
7
attempting to access TikTok user data—to determine whether there were any connections
between employees and Baker-White. We refer to these steps as the “Misguided Effort.” The
investigation of the Misguided Effort was directed and led by Global Legal Compliance and
outside counsel. As part of the Misguided Effort, we understand that the employees accessed
Baker-White’s IP address, among other information. The investigation to date has not identified
evidence that TikTok user data for Richard Nieva or Katharine Schwab was accessed by
employees.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
28. Please list all external data collected on Emily Baker-White, Katharine Schwab, and
Richard Nieva by ByteDance or TikTok employees during the Project Raven
investigation.
Please see our answer to QFR 26 and QFR 27.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
29. Please list all techniques and practices used by ByteDance or TikTok employees to
collect information on, surveil, spy, and track, Emily Baker-White, Katharine Schwab,
and Richard Nieva during the project Raven investigation.
As for the Misguided Effort described in the answer to QFR 27, it is understood that the
employees involved in the Misguided Effort pursued several techniques intended to identify
potential connections between Baker-White and employees. Based on the investigation to date, it
is understood that these techniques included comparing Baker-White’s IP addresses to IP
addresses of employees.
Again, as noted above in the response to QFR 27, the investigation to date has not identified
evidence that user data associated with Richard Nieva or Katharine Schwab was accessed by
employees.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
30. Have the techniques and practices used to collect information on, surveil, spy and track,
Emily Baker-White, Katharine Schwab, and Richard Nieva during the project Raven
investigation been used on any other TikTok users?
a. If yes, please provide the name of the user surveilled, spied on, or tracked, the
purpose of the surveillance, spying, or tracking, types of information collected on
the user, and dates the user was surveilled, spied on, or tracked, who approved the
8
usage of data to surveil, spy on, or track the user, and whether or not the
surveillance, spying, or tracking has stopped.
b. If no, are you or do you plan to conduct a thorough investigation into whether these
practices and techniques were used on other users.
Certain of the techniques utilized as part of the Misguided Effort relating to leaks of confidential
company information to Baker-White were also used in connection with leaks of confidential
company information to Cristina Criddle, a UK-based journalist. The individuals involved in
those techniques with respect to Criddle had also been involved in the Misguided Effort relating
to the leaks to Baker-White.
Based on the investigation to date, it is understood that a number of steps related to Criddle were
taken in September 2022. The investigation to date has not revealed any evidence that any access
to Criddle's user data has occurred since that time.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
31. Have the techniques and practices used to collect information on, surveil, spy, and
track, the aforementioned journalists been used on any non-users of TikTok?
a. If yes, please provide the name of the user surveilled, spied on, or tracked, the
purpose of the surveillance, spying, or tracking, types of information collected on
the user, and dates the user was surveilled, spied on, or tracked, and whether or not
the surveillance, spying, or tracking has stopped.
b. If no, are you or do you plan to conduct an investigation of whether practices and
techniques were used on other users.
Once it was learned that there were allegations of improper access to user data raised in the
October 20, 2022 Forbes article, the Global Legal Compliance team began an immediate
investigation and engaged a highly reputable law firm to conduct an internal investigation. This
investigation is ongoing. However, the investigation has not identified instances in which
improper methods were used in connection with non-users of TikTok.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
32. Have any of the individuals, involved in the collection of information on, surveillance,
spying, and tracking of the aforementioned journalists, or any user or non-user
outlined in questions 30 and 31, previously been employed by any intelligence and or
law enforcement agencies of a foreign country?
The personnel files of the four former employees involved in the Misguided Effort provide no
information indicating that they had previously been employed by any intelligence and/or law
enforcement agency of a non-U.S. country.
9
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
33. Have any of the individuals who were involved in the activities outlined in questions 29-
31 been subsequently hired by other companies within the ByteDance family, such as
Lemon8 or other subsidiaries?
None of the four former employees involved in the Misguided Effort has been subsequently
hired by any entities owned by ByteDance Ltd. or any of its wholly-owned subsidiaries.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
34. When ByteDance or TikTok employees accessed Emily Baker-White, Katherine
Schwab, and Richard Nieva’s data, where was that data stored?
At the time that the individuals involved in the Misguided Effort accessed Baker-White’s user
data, the accessed data was stored on servers based in Virginia, USA.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
35. When ByteDance or TikTok employees accessed Emily Baker-White, Katherine
Schwab, and Richard Nieva’s data, had TikTok United States Data Security Inc. been
established?
The special purpose subsidiary of TikTok, U.S. Data Security (USDS), had been established at
the time the employees involved in the Misguided Effort accessed the user data. As a result of
Project Texas-related changes, the employees involved in the Misguided Effort were able to
access only historical U.S. TikTok user protected data collected before July 12, 2022.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
36. How many employees of ByteDance or TikTok were involved in the surveillance of
American journalists?
Four employees are no longer employed with TikTok or ByteDance as a result of their roles in
the Misguided Effort. Of those four employees, three were terminated and one resigned.
The internal investigation is ongoing and continues to examine whether other employees were
knowingly involved in the Misguided Effort.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
10
37. What procedures and processes were in place at the time when so-called rogue
employees of ByteDance or TikTok collected location data on US journalists to detect
and mitigate insider threats?
At the time of the employees’ Misguided Effort to access user data to identify leaks of
confidential company information, a data access approval process restricted access to data
pursuant to the level of confidentiality and legitimate need for such data. Unfortunately, the
individuals involved in this Misguided Effort did not fully disclose the reasons for their data
access requests. This inappropriate conduct violated several company policies and does not
represent our commitment to data security.
Efforts to bolster protections around U.S. user data are ongoing, including but not limited to
developing new data security policies, reorganizing the investigations team to sit within Legal,
enhancing compliance training, and continuing to implement Project Texas.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request
38. Were members of the ByteDance or TikTok executive team aware of the surveillance of
American journalists prior to the October 2022 reporting by Forbes?
a. If yes, what steps did you take to address the situation?
b. If no, how did such surveillance go undetected?
As discussed in the Response to QFR 39, Mr. Chew first learned of the Misguided Effort to
access Emily Baker-White’s user data after publication of Emily Baker-White’s October 20,
2022 article. Please reference Responses to QFRs 37 and 40 for information on how the
individuals involved in the Misguided Effort were able to utilize these improper methods. To
date, the ongoing investigation has not revealed that any members of the ByteDance or TikTok
executive team were aware of the Misguided Effort until Emily Baker-White’s October 2022
article.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
39. On what date were you notified of the surveillance of American journalists Emily
Baker-White, Katherine Schwab, and Richard Nieva by ByteDance and TikTok
employees?
The internal investigation to date has not identified evidence that employees involved in the
Misguided Effort accessed TikTok user data for Richard Nieva or Katharine Schwab.
Nevertheless, Mr. Chew first learned of the Misguided Effort to access Emily Baker-White’s
user data after publication of Emily Baker-White’s October 20, 2022 Forbes article. After this
article was published, the Global Legal Compliance team began an immediate investigation and
engaged a highly reputable law firm to conduct an internal investigation. Mr. Chew was updated
on findings as the investigation continued.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
11
40. Have ByteDance and TikTok conducted an internal investigation into the surveillance
of American journalists Emily Baker-White, Katherine Schwab, and Richard Nieva?
a. If yes, please detail how such surveillance was possible and any other instances in
which similar surveillance may have occurred.
b. If no, please explain why such an investigation remains outstanding.
As stated in the response to Question 39, once it was learned that there were allegations of
improper access to user data raised in the October 20, 2022 Forbes article, the Global Legal
Compliance team began an immediate investigation and engaged a highly reputable law firm as
outside counsel to conduct an internal investigation. That investigation is ongoing, but outside
counsel briefed Committee staff on the facts learned from the investigation, including detailed
explanations of the methods used by the employees involved in the Misguided Effort.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
41. On what date was the employment of individuals involved in the surveillance of
American journalists terminated?
Three of the individuals who were involved in the Misguided Effort were involuntarily
terminated between December 21-23, 2022.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
42. What were the terms of termination for employees involved in the surveillance of
American journalists?
Please see response to question 41.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
43. Were any of the employees involved in the surveillance of American journalists based in
the People’s Republic of China?
Two of the individuals who were involved in the Misguided Effort to access user data to identify
leaks of confidential company information were based in offices located in China. Two other
individuals involved in the Misguided Effort were based in offices located in the United States.
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
44. Were any of the employees involved in the surveillance of American journalists
members of the Chinese Communist Party?
TikTok does not collect political affiliation information regarding its employees.
12
With respect to this question or any of the other questions for the record submitted on this topic,
TikTok would be pleased to offer additional briefings by its outside counsel to the Committee
upon request.
45. If the US government ordered ByteDance to divest from TikTok or else TikTok would
be banned from the US, would you personally request authorities in Beijing grant an
export license for TikTok’s algorithm and permit divestment to occur, rather than let
TikTok be shut down?
Bans are only appropriate when there are no alternatives. But in this case there is an
alternative—one that addresses the concerns from this Committee and others. A ban that hurts
American small businesses, damages the country’s economy, silences the voices of over 150
million Americans, and reduces competition in an increasingly concentrated market is not the
solution to a solvable problem.
TikTok does not believe divestment would address the fundamental concerns voiced by this
committee, as a change in ownership would not impose any new restrictions on data flows or
access. This is not an issue of nationality: all global companies face common challenges that
need to be addressed through safeguards and transparency. TikTok's commitment under Project
Texas is for the data of all Americans to be stored in America, hosted by an American
headquartered company, with access to the data controlled by USDS personnel.
46. What actions would you take if you learned that actors supported by or affiliated with
the Chinese government or the CCP accessed or is accessing TikTok networks or data
depositories, used or is using TikTok to disseminate disinformation, or is using TikTok
to spy on individuals or groups?
a. What elements of or individuals in the Chinese government or CCP would you lodge
a complaint with?
b. What recourse do you expect to have with the CCP to have them cease and desist
such activity?
TikTok would actively oppose the actions described in your question. Such activity would
violate our policies, which is why we have precautions in place to help prevent this unauthorized
access. As a global entertainment platform, TikTok spans most major markets except China.
TikTok is provided in the United States by TikTok Inc., which is incorporated in California and
subject to U.S. laws and regulations. Like many global technology companies, TikTok has
product development and engineering teams all over the world collaborating to deliver the best
product experience for the TikTok community. TikTok has not been asked for U.S. user data by
the Chinese government or the CCP. TikTok has not provided such data to the Chinese
government or CCP, nor would TikTok honor such a request if one were ever made. TikTok
discloses on a regular basis in its Transparency Reports requests for user information that TikTok
receives from governments and law enforcement agencies.
TikTok is committed to implementing significant organizational, process, and technical changes
related to the storage, access, and security of U.S. user data. The data is stored in Oracle Cloud
Infrastructure with access limited to authorized personnel and additional access protocols being
developed.
13
47. When TikTok and ByteDance note that they “follow local laws” in China, please
provide a full accounting of all laws and provisions of laws to which it is subject and
follows in its operations, or at a very minimum, all the laws for which there are legal
professionals or individuals at manager level and above tasked with managing
compliance for.
TikTok is not available in mainland China. TikTok, as a U.S. company incorporated in the
United States, is subject to the laws of the United States. TikTok has never shared, or received a
request to share, U.S. user data with the Chinese government. Nor would TikTok honor such a
request if one were ever made. TikTok is committed to respecting local laws in the markets in
which it operates.
48. On April 30, 2021, an entity associated with the Chinese Communist Party,
WangTouZhongWen (Beijing) Technology, registered a 1% stake in Beijing ByteDance
Technology, now renamed Beijing Douyin Information Service Ltd.. These “golden
shares,” officially known as “special management shares,” came with additional rights
compared to the small size of the investment such as the right to name a member of the
board. Please list all rights associated with WangTouZhongWen (Beijing) Technology’s
holdings.
WangTouZhongWen (Beijing) Technology only maintains rights over Beijing Douyin
Information Service Ltd. associated with "special management shares", but maintains no rights in
relation to any TikTok entities. Beijing Douyin Information Service Ltd. Is a Chinese subsidiary
of ByteDance Ltd and is not connected to TikTok. Please see the corporate structure diagram at
ByteDance.com, which illustrates the structural separation between Beijing Douyin Information
Service Ltd. and all TikTok entities.
49. Please provide an organization chart that identifies all the reporting relationships, both
formal and informal between TikTok, ByteDance, and all ByteDance’s subsidiaries and
partners?
Please refer to ByteDance's website and the section entitled "Corporate Structure".
14
50. Please list all rights, including but not limited to content moderation decisions,
WangTouZhongWen (Beijing) Technology can exert over:
a. Beijing Douyin Info Services Co. Ltd. (CN);
b. Douyin Co., Ltd. (CN);
c. Douyin Vision Co. Ltd. (CN);
d. Douyin Group (HK) Ltd. (HK SAR);
e. ByteDance Ltd. (Cayman);
f. BytePlus Ltd. (Cayman);
g. Nuverse Co. Ltd. (Cayman);
h. Lark Technologies Ltd. (Cayman);
i. Pico Immersive Ltd. (Cayman);
j. TikTok Ltd. (Cayman);
k. TikTok Information technologies UK Ltd. (UK);
l. TikTok LLC (US);
m. TikTok Inc. (US);
n. TikTok U.S. Data Security (US);
o. TikTok Pte. Ltd. (SG);
WangTouZhongWen (Beijing) Technology maintains rights only over Beijing Douyin
Information Service Ltd. among the numerous entities identified in the question.
WangTouZhongWen (Beijing) Technology maintains no rights in relation to all other entities
identified in the question - i.e., Douyin Co., Ltd. (CN), Douyin Vision Co. Ltd. (CN), Douyin
Group (HK) Ltd. (HK SAR), ByteDance Ltd. (Cayman), BytePlus Ltd. (Cayman), Nuverse Co.
Ltd. (Cayman), Lark Technologies Ltd. (Cayman), Pico Immersive Ltd. (Cayman), TikTok Ltd.
(Cayman), TikTok Information technologies UK Ltd. (UK), TikTok LLC (US), TikTok Inc.
(US), TikTok U.S. Data Security (US), and TikTok Pte. Ltd. (SG).
51. Does ByteDance Ltd. make use of a variable interest entity (VIE) model?
The VIE model is used for certain operations in China. By way of contractual arrangement,
specific subsidiaries of Douyin Group (HK) Limited can exert control over specific VIE entities
incorporated in China. Douyin Group (HK) Limited is in parallel with TikTok Ltd., another
subsidiary of ByteDance Ltd. The two do not overlap except via ownership by the same parent
company, ByteDance Ltd.
52. Can you provide a detailed accounting of TikTok’s financial relationship with
ByteDance as well as any ByteDance subsidiaries and partners?
As privately-held companies, we do not provide such an accounting.
53. Has the Chinese Communist Party, or other members of the Chinese government,
provided ByteDance or TikTok information on why the TikTok algorithm is export
controlled?
No. The Chinese government has not provided ByteDance with information on why TikTok's
algorithm is export controlled.
15
54. Can users in China access TikTok, as opposed to Duoyin, and, if not, has the Chinese
government given you any explanation for this?
TikTok is not available in mainland China.
55. Can you explain what ByteDance Editor-in-Chief and CCP Secretary, Zhang Fuping,
meant when he vowed that the Party Committee at ByteDance would “take the lead”
across “all product lines and business lines” to ensure the algorithm would follow the
“correct political direction”?
No. Zhang Fuping has no role at, or influence on, TikTok.
56. Please describe the internal controls related to the “heating” function, which allows
TikTok employees to amplify content.
TikTok occasionally promotes videos to help diversify the content experience and introduce
celebrities and emerging creators to the TikTok community. Only a few people, based in the
U.S., have the ability to approve content for promotion in the U.S., and that content makes up
approximately .002% of videos in For You feeds. TikTok is working to bring increased
transparency to users around this type of content.
57. How often is content manually heated by TikTok employees?
Only a few people, based in the US, have the ability to approve content for promotion in the US,
and that content makes up approximately 0.002% of videos in For You feeds.
58. Have members of the Chinese Communist Party, or other members of the Chinese
government, asked ByteDance or TikTok employees to heat content?
TikTok does not heat content in the U.S. at the request of any government, including the Chinese
Communist Party. TikTok may promote or "heat" specific content (including, e.g., promoting the
video of an artist who will be hosting a concert on TikTok Live) in line with company content
policies to support the inclusion of diverse and high-quality content on the platform. A content
operations team will review heating requests submitted by a limited number of cross-functional
partners with access to the heating request, and the Content Operations team will either approve
or reject the request based on their assessment of whether it follows the platform's best practices
in support of content diversity and quality (including, e.g., being engaging and meaningful and
focusing on timely/relevant content) and business objectives. An audit function, that is in the
process of being refined, will regularly review the heating request process to ensure internal
compliance with company policies. Even if the request is approved, increasing visibility or video
views ("VV") is not guaranteed as the recommendation system will not heat low quality content
(e.g, reposted or irrelevant content). Heating impacts less than 1% of VV in the US.
59. Have members of the Chinese Communist Party, or other members of the Chinese
government, ever asked for content to be made inelligble for the For You feed?
Government requests for data removal or restriction can be found in TikTok's Government
Removal Requests reports available at tiktok.com/transparency.
16
60. Please confirm if the following content is available for algorithmic promotion and the
‘For You’ feed:
a. Uyghur genocide;
b. Tibetan Freedom;
c. Taiwan Independence;
d. Independence of Mongolia;
e. 89 Democracy Movement;
f. Tiananmen Square Massacre;
g. The failure of the Chinese Communist Party’s Zero-Covid Policies;
Yes, the above content is available for algorithmic promotion and the For You feed.
61. How does TikTok share or receive cyber threat intelligence that it can use to protect
users from malicious actors or misinformation? Does TikTok keep records of such
intelligence?
a. For example, the US government were to identify an account of concern as being a
China-sponsored propaganda or misinformation campaign, what actions could you
take to counter those campaigns? Could TikTok provide accounts of how it handles
similar requests?
TikTok wants to equip its community with context and tools to assess content on the platform.
For instance, labels are added to videos with unsubstantiated content. TikTok's state-affiliated
media policy is to label accounts run by entities whose editorial output or decision-making
process is subject to control or influence by a government. TikTok's goal in labelling state-
affiliated media is to ensure people have accurate, transparent, and actionable context when they
engage with content from media accounts that may present the viewpoint of a government.
62. What actions do you commit to take if you learn that actors supported by or affiliated
with the Chinese government or the CCP accessed or is accessing TikTok networks or
data depositories, used or is using TikTok to disseminate disinformation, or has used or
is using TikTok to spy on individuals or groups?
a. What evidence would you need to make such an assessment?
As a global entertainment platform, TikTok spans most major markets, but is not available in
mainland China. TikTok is provided in the United States by TikTok Inc., which is incorporated
in California and subject to U.S. laws and regulations. Like many global technology companies,
TikTok has product development and engineering teams all over the world collaborating to
deliver the best product experience for the TikTok community. TikTok has not been asked for
U.S. user data by the Chinese government or the CCP. TikTok has not provided such data to the
Chinese government or CCP, nor would TikTok honor such a request if one were ever made.
TikTok discloses on a regular basis in its Transparency Reports requests for user information that
TikTok receives from governments and law enforcement agencies.
TikTok is committed to implementing significant organizational, process, and technical changes
related to the storage, access, and security of U.S. user data. The data is stored in Oracle Cloud
Infrastructure with access limited to authorized personnel and additional access protocols being
developed.
17
63. A National Intelligence Council report expressed concern that “Beijing’s commercial
access to personal data of other countries’ citizens, along with AI-driven analytics, will
enable it to automate the identification of individuals and groups beyond China’s
borders to target with propaganda or censorship.” Has TikTok or any TikTok
employee ever been asked to identify individuals or groups outside China to target with
propaganda or to censor their speech on TikTok?
TikTok, as a U.S. company incorporated in the United States, is subject to the laws of the United
States. TikTok has never shared, or received a request to share, U.S. user data with the Chinese
government. Nor would TikTok honor such a request if one were ever made.
64. On April 10, 2018, the Founder of ByteDance, Zhang Yiming, issued an open letter on
WeChat apologizing to Chinese regulatory authorities. In this public apology, Zhang
Yiming noted that ByteDance would integrate “correct values” into its technology and
“strengthen the work of party building, educate all employees on the ‘four
consciousnesses,’ socialist core values, public opinion guidance, laws and regulations,
and truly fulfill the social responsibility of everyone.”
a. What “correct values” does Zhang Yiming refer to in this letter?
b. What steps did ByteDance take to educate all employees on the four
consciousnesses?
c. What processes does TikTok have in place today to ensure its technology will
“strengthen the work of party building” and “educate all employees on the ‘four
consciousnesses’”?
d. Do you agree with Zhang Yiming’s assessment that “the product has gone the
wrong way” and that “content that is inconsistent with the core socialist values has
appeared, and the guidance of public opinion has not been implemented well”?
e. In your tenure as CEO, what steps have you taken to ensure “content inconsistent
with the core socialist values” does not appear on your platform?
ByteDance’s products follow the local laws and regulations of the countries they operate in. The
TikTok app is not available in mainland China.
65. Please document all meetings, communication, or interactions you - or any other senior
TikTok executive - have had with members of the Chinese Communist Party while
serving as officers of TikTok.
In his role as CEO, Mr. Chew has not interacted with the Chinese government regarding TikTok.
66. Can you provide a complete Software Bill of Materials for all components and
components of the components in the mobile app? Please include the Developer
Information and country of origin for all listed components.
The Executive Order on Improving the Nation’s Cybersecurity (No. 14028) does not require
entities to make SBOMs publicly available. TikTok will submit SBOMs as part of software
assurance work with Oracle.
18
67. What behaviors of the mobile application are controlled by content delivered by
TikTok dynamically vs statically compiled into the application?
As with many large-scale, modern mobile applications, TikTok dynamically updates certain
aspects of the product separate from the statically-compiled app available to users through app
stores (such as Google Play and Apple App Store). New features, additional functionality,
accessibility improvements, and updated help articles are examples of those dynamic changes.
New features are typically introduced into the app with the option to be turned-off server-side in
order to limit the numbers of users that have access to the feature. That functionality to turn
on/off server-side is later removed after the feature is deemed to be successful and is fully
launched.
68. What assurances and technical protections can TikTok provide to ensure the mobile
app and backend cloud services will only communicate (inbound and outbound) with
authorized US endpoints? What assurances can TikTok provide to ensure data sent to
US endpoints remains at those endpoints and is not sent or replicated elsewhere?
When Project Texas is complete, the U.S. TikTok mobile app will be monitored by USDS and
Oracle to make sure it is communicating appropriately.
69. Where does TikTok store the signing key for iOS and Android applications? How is
access to the signing keys manage, and who are the developers with access to the signing
keys for the mobile application?
For Android, an internal signature service manages all application signatures. The application
packing service will access it while packing the application and only the TikTok Google Play
managers can access these keys. iOS has a special repository to store this signature key and is
accessible to a limited number of people. During packing, the iOS Application packing system
will read the signature key.
70. Under Project Texas, how will signing keys be removed from non-Project Texas
systems and developers? Will TikTok release a new version of TikTok compiled with
new keys if the keys have ever been available to non-Project Texas developers/systems?
Under Project Texas, the entire mobile app building pipeline will be fully controlled and
operated by Oracle, including the signing key. In future versions, Oracle will be responsible for
compiling the TikTok app and submitting it to the Apple/Google Store(s). Oracle has been
creating its own TikTok building pipeline in the past few months and is expecting to make the
transition soon.
71. Where does TikTok compile the iOS and Android applications? What services are used
to produce the mobile application builds, and are all builds available for security
analysis?
When Project Texas is complete, Oracle will compile the mobile app after they complete their
security analysis.
19
72. What processes and tools does TikTok possess to determine the real identity of end
users?
For the vast majority of TikTok accounts, we do not verify user identity. There are some
exceptions, including the verification badge process for high profile accounts and the process
that allows us to make payments to certain creators.
A verified badge means that TikTok has confirmed the account belongs to the person or brand it
represents. In order to verify an account, users submit a verification request, and TikTok collects
information to help ensure that the account holder can be verified. We may also collect
information about creators who participate in the TikTok Creator Fund, including things like
physical address for tax and payment purposes, and payment information.
73. In an April 2020, post, TikTok’s Chief Information Security Officer Ryan Cloutier
stated the company was “engaged with the world's leading cyber security firms to
accelerate our work advancing and validating our adherence to globally recognized
security control standards like NIST CSF, ISO 27001 and SOC2.”
a. In the three years since this statement, what cybersecurity standards is TikTok
compliant with?
b. What cybersecurity standards is TikTok currently pursuing?
TikTok aligns to ISO 27001 as it is the most commonly accepted global security controls
framework and certification. Where applicable, TikTok also implements NIST CSF, PCI, and
SOC 2 controls to support industry compliance and/or best practices.
TikTok leverages the Global Security Framework which consists of ByteDance's Rest-of-World
regulatory and compliance control obligations including ISO 27001, PCI DSS, SOC 2, and
international data protection regulations such as GDPR as well as additional industry best
practices such as NIST and CCM.
Supporting applications such as TikTok Shop and TikTok Live are currently undergoing
readiness assessments for PCI compliance and have external audits tentatively scheduled for
May 2023 to achieve certification.
74. Has TikTok ever been used to perform a DNS rebinding attack via the mobile
applications?
To the best of our knowledge, this has not happened.
75. How frequently are the TikTok mobile app or backend security tested? Are they tested
by US personnel? To what security standard are they tested?
Every new functionality being introduced to the TikTok platform goes through a thorough
security review and testing process. This work is performed every day. Automated scanning and
code analysis is also performed multiple times a day. TikTok has a dedicated Product Security
team in the U.S. that reviews and tests TikTok mobile and backend changes.
Under Project Texas, mobile and backend systems will be analyzed and tested by both Oracle
and another third-party source code inspector. Oracle began reviewing source code on January
12, 2023 at the Dedicated Transparency Center in Columbia, MD
20
TikTok follows Secure Software Development Lifecycle and require developer teams to fix any
High or Critical severity vulnerabilities prior to the release. Medium and Low severity
vulnerabilities are usually fixed ahead of the release too, but in some cases these can be fixed
later, within the SLOs according to TikTok's Vulnerability Management requirements and
guidelines.
76. What third-party services have access to the source code of the mobile application?
100% of TikTok source code, including the mobile application and backend systems will be
shared with Oracle and another third-party source code inspector. Oracle began reviewing source
code on January 12, 2023.
77. How frequently are TikTok’s user’s location data transmitted? Within how many
meters is TikTok’s location data accurate?
a. Does TikTok collect WiFi access point information?
b. Could TikTok’s Wifi access point information be combined with coarse location
data to determine a TikTok users precise location?
The current versions of the TikTok app available in the U.S. do not collect precise location
information, but instead collect only approximate location information based on SIM card
information, IP address, and device system settings. IP addresses associated with the user's
device are refreshed every time there is a new network request; if the IP address changes, the
location information may be updated. If a user is still using an older version that allows for
collection of precise or approximate GPS information (last released in August 2020), and the
user granted us permission to do so, TikTok may collect such information, but we do not retain
the information.
78. Please provide the follow dates:
a. Your start date as ByteDance CFO;
b. Your start date as TikTok CEO;
c. Your end date as ByteDance CFO;
Mr. Chew has served as CEO of TikTok since April 30, 2021. He previously served as
ByteDance CFO from March 29, 2021 - November 2, 2021.
21
79. Please provide the title, job description, and reporting structure (including their direct
supervisor, any employees they supervise, and any employees who informally report to
them) of each of the following ByteDance and TikTok employees:
a. Zhu Wenjia;
b. Liang Yuming;
c. Xu Jie;
d. Tan Siqi;
e. Wang Yinglei;
f. Zhang Qi;
g. Liu Hanyu;
h. Yang Zhenyuan;
i. Wang Winglei;
j. Wang Suiding;
k. Rich Waterworth;
l. Erich Andersen;
m. Vanessa Pappas;
n. Zhang Yiming;
o. Liang Rubo;
p. Zhang Fuping;
q. Kelly Zhang;
r. Wu Shugang;
As privately held companies, we do not disclose this data.
80. An article published on Jiemian News entitled “TikTok Insider: Zhang Yiming’s
Journey of Giant Waves,” describes how ByteDance poached a group of Facebook
employees, and that those employees brought Facebook data with them to ByteDance.
Is this accurate?
This was published before Mr. Chew joined the company and he has no first hand knowledge
about the series of events described in this article.
81. A March 10, 2023 article in the Washington Post describes how TikTok is linked to
Toutiao, another ByteDance application. Please provide a technical justification for the
distinction between the Toutiao and TikTok databases.
It is not clear what information this question seeks.
82. Does TikTok have any outstanding debt obligations or revolving credit with the Bank of
China?
No.
83. Does ByteDance have any outstanding debt obligations or revolving credit with the
Bank of China?
As CEO of Tiktok, Mr. Chew is unable to speak to debt obligations of ByteDance.
22
84. Thanks to Apple’s iOS 14 update, it was revealed in 2020 that TikTok was logging users
keystrokes without their knowledge. In March of 2020, the Telegraph reported that
TikTok said it was committed to ending this practice within a few weeks. Despite this
commitment, in August 2022 the New York Time reported that TikTok was still logging
keystrokes. Please provide an explanation for this contradiction.
The 2020 Telegraph article to which the question refers is related to clipboard access, not
keystrokes. As disclosed in TikTok's Privacy Policy, TikTok collects text, images, and videos in
the clipboard of the user's device clipboard with the user's permission. TikTok removed an anti-
spam program that caused user confusion regarding clipboard access in June 2020.
As for the August 2022 New York Times article regarding keystrokes, it is based on a self-
published article written by Felix Krause, which alleged that TikTok inserts JavaScript code into
third-party websites viewed through TikTok's in-app browser. It was claimed that such
JavaScript code can track what users type, despite the fact that Krause conceded that he found no
such evidence by TikTok. At the time of the article, when users used TikTok's in-app browser to
browse a third party website, TikTok would know that a key was pressed, i.e., a “key event,” but
it did not collect or track the values or content of the key event, nor the strings of characters that
were being typed. Starting in September 2022, for users using current versions of the app, no key
events are logged when the in-app browser is used to view a third party website.
85. According to internal documents obtained by the Intercept, your company instructed
moderators to suppress posts created by users deemed too ugly, poor, or disabled from
the platform. Did you approve this moderation? If not, who has the final say for these
policies?
This reflects a news story from more than three years ago, before Mr. Chew became CEO of
TikTok. The guidelines referenced were a misguided attempt to reduce cyberbullying, drafted for
use in limited countries, and they had long been out of use by the time that article was published.
TikTok values and supports the diversity and inclusion of its creators and does not discriminate
against people on the basis of their disability, income level or physical appearance. Today,
TikTok takes a nuanced approach to moderation, including building out a global team with deep
industry experience and working with an external content advisory council of subject matter
experts. Moderation is done in a consistent and transparent manner in accordance with our
Community Guidelines and Terms of Service. More information about our moderation practices
can be found at tiktok.com/transparency.
The Honorable Gus M. Bilirakis
1. When did TikTok first become aware that its algorithms send sad, depressing and
suicide-promoting videos to the “For You” feeds of teenage users?
TikTok does not believe that this is an accurate sentiment regarding its algorithms. The safety of
the TikTok community is of the utmost importance to TikTok. TikTok’s Community Guidelines
expressly prohibit dangerous or otherwise harmful content, including content that depicts or
promotes dangerous acts and challenges; disordered eating; sexual exploitation or other harm of
minors; and content depicting, promoting, normalizing, or glorifying activities that could lead to
suicide or self-harm. TikTok uses both automated moderation technology and content
moderators to identify content that violates TikTok's Community Guidelines. TikTok also
23
proactively blocks, redirects, and warns users who attempt to search for this type of violative
content.
2. What if anything has TikTok done to stop young users from receiving sad, depressing
and suicide-promoting videos in their “For You” feeds?
TikTok’s Community Guidelines prohibit content depicting, promoting, normalizing, or
glorifying activities that could lead to suicide or self-harm. Videos uploaded to TikTok are
initially reviewed by TikTok's automated moderation technology, which aims to identify content
that violates TikTok's Community Guidelines. If a potential violation is found, the automated
moderation system will either pass it on to TikTok's safety teams for further review or remove it
automatically if there is a high degree of confidence that the content violates TikTok's
Community Guidelines. TikTok also utilizes human moderators to review potentially violative
videos identified through automated moderation or through reports by the TikTok community.
TikTok continues to improve its content moderation systems to more effectively remove
violative content at scale.
TikTok is aware of the potential concern with receiving recurrent content and has introduced
dispersal strategies designed to help users avoid "filter bubbles." Additionally, TikTok includes
the ability for users to reset For You feeds, allowing them to restart their journey on TikTok.
TikTok also has a dedicated team of minor safety professionals working to ensure the app is
designed to be safe for teens over the age of 13. To that end, there are also default settings to
protect teens.
TikTok encourages parents to be in conversation with their teens about their TikTok experience
and to learn more about what types of videos and creators they enjoy. Parents can also set time
and experience levels that are right for their teens by using the Family Pairing feature.
TikTok also makes other resources available to users who might need help. For example, if
someone searches for words or phrases such as #suicide, they are directed to resources such as
the 988-Suicide and Crisis Lifeline and the Crisis Text Line helpline, where users can find
support and treatment options. The TikTok community also offers content that includes personal
experiences with mental well-being, as well as information on resources for support in talking to
loved ones about these issues. TikTok also has an in-app tool so that users can report videos as
“Self-injury” if those videos reference self-harm or suicide. TikTok assures its users that
reporting such videos will not cause those accounts to be penalized, but instead TikTok will try
to direct those accounts to resources that might help them through their current situation.
3. Many of my constituents received videos from TikTok in their “For You” feeds
promoting anorexic behavior and body shaming. These kids have not sought out this
type of content but were looking for videos on healthy recipes and exercise. What is
TikTok doing to protect kids from receiving dangerous videos that promote unhealthy
eating behavior or cause them to hate their bodies when they are not asking for this
material?
TikTok wants to play a positive role in the lives of teens. TikTok recognizes that body image is
complicated, and eating disorders are a heartbreaking societal issue, and personal challenge.
There is no one solution to this type of content. Here's TikTok's approach:
- TikTok removes content that promotes disordered eating and eating disorders.
24
- TikTok restricts content recommendations that show extreme exercise or dieting.
- TikTok redirects searches associated with disordered eating to the National Eating
Disorders Association Helpline.
- TikTok also restricts content that shows cosmetic surgery that is not accompanied by
discussions of its dangers.
- TikTok supports anyone in our community impacted by an eating disorder with access
to resources from the National Eating Disorders Association in the app and at TikTok's
Safety Center.
- TikTok knows that triggers can be extremely personal, which is why TikTok empowers
viewers to filter videos with specific keywords from their For You feeds.
TikTok wants everyone to have enriching discovery experiences on TikTok. TikTok continues to
iterate on how TikTok avoids recommending a series of similar content on topics that may be
fine as a single video but potentially problematic if viewed repeatedly, such as content related to
dieting, extreme fitness, and other wellbeing-related topics. TikTok also aims to recognize if its
system may inadvertently recommend a narrower range of content to a viewer.
4. How many cases is TikTok aware of where users have committed suicide after receiving
sad, depressing or suicide-promoting videos on TikTok?
The safety and well-being of the TikTok community is an important priority. TikTok's policies
aim to support people who may be struggling and to provide access to expert emotional help.
TikTok does not believe that use of the platform has caused users to commit suicide. TikTok
supports its community by making available emotional support helplines. TikTok provides
regional suicide prevention hotline numbers and additional localized resources that can help. The
TikTok team also alerts local emergency services when TikTok receives reports of a TikTok
community member who may be at risk of harming themselves.
5. What changes has TikTok made in its algorithms or platform design to protect minors
from receiving suicidal content on their “For You” feeds?
TikTok is determined to provide both a welcoming space for self-expression and an enjoyable
environment for its community. TikTok understands that people express themselves in all sorts
of way on TikTok – including when they're feeling down or are going through a difficult life
experience. TikTok routinely hears from experts that closing the door on this expression can
increase feelings of isolation and stigmatization, and that enabling people to see how others cope
with difficult emotions can be beneficial, especially for teens. With this in mind, TikTok's
approach is to remove content that promotes or glorifies self-injury or our other policies, while
allowing recovery or educational content, with limits on how often such recovery or educational
content is eligible for recommendation.
TikTok's systems do this by looking for repetition among themes like sadness or extreme diets,
within a set of videos that are eligible for recommendation. If multiple videos with these themes
are identified, they will be substituted with videos about other topics to reduce the frequency of
these recommendations and create a more diverse discovery experience. This work is ongoing,
and over the last year alone, we have implemented over 15 updates to improve these systems,
along with expanding to support more languages.
25
In addition to removing content TikTok finds that promotes self-harm, suicide, or disordered
eating, TikTok provides access to the National Suicide Prevention Lifeline and Crisis Textline
from within the app, and we have created resources on how to share a difficult experience with
care on the TikTok platform, and information on supporting someone who is in distress.
TikTok's trust and safety and product teams partner to drive this work, which is informed by
academic literature and consultation with experts, such as the International Association for
Suicide Prevention and the Digital Wellness Lab at Boston Children's Hospital. TikTok will
continue these efforts as TikTok strives to recommend a diversity of content to enable an
enriching discovery experience.
6. Has TikTok conducted any internal research on the impact of TikTok on the mental
health of its users, especially teenagers? If so, please provide such research.
TikTok works with external experts on these matters and recently launched a researcher API in
the U.S. to allow better transparency into the content on TikTok, and look forward to learning
from the researchers benefitting from that tool found here:
https://developers.tiktok.com/products/research-api/.
TikTok also completed a major global research project and convened leading safety experts from
around the world to understand what more TikTok - and other platforms - can do to improve
safety based on adolescent development research and behavioral science. TikTok's goal was to
understand how teens think about online challenges and then to use evidence-based practices in
prevention science to deter teens from replicating potentially dangerous behaviors. The survey
can be found here https://newsroom.tiktok.com/en-us/helping-families-to-have-digital-safety-
conversations, and TikTok has made multiple changes to act on the conclusions of this study.
7. AB testing, where different cohorts of users are shown different content in experimental
cohorts, is used broadly by social media companies. Does TikTok use AB testing in
what content is promoted by its For You page algorithm?
Yes, TikTok uses A/B testing to help make recommendations to users.
8. Please list all AB testing experiments involving content related to self-harm, suicide, or
eating disorders, or body dysmorphia.
TikTok utilizes A/B testing in a variety of ways to help limit content related to self-harm,
suicide, eating disorders, or body dysmorphia on its platform. For example, TikTok uses A/B
testing to improve the accuracy of its content moderation models, which remove content that
violates TikTok’s Community Guidelines. TikTok also has introduced dispersion strategies to
help users avoid “filter bubbles” or content users may find negative. For example, TikTok has
implemented filter bubble dispersion strategies for extreme diet and fitness content and negative
affect filter bubble dispersion strategies for suicide and self-harm. TikTok uses A/B testing to
help inform, improve, and validate these strategies and techniques for dispersing videos.
9. What trust and safety protocols does TikTok have in place to prevent AB testing
leading to user harms?
TikTok maintains a set of Community Guidelines that include rules and standards for using
TikTok. The guidelines apply to everyone and everything on the TikTok platform, including
26
content that is presented to users during A/B testing. Although every video is subjected to
increasing levels of automated and manual review as it gains in popularity, there is the potential
that users may view videos that violate Community Guidelines. When a video is submitted, it
first passes through dozens of AI models to determine if it has any risk of involving sexual,
violence, or political content, if so, it will only be recommended after it passes manual review.
Even if the machine review found no risks, once the video reaches a certain amount of views,
meaning that it has a possibility of trending, it must then be manually reviewed. Additional
reviews are conducted against more rigorous rules, such as consideration of local culture and
norms, as videos reach larger and larger numbers of users.
10. Please list all cases all cases where algorithmic AB testing has resulted in harms to
TikTok’s users.
The safety of the TikTok community is of the utmost importance to TikTok and the Community
Guidelines include rules and standards for using TikTok. The guidelines apply to everyone and
everything on our platform, including content that is presented to users during AB testing.
11. TikTok has introduced an “under 13 experience” in the U.S. Please provide all external
reports, studies, opinions, and consultants you used in creating, approving, and/or
executing the “under 13 experience.”
To date, TikTok has not found any non-privileged documents that may be responsive to this
request.
12. Can the TikTok algorithm target specific individuals or groups of individuals? If so,
how does this targeting occur? Which employees control the targeting of these groups
and the messaging?
TikTok's advertising system, which leverages algorithms, allows advertisers to target specific
audiences (using its "custom audience" function) or target users based on certain criteria, for
example, their interests, approximate location, language, and device types. However, TikTok
does not allow advertisers to target any group of less than 1,000 people.
13. Please explain why TikTok has not introduced the “under 13 experience” in the rest of
the world.
a. Is TikTok planning to introduce the “under 13 experience” outside of the U.S.?
b. If yes, please identify where and when.
c. If no, please explain the divergence in policies and practices between the U.S. and
the rest of the world.
In the U.S., TikTok offers the “under 13 experience” to comply with legal requirements that are
specific to the U.S. In particular, under the Children's Online Privacy Protection Act (“COPPA”),
if an online service is child-directed (including if the service is directed to children, but does not
target children as its primary audience), it is not permitted to simply prohibit children under 13
from using the service. Instead, the service must be available to children under 13, but the
business must ensure that personal information is collected and processed in compliance with
COPPA. Because TikTok’s “under 13 experience” is the result of specific U.S. legal obligations,
TikTok does not have plans to introduce this experience in other jurisdictions.
27
14. The 2021 Citizen Lab report discussed in the hearing outlines multiple regional
versions of TikTok, which it dubbed “Trill,” “Musically,” and “Douyin.”
a. Please identify the distinct differences between these three regional versions of
TikTok, including but not limited to user experience, collection of information, and
treatment of data.
b. Please outline the reasons for having distinct regional products.
The only one of these apps currently available for download in the United States is TikTok.
15. Please identify any legal action that has been initiated against TikTok and any affiliated
company, including but not limited to ByteDance Ltd. and Musical.ly, in the US and the
rest of the world alleging violations of any laws relating to children’s welfare and the
processing of children’s data.
a. For each such action, please identify the status of the case, including forum, date of
action, your response, and current procedural status.
b. For each such action, please identify any changes you have made in your practices
and procedures with respect to children, age verification, and the treatment of their
data.
We do not comment on litigation.
16. TikTok is a rising e-commerce platform with major growth in recent years. What
protections do you have in place to prevent children from spending large amounts of
money on your platform?
a. What is the daily limit for e-commerce spending?
TikTok Shop content is automatically filtered out for accounts registered to users under 18.
17. Studies have shown that TikTok’s algorithm recommended self-harm and eating
disorder content within minutes of scrolling through the “For You” feed for adolescent
users. Specifically, suicidal content was recommended to users in under 3 minutes of
viewing the feed, and eating disorder hashtags had gained over 1.5 billion views. This is
in clear violation of the company’s community guidelines. Does TikTok have
operational control over its algorithm, or is it under the operational control of
ByteDance? How can the company use the algorithm to pare back on promotion of this
content, and what will TikTok commit to doing specifically in its algorithm to reduce
these harms for minors?
TikTok is determined to provide a safe space for self-expression and an enjoyable experience for
the TikTok community, including minors. TikTok removes content that violates TikTok's
Community Guidelines, and if content is found not to be appropriate for a broad audience,
TikTok removes it from TikTok's recommendations system. TikTok's safety team takes
additional precautions to review videos as they rise in popularity to reduce the likelihood of
content that may not be appropriate for a general audience entering TikTok's recommended
system. This includes filtering out content with complex or mature themes from teen accounts,
powered by TikTok's Content Levels system. Using this system, more than 65,000 videos about
cosmetic surgery were made ineligible from the viewing experience of teens in the first two
months this year.
28
TikTok is deeply committed to protecting the safety and well-being of minors on the platform.
We limit content that is not appropriate for minors from appearing in the For You Feed. For
example, content showing the use of tobacco products by adults or mentioning controlled
substances is not eligible for recommendation. Content created by accounts under age 16 is also
not eligible for recommendation or search results.
TikTok recognizes that too much of anything doesn't fit with the diverse discovery experience
TikTok aims to create. As TikTok continues to develop new strategies to interrupt repetitive
patterns, TikTok is looking at how its system can better vary the kinds of content that may be
recommended in a sequence. That's why TikTok is testing ways to avoid recommending a series
of similar or limited content that though not violative of TikTok's policies, could inadvertently
have a negative effect if that's the majority of what someone watches, such as content about
loneliness or weight loss. This work is being informed by ongoing conversations with experts
across medicine, clinical psychology, and AI ethics (such as the International Association for
Suicide Prevention and the Digital Wellness Lab at Boston Children's Hospital), members of
TikTok's Content Advisory Council, and the TikTok community.
TikTok's systems do this by looking for repetition among themes like sadness or extreme diets,
within a set of videos that are eligible for recommendation. If multiple videos with these themes
are identified, they will be substituted with videos about other topics to reduce the frequency of
these recommendations and create a more diverse discovery experience. This work is ongoing,
and over the last year alone, TikTok has implemented over 15 updates to improve these systems,
along with expanding to support more languages. TikTok's goal is for each person's For You
feed to feature a breadth of content, creators, and topics.
TikTok also continues to develop new tools to empower our viewers with ways to customize
their viewing experience. For example, people can automatically filter out videos with words or
hashtags they don't want to see in their For You or Following feeds, and say "not interested" to
skip future videos from a particular creator or that use a particular sound. Recently, TikTok
announced that TikTok is rolling out a way to refresh For You feed recommendations if they no
longer feel like they're for you. When enabled, this feature allows someone to view content on
their For You feed as if they just signed up for TikTok. TikTok's recommendation system will
then begin to surface more content based on new interactions.
18. What internal studies have been conducted regarding the TikTok algorithm and
addictive-like behaviors? Will the company commit to conducting internal algorithm
impact assessments and disclose the results to Congress?
TikTok appreciates the concerns that people have about the use of digital devices and apps, and
how as an industry, TikTok can support people to make informed choices when it comes to how
they spend their time online. TikTok starts from the point of view that one's digital experiences
should bring joy, connection, and enrichment.
To better understand how families grapple with the question of screen time, in partnership with
the online child safety experts at Internet Matters, TikTok has commissioned research with teens
and parents in the UK, Ireland, France, Germany and Italy for their views on screen time, how
they manage it currently, and what help they would like.
The insights from this global research underscore the importance of agency – when teens feel in
control of their online behaviors and habits, it plays a positive role in their well-being. To help
them do that, teens asked for more data about their usage and active alerts like pop-ups and
29
warning times. They also want flexible tools that can be adapted to different circumstances, for
example, to allow themselves more screen time during a rainy Saturday afternoon in the summer
than they might the night before an exam. Supporting the well-being of young people is an
industry-wide challenge, and TikTok hopes that others will also benefit from the publication of
these findings, which can be found on Internet Matter's website.
Following findings from this research, in June 2022 TikTok announced a series of globally
available practical tools to make it easier for the TikTok community to feel in control of their
TikTok experience. TikTok has introduced a tool to let people control how much time they spend
on TikTok in a single sitting by enabling regular screen time breaks. These prompts remind
people to take a break after a certain amount of uninterrupted screen time, which they can set as
they choose.
TikTok introduced a screen time dashboard to give the TikTok community data about how much
time they are spending on TikTok, with summaries of their daily time spent on the app, the
number of times they opened the app, and a breakdown of daytime and night-time usage. People
can also opt for weekly notifications to review their dashboard.
In March 2023, TikTok announced new measures to further support TikTok users, including a
daily screen time limit of 60 minutes switched on by default for everyone aged between 13 and
17, and expanding functionality to Family Pairing. This includes setting screen time limits by
days of the week (also available to everyone), and screen time dashboard to review how much
time teens spend in-app.
TikTok aims to build responsibly and equitably so the TikTok community can safely create,
share, and enjoy creative and entertaining content on the TikTok app. TikTok supports
independent research and regularly engages researchers, academics, and civil society on this
topic to help inform what TikTok is building. TikTok has also built a research API that provides
academic researchers access to public data on content and accounts on the TikTok platform.
TikTok will continue this commitment to publicly sharing research that is in public interest and
looks forward to collaborating with Congress on these important issues.
The Honorable Kelly Armstrong
Research conducted in 2021 suggest that 88 percent of TikTok users consider sound
essential to the TikTok experience. TikTok has entered into music licensing deals with
several record labels to mitigate copyright infringement on the platform. However, TikTok
recently experimented with restricting user access to certain musical recordings in
Australia. There are concerns that TikTok’s actions were in preparation to minimize
copyright holder royalties or limit available sound offerings to those generated by TikTok
algorithms.
1. Does TikTok plan to restrict user access to music for users in other country-based
markets, particularly the US?
TikTok's goal is to offer its users access to the largest and most diverse music catalogue possible,
giving them the opportunity to discover and engage with new music and artists from around the
world, which in turn drives value for the music industry.
TikTok takes its responsibility to offer the best possible service to its users very seriously.
However, like other user-facing platforms, TikTok may, occasionally, engage in small-scale,
30
short-term tests to better understand how its users and creators interact with certain features and
functionalities so that TikTok can continue to build the best possible products for its users and
artists.
2. Does TikTok have plans to offer users the ability to utilize sound recordings generated
by TikTok algorithms? If yes, does TikTok plan to remove users’ ability to utilize
copyrighted music on TikTok?
TikTok endeavors to offer its users the most relevant and comprehensive music library in the
world. TikTok remains fully committed to continuing to host licensed, copyrighted works on the
TikTok platform from a diverse range of artists, songwriters and rightsholders for the benefit of
both users and artists.
3. What other actions does TikTok plan to ensure that creators and copyright holders will
benefit from the use of their protected works on the platform?
TikTok uses comprehensive content identification systems including MediaMatch to identify
works used in TikTok videos on the platform. MediaMatch scans, matches and identifies the
copyrighted work to provide proper attribution and compensation to the relevant rightsholder(s).
It is worth noting that TikTok has licensing agreements in place with thousands of record labels
and music publishing rightsholders globally.
The Honorable Earl L. “Buddy” Carter
There is some speculation that TikTok uses pupil dilation as an input to determine what
content the algorithm pushes our children.
1. Can you say right now, with 100% certainty, that TikTok does not use the phone’s
camera to determine whether TikTok content that elicits a pupil dilation should be
amplified by the algorithm?
TikTok does not detect pupil dilation or use pupil dilation as an input into the recommendation
algorithm.
2. If Tik Tok is not using pupil dilation as an input to its algorithm, why are you not
willing to share the code with third-party auditors?
TikTok does not detect pupil dilation or use pupil dilation as an input to the recommendation
algorithm. Further detail on third-party auditors is provided in the response to your following
question.
3. Would you be willing to share TikTok’s code with third-party auditors?
Under Project Texas, Oracle is responsible for inspecting and validating the integrity of TikTok's
source code. Additionally, a third-party source code inspector will similarly inspect our source
code to ensure it does not contain backdoors or serious vulnerabilities, and auditing our
algorithms. This is highly unusual, and TikTok is confident that this solution is not only
industry-leading, but addresses the U.S. government's concerns in this regard.
31
Even before Project Texas, TikTok engaged third parties to review our source code and, for more
than two years, TikTok has offered a bug bounty program through Hacker One, where TikTok
awards external security researchers for responsibly identifying and disclosing vulnerabilities.
We are committed to protecting TikTok from unauthorized access, including by state actors. To
ensure that there is no backdoor access into TikTok's systems, every single line of source code
that goes into the secure environment will be monitored, reviewed, and validated by Oracle and a
third-party source code inspector to show that everything is performing as designed.
4. Are there any other biometric indicators besides pupil dilation which are used as inputs
to TikTok’s recommendation algorithm?
No.
5. Please list the specific feature inputs used in TikTok’s Prediction Model. This would
include things such as User-related info, video-related info, author-related info, and any
other experimental inputs based on the experiment group a user is in.
Recommendations are based on a number of factors, such as:
- User interactions such as the videos you like or share, accounts you follow, comments
you post, and content you create.
- Video information, which might include details like captions, sounds, and hashtags.
- Device and account settings like your language preference, country setting, and device
type.
These factors are included to make sure the system is optimized for performance, but they
receive lower weight in the recommendation system relative to other data points we measure
since users don't actively express these as preferences.
6. Please list the specific feature inputs used in TikTok’s Value Model. This would include
inputs such as user value, author value, platform value, indirect value, and any other
experimental inputs based on the experiment group a user is in.
Like, follow, share, repost, comment, head, staytime, click comment, cover, finish, dislike, shoot,
publish, search, download, skip, favorite, not like, report, dislike, like comment, reply comment,
profile staytime, click anchor, enter live.
7. Please provide any documents related to TikTok’s algorithm methodology and strategy.
This would include documents related to design strategy, design tests, and optimization
methods.
Our goal is to serve a range of relevant and entertaining content. TikTok's system recommends
content by ranking videos based on a combination of factors based on a user's activity on the
TikTok app, which includes adjusting for things a user indicates they are not interested in.
TikTok has been working to bring meaningful transparency to the people who use the TikTok
platform, including launching Transparency and Accountability Centers, publishing quarterly
Community Guidelines Enforcement Reports, and opening the Researcher API. TikTok's work
here is not done – in the coming months, TikTok will be announcing greater transparency
regarding its recommendation system and content moderation system.
32
The Honorable Michael C. Burgess
According to a July 2022 New York Times article, TikTok has quickly become a haven of
dangerous information on “herbal abortion” remedies following the Dobbs v Jackson
Supreme Court case. These videos promote the uses of herbs and chemicals that can lead to
many adverse side effects including death in some cases.
1. What actions some actions that TikTok is taking to address this harmful situation?
TikTok's policies do not prohibit the topic of abortion, and TikTok expects creators to adhere to
our Community Guidelines which apply equally to everyone and everything on TikTok.
TikTok's Community Guidelines prohibit content including medical misinformation, hate
speech, graphic content, and TikTok will remove any content TikTok identifies that violates
these policies. In the United States TikTok has an intervention designed to steer users to reliable
sources of information provided by MedlinePlus when they search for terms like "abortion."
2. What steps are being taken to prevent viewpoint discrimination in censorship,
especially on the topic of abortion?
TikTok considers harmful and misleading medical misinformation as a violation of its
Community Guidelines because it could cause immediate harm and because it undermines the
integrity of the medical and public health communities, which could dissuade people from
listening to empirically valid medical or public health advice. TikTok recognizes that medical,
scientific, public health and academic research institutions are fallible, that they can
communicate to the public poorly, that they can produce advice and guidance that is frustrating
and occasionally contradictory. Although TikTok errs on the side of trusting the consensus built
by these institutions, TikTok permits policy-based criticism of them.
The Honorable Larry Bucshon
1. Mr. Chew, the Chinese Communist Party has stolen billions of dollars of American
companies’ intellectual property. Even Tik Tok’s parent company ByteDance is
reported to have taken part in the practice. I am supportive of efforts to increase
algorithmic transparency on platforms. Do you have reason to believe that Tik Tok’s
algorithmic or other technologies utilize intellectual property that was stolen from
Americans?
TikTok's algorithms are developed in-house, and have filed for the relevant intellectual property
protections. We have no reason to believe that TikTok’s algorithmic or other technologies utilize
intellectual property that was stolen from Americans.
2. Mr. Chew, Tik Tok employees have said in leaked audio that the company built in
backdoors for ByteDance to access US user data. Given that ByteDance and Tik Tok
share a legal team and other staff, can we be sure that no similar backdoors will be
available going forward?
We are committed to protecting TikTok from unauthorized access, including by state actors. To
ensure that there is no backdoor access into our systems, every single line of source code that
33
goes into the secure environment will be monitored, reviewed, and validated by Oracle and a
third-party source code inspector to show that everything is performing as designed.
Under Project Texas, Oracle is responsible for inspecting and validating the integrity of TikTok's
source code. Additionally, a third-party source code inspector will similarly inspect our source
code to ensure it does not contain backdoors or serious vulnerabilities. This is highly unusual,
and we are confident that this solution is not only industry-leading, but addresses the U.S.
government's concerns in this regard.
Even before Project Texas, TikTok engaged third parties to review our source code and, for more
than two years, TikTok has offered a bug bounty program through Hacker One, where TikTok
awards external security researchers for responsibly identifying and disclosing vulnerabilities.
The Honorable Frank Pallone, Jr.
1. Your written testimony stated that “non-USDS employees may be granted access to
protected data, for example, for legal and compliance….” Would this include
compliance with a request for data under China’s national security law?
No, this does not include any requests related to China. TikTok has not been asked for U.S. user
data by the Chinese government or the CCP. TikTok has not provided such data to the Chinese
government or CCP, nor would TikTok honor such a request if one were ever made. TikTok
discloses on a regular basis in its Transparency Reports requests for user information that TikTok
receives from governments and law enforcement agencies.
2. Please describe all “legal and compliance” reasons USDS would share user data outside
the U.S.
Valid "legal and compliance" reasons include things like a global litigation case or lawsuit.
The Honorable Jan Schakowsky
1. In American-made music has been central to Tik-Tok’s ability to build its global user
base. However, there have been recent reports of Tik-Tok directing users away from
musical content or blocking music altogether in some areas. I am concerned this is
unfair to consumers who want to hear and share music and cuts artists out of the
platform their work helped to build. In 2021, Ole Olbermann, then-Global Head of
Music at Tik-Tok said “Music is at the heart of the Tik-Tok experience.” In 2021, your
company reported that 75% of its users engage with music content. Are these reports
true? If true, why doesn’t TikTok allow users to use certain music? How does TikTok’s
compensate musicians on your platform? How does the rate of compensation compare
to other online platforms like YouTube or Spotify?
TikTok's goal is to offer its users access to the largest and most diverse music catalogue possible,
giving them the opportunity to discover and engage with new music and artists from around the
world, which in turn drives value for the music industry.
TikTok takes its responsibility to offer the best possible service to its users very seriously.
However, like other user-facing platforms, TikTok may, occasionally, engage in small-scale,
34
short-term tests to better understand how its users and creators interact with certain features and
functionalities, so that TikTok can continue to build the best possible products for its users and
artists.
As a UGC (user-generated content) platform, TikTok offers creators the ability to incorporate
music into the videos they create. This music is then identified by comprehensive content
identification systems including MediaMatch, which identifies copyrighted works to provide
proper attribution and compensation to the relevant rightsholder(s). TikTok has licensing
agreements in place with thousands of record labels and music publishing rightsholders globally.
These agreements allow TikTok to pass on the revenues generated to the music rightsholders,
who in turn pay the artists and songwriters.
TikTok has some of the most engaged and passionate music fans on any platform, who use
TikTok to discover and engage with new music. As a result, TikTok has been responsible for
creating thousands of hits and artist success stories around the world. However, it is worth noting
the difference between TikTok, which is a short-form video platform where music may be
discovered but tracks cannot be listened to in full, and music streaming services, where music
fans go to consume full-length music tracks and albums.
2. In March 2022, a TikTok trend became popular where users photograph their eyes up
close, then use a high-resolution filter to show the details, patterns, and colors of their
irises. Biometric identifiers like iris patterns are unchangeable identifiers that offer a
surveillance capability. Has TikTok partnered with companies selling iris recognition
technology? Is TikTok collecting and retaining this sensitive data? Where is this
sensitive data being hosted today? What purposes is this sensitive data be used for?
What other biometric data does TikTok collect from American users?
TikTok has not partnered with companies selling iris recognition technology. The “Euphoria”
effect is a low-exposure photographic filter that can be used on any image, including but not
limited to close-up images of irises. TikTok does not extract information from these images, nor
does TikTok promote filters, effects, or trends that encourage users to capture closeup images of
their irises.
The term "biometric data" does not have a standard, universal definition, and relevant laws
across various jurisdictions define the term differently. TikTok does not collect any face or voice
information that would enable us to identify a unique individual.
3. TikTok paid $92 million in 2021 for violating Illinois’ biometric data laws by collecting
facial recognition data without user consent. Has TikTok changed its privacy policy and
practices to comply with Illinois law? If so, have those changes been made with respect
to all US consumers? Would you agree that government regulation is necessary to
compel social media platforms like TikTok to address the users’ privacy?
TikTok does not collect face or voice data that can be used to identify individuals. TikTok
periodically updates its Privacy Policy to, among other things, provide clarifications and address
evolving legal standards and interpretations. TikTok updated its U.S. Privacy Policy in June
2021 to, among other things, provide more information regarding processing of image and audio
information.
35
4. A former TikTok risk manager turned whistleblower has reported that the Project
Texas plan is deeply flawed. The former employee has shown the Washington Post a
piece of code that shows TikTok could connect with systems linked to Toutiao, a
Chinese news app owned by your parent company ByteDance. The whistleblower
claims this could allow for interference in the flow of data from US users. Can the
Toutiao app interfere with TikTok data flows once Project Texas is initiated? Is US
data sent to or stored in Toutiao? When Project Texas is implemented as planned and
Oracle staff review TikTok code, what is the process for remediating issues identified
by the review? How does this process differ if issues in TikTok’s code are identified by
Oracle staff, USDS staff, TikTok employees, or ByteDance employees? What personnel
will update and deploy code flagged with issues by Oracle? How will code fixes be
verified to resolve the identified issue and how will deployment of those fixes be
verified?
Many of the allegations in this article are unfounded. The platform and the algorithm supporting
U.S. users is contained in the Oracle environment and use of the term "Toutiao" does not in any
way indicate a correlation between, integration of, or network connectivity between Toutiao and
TikTok.
Toutiao is a news application that operates in China, and U.S. user data is not stored in the
Toutiao news application. U.S. user data is not stored in the Toutiao news application. All new
protected user data is stored in the TikTok U.S. platform operating in Oracle and USDS
controlled infrastructure. The Toutiao news application cannot interfere with TikTok data flows
once Project Texas is complete.
When Project Texas is implemented as planned, any issues will be handled through our
Vulnerability Management process with defined service level agreements based on criticality.
Fixes to server code will be deployed by USDS after going through software review. Fixes to the
mobile app will be compiled and deployed to the app stores by Oracle. As part of Project Texas,
all code and updates have to go through a software assurance process and be reviewed by both
Oracle and another third-party source code inspector.
5. In 2020, after TikTok had already been sanctioned by the FTC for violating COPPA, a
whistleblower shared documents with the New York Times that demonstrated that
TikTok has used machine learning to classify one third of its users as under the age of
14. The same report indicated that this age classification system was used to target
content more effectively, but not to identify users likely to be under 13 who had lied
about their age in order to gain access to TikTok. Why didn’t TikTok use this
information to investigate and close the accounts of users likely to be under 13? How
many children under the age of 13 does TikTok currently estimate have accounts on the
main TikTok platform? How many of those children have parental consent to use
TikTok?
TikTok maintains a neutral, industry-standard age gate. It does not default to age 13 or include
any information that could encourage people to enter inaccurate age information. If a user enters
a date of birth corresponding to an age below 13, they are placed in the under 13 experience,
where they can watch videos but cannot post, comment, follow, or take similar actions, and are
temporarily prevented from using the same device to enter a 13+ date of birth. Age gate is part of
TikTok's multifaceted strategy to prevent those who do not meet TikTok's minimum age
36
requirement from using TikTok. TikTok trains its moderation team to address accounts
suspected to belong to someone under the age of 13. TikTok also uses automated technology to
detect certain words in users’ profiles that may indicate they are underage. In addition, TikTok
provides reporting channels to report a user who they believe may be underage.
Globally, in 2022, TikTok removed 78,362,547 accounts TikTok suspected were underage. That
number is a testament to TikTok's commitment.
6. Does TikTok regularly perform or has TikTok ever performed audits of your
recommendation algorithms (before or during the implementation) to measure for
disparate impact or discrimination based on protected class characteristics–including
race, color, class, national origin, disability, gender, gender identity, sexual orientation,
and criminal record? Given the history of harms caused by algorithms at TikTok and
other social media companies, do you agree that algorithmic systems should be subject
to regular, open, independent audits?
TikTok's review demonstrates that recommendation models are not biased based on attributes,
such as age, gender, device type, or operating system. The algorithm also does not use or predict
user information, such as ethnicity, religion, or sexual orientation. Rather than recommending
content based on pre-judged interests derived from these attributes or information, it
recommends content based purely on the interests of each individual.
It is the core design principle of the recommendation system to allow the interests of users
determine which videos go viral. A user can explore a series of videos on a variety of topics after
joining the app. By clicking the like button, sharing the video, making comments, and watching
the entire video, they express their interest. Alternatively, they can skip the video or click the
dislike button if they are not interested. This feedback is fed into the algorithm which gradually
learns about users' interests to create personalized experiences in the For You feed to reflect
preferences unique to each user. Afterward, users are recommended videos based on their
interests. Videos that satisfy many users' preferences become viral.
7. Last fall, I wrote a letter with Chair Bilirakis about TikTok’s surveillance of its users.
Specifically, about reports that TikTok’s in-app browser surveils everything Americans
type into the app, like passwords and credit card details. Does TikTok track and collect
sensitive data that American users type into the app?
No. The reports you are referring to are inaccurate and misleading. When users used TikTok's in-
app browser to browse a third party website, TikTok used to track the fact that a key was pressed
(a “key event”). TikTok configured its code to ignore all values or content of a key event and not
track the strings of characters that are being typed. Starting in September 2022, for users using a
current version of the app, no key events have been logged except when the in-app browser is
used to view a TikTok-owned website.
37
The Honorable Yvette Clarke
1. What is the rate at which content on TikTok is taken down when it does not violate
community guidelines?
a. What subjects (hate speech, graphic content etc.) have the highest rate of
removing content when it does not violate community guidelines?
TikTok policy calls for removal of content only when the content violates Community
Guidelines, Terms of Service, or pursuant to lawful legal process. Should a user believe content
has been wrongfully removed, they are able to appeal the removal. All removals and appeals can
be found in reporting at tiktok.com/transparency.
2. How long, on average, does the appeals process take from when content has been
flagged or removed?
a. How long, on average, does the appeals process take when content has been
removed incorrectly/mistakenly?
b. How many employees are involved in each appeals process, how many
appeals per day are requested?
Not every appeal results in content being restored, but on average, TikTok's Trust & Safety team
replies to appeals for content removals in the U.S. in less than an hour.
TikTok receives more than 20,000 appeals per day in the U.S. and has more than 300 team
members who support those assessments.
3. I understand TikTok’s algorithm prioritizes content that is made locally (i.e. users in
the U.S. will see content made in the U.S. prioritized over content made elsewhere). To
identify where content is made, does TikTok collect precise geolocation of its users?
a. Have governments requested TikTok share precise geolocation of certain
users?
b. Has TikTok shared the precise geolocation of certain uses (like political
journalists, activists, members of civil society or the opposition party) with
the government that requested said data?
Current versions of the app do not collect precise or approximate GPS information from U.S.
users. If a user is still using an older version that allows for collection of precise or approximate
GPS information (last released in August 2020) and the user granted us permission to do so, we
may collect such information, but we do not retain the information.
The current versions of the TikTok app do not collect precise geolocation data in the US and we
also do not track the status of our users, including whether they may be political journalists,
members of civil society, members of opposition parties, etc.
Under TikTok's Law Enforcement Guidelines, TikTok would not disclose user data for the
following reasons, among others: (i) TikTok does not have the data the governmental entity is
requesting; (ii) the request is overly broad; (iii) the government is requesting data for which it
38
has not obtained proper authorization (e.g., a law enforcement agency issues a subpoena for user
data - such a direct message - that requires a warrant).
TikTok also publishes biannual Government Removal Request reports that disclose data about
the number of government requests that TikTok receives, including the percentage where TikTok
discloses some or all of the data requested by a governmental entity.
4. What steps has TikTok taken to mitigate against bias, especially against Black creators,
within its algorithms and prioritization of content?
TikTok strives to make its algorithm accountable, transparent, and auditable so that no single
person can modify the algorithm secretly. To hold the algorithm accountable, an engineer must
run through multiple rounds of reviews and auditing in public testing before launching an
algorithm change. The change must be well-tested to demonstrate that it benefits users and
creators, and satisfies integrity and compliance requirements.
This has been confirmed by TikTok's review which demonstrates that its recommendation
models are not biased based on attributes, such as age, gender, race, or ethnicity. The algorithm
also does not use or predict user information, such as ethnicity, religion, or sexual orientation.
Rather than recommending content based on pre-judged interests derived from these attributes or
information, it recommends content based purely on the interests of each individual.
The Honorable Debbie Dingell
Mr. Chew, according to TikTok’s privacy policy dated January 1, 2023, TikTok as late as
this year was able to collect precise location data. Your policy at this time stated:
“Location Data. We collect information about your approximate location, including
location information based on your SIM card and/or IP address. In addition, we
collect location information (such as tourist attractions, shops, or other points of
interest) if you choose to add the location information to your User Content. With
your permission, we may also collect precise location data (such as GPS).”
In contrast, your current privacy policy, dated March 21, 2023, contradicts this timeline by
outlining that the collection of this location data was last released in August 2020, stating:
“Location Data. We collect information about your approximate location, including
location information based on your SIM card and/or IP address. In addition, we
collect location information (such as tourist attractions, shops, or other points of
interest) if you choose to add the location information to your User Content.
Current versions of the app do not collect precise or approximate GPS information
from U.S. users. If you are still using an older version that allowed for collection of
precise or approximate GPS information (last release in August 2020) and you
granted us permission to do so, we may collect such information.”
Given this information, I would like clarification over whether TikTok continued to collect
precise geolocation data after August 2020, as your January 1, 2023 privacy policy seems to
indicate.
39
1. Does the current version of TikTok collect information about the “precise location” of
U.S. users?
TikTok recently updated its privacy policy to clarify that current versions of the app do not
collect precise or approximate GPS information from U.S. users. If a person is using an older
version of the app that allowed for the collection of precise or approximate GPS information and
granted us permission to do so, we may collect such information, but we do not retain such
information. Users who granted this permission in previous versions of the app can withdraw
their permission at any time. The most recent version of the app that provided U.S. users the
option of allowing TikTok to collect their precise location information was last released in
August 2020.
2. Does the current version of TikTok collect information about the “approximate
location” of U.S. users?
Yes. As stated in TikTok's privacy policy, TikTok collects approximate location information,
including location information based on SIM card information, IP address, and device system
settings.
3. What does TikTok mean when it uses the term “precise location” in its privacy policy?
If the location information is an area smaller than 3 square kilometers (1.16 square miles) from a
user's actual location, it is considered a "precise location." Current versions of the app do not
collect precise GPS location information from U.S. users.
4. What does TikTok mean when it uses the term “approximate location” in its privacy
policy? Is it a users’ state, city, postal zip code, their street, their neighborhood? Please
be specific in explaining how TikTok defines this term.
Approximate location information refers to the country, region, city, or zipcode in which a U.S.
user may be located.
5. Has TikTok’s definition of either of those terms changed since 2020, and if so, how has
it changed?
No.
6. If the current version of TikTok collection the “precise location” of U.S. users, what
technology or technologies does it use to do so?
The current versions of the app do not collect precise GPS location information from U.S. users.
7. If the current version of TikTok collects the “approximate location” of U.S. users, what
technology or technologies does it use to do so?
TikTok collects approximate location information based on users' device or network information,
such as SIM card information, IP address, and device system settings.
40
8. What data has TikTok collected regarding a user’s “approximate location” or to
determine a user’s approximate location? Does the current version of TikTok collect
this data to determine U.S. users’ approximate location?
The current version of the app collects information about U.S. users' approximate location based
on information such as SIM card information, IP address, and device system settings.
9. What is the most recent version of TikTok released that was capable of collecting
precise location information of U.S. users?
The most recent version of the app that provided U.S. users the option of allowing TikTok to
collect their precise location information was last released in August 2020.
10. What is the most recent version of TikTok released that was capable of collecting
approximate location information of U.S. users?
The current version of the TikTok app is capable of collecting approximate location information
of U.S. users.
11. Did any version of TikTok released after 2020 collect the precise geolocation data of
U.S. users?
The most recent version of the app that provided U.S. users the option of allowing TikTok to
collect their precise location information was last released in August 2020. All subsequently
released versions do not collect precise geolocation data from U.S. users.
12. Was your privacy policy, dated January 1, 2023, particular to the most recent version
of the TikTok app available at that time, and its ability to collect precise location data?
The Privacy Policy dated January 1, 2023 was not limited to the most recent version of the
TikTok app available at that time. In March 2023, we updated our privacy policy to clarify that
current versions of the app do not collect precise or approximate GPS information from U.S.
users, but if a person is using an older version of the app that allowed for the collection of precise
or approximate GPS information and granted us permission to do so, we may collect such
information, but we do not retain such information.
13. Has TikTok always required affirmative, express consent from the user for the app to
collect precise geolocation data?
Current versions of the app do not collect precise or approximate GPS information from U.S.
users, but if a person is or was using an older version of the app that allowed for the collection of
precise GPS locations, we would only collect precise geolocation data if users had granted
affirmative consent.
14. Has any previous version of TikTok collected precise geolocation data without
affirmative, express consent from the user?
No.
41
15. Were U.S. users who declined to share precise location data with TikTok limited in
their use of any TikTok tools, functions, or services in any current or previous versions
of the application?
No, and we do not collect precise geolocation data from U.S. users of current versions of the
application.
16. How many TikTok users were continuing to use previous versions of TikTok that
collect precise geolocation data on March 23, 2023? Is this still ongoing?
On March 23, 2023, the daily active users using the previous versions of TikTok that collected
precise geolocation data was 0.
17. Does TikTok use approximate location data to serve users targeted ads?
Yes.
The Honorable Kim Schrier
Thank you for appearing before our committee on March 23. In your testimony and in
your remarks, you discussed TikTok’s feature to limit the amount of time teens spend on
the app. This feature, to my understanding, is a notification that pops up, and then can be
ignored. Can you please:
1. Provide clarification on how the time - limiting or time - reminding features work, and
what the user experience is?
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question.
2. Provide numbers on how many times per day, on average, teens and children under 18
see this notification?
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question.
3. Provide numbers on the percentage of time teens heed versus ignore the notifications,
and how long after the first notification they generally take a break from the platform?
Alternatively, how many notifications do they receive before taking a break, and how
frequently do those reminder notifications pop up after one is ignored?
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question. Accounts registered to users under the age of 18
will receive a reminder that they have hit the 60 minutes limit, and every time they re-open the
app again that day. They will also receive in-app videos reminding them to take a break.
42
4. Provide data on hours per day use before the reminders were implemented, as
compared with now?
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question.
5. Provide numbers of how many teens and children under 18 are able to bypass this
feature, if applicable.
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question.
6. Provide data about the average number of hours per day teens and children spend on
TikTok? I do realize that TikTok is not the only social media platform out there, so if
you have data about overall social media use, that would also be helpful.
Time spent by teens on TikTok varies depending on a variety of factors, including days of the
week and times of the year. Studies suggest that online activity has gone up during the Covid-19
pandemic, with teens spending more time on social media, playing video games, and engaging
online.
7. Provide information about the time of day or night when teens are on the platform?
For example, how many hours before 10 pm, and how many after 10 pm?
TikTok recognizes the importance of healthy sleep habits for teenagers and does not send push
alerts to teens ages 13-15 after 9 PM, or to teens ages 16-17 after 10 PM. Parents can also use
TikTok's family pairing to set a schedule to mute additional notifications for teens. In addition,
TikTok has recently rolled out a sleep reminder to help people more easily plan when they want
to be offline at night. People can set a time, and when it's reached, a pop-up will remind them it's
time to log off. TikTok will continue to invest in improving its current features as well as
introducing new tools to help people stay in control as they express their creativity, make
meaningful connections, and enjoy culture-defining entertainment.
8. How many clinical professionals that specialize in psychology, psychiatry, or other
related fields do you have on staff?
This information is not a demographic tracked in our human resources system so we are unable
to provide exact numbers of staff with these backgrounds. However, TikTok does have mental
health and adolescent development professionals on staff. For example, TikTok's Head of family
safety & developmental health and Head of mental health policy both hold PhD's in relevant
areas. Members of the product policy team focused on behavioral health and regulated content
hold PhDs in developmental psychology, and their work is informed by deep subject matter
expertise. Combined, throughout their careers, they have published more than 120 peer-reviewed
publications on topics such as social media, suicidal behaviors, and body image. Members of the
Youth Safety Team hold advanced degrees in related fields including psychology and education.
43
9. To what extent have these professionals consulted on the development of this feature to
limit teen time on the app?
In deciding to implement a 60 minute screen time limit for teens, TikTok's trust and safety team
consulted current academic research and with experts from the Digital Wellness Lab at Boston
Children's Hospital in choosing this limit.
10. Can you expand on the role of these professionals in your company?
These teams help drive policies and products for TikTok.
44
Responses to Member Requests for the Record
During the hearing, Members asked you to provide additional information for the record, and
you indicated that you would provide that information. For your convenience, descriptions of
the requested information are provided below.
The Honorable Michael C. Burgess
1. A few weeks ago, this Committee had a field hearing down in McAllen, Texas, and it
was on the issue of fentanyl and illegal immigration. One of our witnesses, Brandon
Judd, a 25-year veteran Border Patrol agent, said that all social media platforms play a
role in illegal immigration. That is one of the ways cartels advertise their services
throughout the world and convince people to put themselves in their hands and come to
the United States. The cartels all use social media platforms.
o It would be very helpful if you would share with the Committee examples of how
you have removed people, because what we heard at the hearing was that
TikTok was one of the platforms that recruits adolescents in the United States to
help with transporting people who have been trafficked into the country, as well
as contraband substances. Would you help us with that, understanding who you
have removed from your platform?
TikTok works diligently to ensure that its app is not being used to depict or enable certain forms
of criminal activity. For example, TikTok removes content that has been identified as involving
human exploitation or smuggling and selling or advertising illegal drugs and bans the user who
posted the content from the platform. TikTok also reports that content and associated users to its
Emergency Response Team (ERT), which will report the content and user to law enforcement if
it involves a credible, specific, and imminent threat of harm to human life and the ERT agent
believes that disclosure of user data would be a good faith effort aimed to prevent real world
harm. In these situations, TikTok may preserve certain information related to a user account
and/or voluntarily provide certain information to law enforcement to enable law enforcement to
initiate an investigation, consistent with applicable law. In addition, TikTok removes content that
it discovers promotes illegal conduct, including gang, cartel, or other organized criminal activity,
use of illicit drugs and other controlled substances, and adult prostitution. TikTok has blocked
the accounts of people TikTok believes are involved in drug cartels.
Content removal does not always result in an automatic ban of the user who posted the content.
Depending on the circumstances and TikTok's level of confidence that the content meets certain
criteria, TikTok may take progressive action based on the number, severity, and frequency of a
user’s violations. In some cases, for the first violation, TikTok sends the user a warning. For
subsequent violations, TikTok may temporarily suspend a user. And if the behavior persists,
TikTok bans the account.
2. What percentage of TikTok revenue does ByteDance retain? Please provide a ballpark
estimate, if necessary.
As privately held companies, we are unable to provide this information.
45
3. Who helped prepare you for the hearing with the Committee?
Mr. Chew worked with the TikTok U.S. team to prepare for the hearing, including with
representatives from government relations, public relations, legal, trust and safety and product
teams. Mr. Chew also worked with U.S.-based media consultants and law firms.
The Honorable Brett Guthrie
1. How many posts and accounts have been identified and removed from TikTok due to
illicit drugs or other controlled substances content?
TikTok's Community Guidelines state that "We do not allow showing or promoting recreational
drug use, or the trade of alcohol, tobacco products, and drugs. We also recognize that using these
substances can put young people at a heightened risk of harm. We do not allow showing or
promoting young people possessing or consuming alcohol, tobacco products, and drugs. Content
is age-restricted and ineligible for the FYF if it shows adults consuming excessive amounts of
alcohol or tobacco products." https://www.tiktok.com/community-guidelines/en/regulated-
commercial-activities/?cgversion=2023#2. Information about TikTok's advertising policies
prohibiting ads related to illegal drug content can be found here:
https://ads.tiktok.com/help/article/tiktok-advertising-policies-industry-entry?redirected=2
TikTok discloses accounts and videos removed as a result of illegal activities and regulated
goods, which include illicit drugs and controlled substances, in TikTok's quarterly Community
Guidelines Enforcement reports at https://tiktok.com/transparency. While TikTok reports content
removed for promoting drugs, controlled substances, alcohol, and tobacco, TikTok does not
specifically track content removed for illicit drugs or controlled substances.
2. It is understood that platforms like yours try to ensure that flagged user content is not
permitted to jump to other platforms. Still, I have heard of instances where a user sees
a drug advertisement and is then given a code to go to another site. Do you work with
other platforms to ensure flagged user content isn't permitted to jump from one
platform to others?
We work to proactively remove content that may be advertising or offering drugs for sale, ideally
before it is viewed by users. TikTok is currently working with other companies, including Meta
and Snap, to find ways to share signals with one another on potential illegal drug activity.
The Honorable Jay Obernolte
1. Do you use machine learning to influence the algorithms at TikTok?
Yes. TikTok uses machine learning to create personalized experiences in the For You feed to
reflect preferences unique to each user. Machine Learning is the subfield of computer science
that enables computers to learn without being explicitly programmed. Machine Learning
algorithms fall into two types: supervised learning and unsupervised learning. The algorithm
learns from labeled datasets, in a controlled environment, to classify data based on pre-labeled
datasets (classification) or predict trends based upon previously labeled data (regression).
Unsupervised learning finds patterns and groupings from labeled data (clustering). TikTok uses
its algorithms to quickly and efficiently find the most relevant recommendations based on a
46
number of factors, including: user interactions, video information, and device and account
settings.
2. Regarding Project Texas, will the engineers at Oracle be going through the code for just
the app, or the app and the server code?
All code, including both mobile app and server code.
3. Can you provide a timeline for how long the Project Texas review will take?
The Project Texas review of source code is ongoing and will review every update for the mobile
app and server code in on an ongoing basis. The review will not be a one time snap shot but a
continuous effort to ensure the software remains free from vulnerabilities on an ongoing basis.
4. Regarding the software configuration management system, how do you manage the
integration of that code change into the rest of the TikTok code base? There is a
software solution for integrating those code changes into the code base. What solution is
that? Is it commercial?
TikTok uses Git, an open-source version management system, to manage code changes. All
source code production is managed by Git and classified to appropriate security levels based on
the sensitivity and business impact of the particular code. Approval flows are established based
on security levels for source code access. Security reviews are a mandatory step during any
technical design process and privacy reviews are mandatory during the design of new features
that change the collection or processing of personal data. After development, any code changes
need to be reviewed by qualified engineers before being submitted to the TikTok code base.
TikTok's continuous integration and continuous delivery (CICD) pipeline automates its software
delivery process. The pipeline performs security scanning and runs automated tests when
compiling the app from the source code.
In most code repos, directly submitting to the main branch is forbidden by access controls. The
developers have to work on a feature branch and then submit a merge request to the main branch.
Once the merge request is submitted, it must go through functional and security tests, code
review and cross-functional sign-offs. And the merge request will not be approved unless it
passes all of those checks.
5. TikTok will be migrating all storage of U.S. user data to the Oracle Cloud
infrastructure. When will this process be complete?
All U.S. user data is in Oracle Cloud Infrastructure or USDS controlled infrastructure today. For
legacy data on Virginia and Singapore servers, TikTok has begun the deletion process and
anticipates completion this year.
The Honorable Randy K. Weber, Sr.
1. Do you think that censoring history, historical facts, and current events should be
protected by Section 230's good faith requirement?
TikTok defers to the courts on the interpretation of Section 230.
47
The Honorable Richard Hudson
1. Why does TikTok ask users to grant them access to local network devices?
TikTok follows industry norms, and like other apps, may ask permission to discover and connect
to devices on the networks people use. In iOS 14 or later and iPadOS 14 or later, any app that
wants to interact with devices on a user's network must ask for permission to do so. Users can
choose to allow or revoke this permission at any time.
2. What information does TikTok collect when a user grants them access to the local
network devices?
Currently no information is collected. Beginning with iOS 14 and iPadOS 14, a device pop up
appears to ask users to grant permission for any app that wants to interact with devices on the
local network.
3. Is it possible that TikTok could access other devices on a home WiFi network?
TikTok does not directly access other devices on local networks. TikTok only uses standard
protocols to communicate with devices based on user actions, which may include playing audio
with Bluetooth or casting content on a television screen (on Android).
4. Does TikTok share technological resources with Douyin? Are the two technology
systems or IT systems interconnected in any way?
Although there is shared infrastructure code between TikTok and Douyin, the services running
the shared code are deployed in separate data centers for TikTok and Douyin. Therefore, they
don't share any user data or product data. The physical and logical security controls of the
services are also separate. Furthermore, TikTok has its own SDLC (software development life
cycle) to ensure the integrity and security for any code deployed in the TikTok data centers (see
above for more detail). For example, all code deployed in TikTok data centers is reviewed by
TikTok engineers, including shared code. And only TikTok engineers can deploy a code change
to TikTok services running in the data centers.
The Honorable Bill Johnson
1. What percentage of TikTok source code is the same as Douyin?
No business logic code is shared between the TikTok and Douyin apps. Low-level infrastructure
code may be shared. For example, code to optimize network performance, or code to
encode/decode videos. This code undergoes the same mandatory security and privacy reviews.
The Honorable John R. Curtis
1. As an algorithm example, I like to go on Pinterest. My wife and I are building a home.
If you went on my Pinterest page, you would see swing sets, and things made for my
grandkids. Suppose there is some devious intent inside Pinterest, and they decide they
want to influence John Curtis with these algorithms, and they want me to believe it is
48
the end of the world. Suddenly, I am buying bomb shelters instead of swing sets for my
kids.
a. Has Pinterest become a publisher? If so, should that be protected from Section 230?
b. In your mind, has TikTok ever stepped across the line from a distributor to a
publisher?
TikTok is aware of the fundamental role that Section 230 has played in the growth of the internet
and that the courts are exploring how it applies to emerging technologies. TikTok defers to the
courts on the interpretation of Section 230, including the definition of a publisher.
The Honorable Debbie Lesko
1. During the hearing, Chair Rodgers asked you, "Have any moderation tools been used
to remove content associated with the Uyghur genocide, yes or no?” Your answer was,
"We do not remove that kind of content.” Yet, in 2019, TikTok suspended the account
of Feroza Aziz, an American 17-year-old, after she put out a video about the Uyghur
genocide. So your answer does not align with history. Can you explain this discrepancy?
TikTok does not moderate content due to political sensitivities. We were transparent with our
community about this incident. More information can be found here:
https://newsroom.tiktok.com/en-us/an-update-on-recent-content-and-account-questions
The Honorable Kelly Armstrong
1. You have stated that TikTok has invested $1.5 billion in Project Texas. Are you aware
of any discussions or proposals that entail TikTok funding or offsetting the costs of
CFIUS's role?
The Department of the Treasury established a fee for parties filing a formal written notice of a
transaction for review by CFIUS. FIRRMA authorized CFIUS to collect filing fees for
transactions, in part to offset the need for additional resources to implement FIRRMA. Filing
fees can be found under 31 CFR § 800 and 31 CFR § 802.
CFIUS requires multiple third parties, approved by CFIUS, with fiduciary responsibility and
reporting requirement to CFIUS to ensure ongoing compliance including a third party monitor,
Trusted Technology Provider (Oracle), third-party source code inspector, cyber security auditor,
data deletion auditor, etc. All of these third parties will be paid for by TikTok to act as liaison for
CFIUS.
2. What publicly available data is TikTok collecting and adding to the profiles of its
users?
We do not collect publicly available information in order to add it to user profiles.
3. What is the purpose of obtaining even more data on your users beyond the data already
collected from the platform? How does the non-TikTok-related data service relate to
the service TikTok is providing?
TikTok receives off-platform data from advertisers and their partners if advertisers elect to allow
TikTok to collect such data. It is standard practice in the digital advertising industry for
49
advertisers to share information about actions taken on their websites with the digital media
platforms that display their ads. This data enables the ad platforms to measure and report on the
effectiveness of the advertisers’ ad campaigns and improve their ad delivery. Companies that
collect off-platform data for advertising purposes include Meta, Google, Twitter, Snapchat,
Pinterest, Reddit, LinkedIn, and TikTok.
TikTok also receives information from third parties if users choose to sign up or log in to TikTok
using a third-party service such as Facebook, Twitter, Instagram, or Google, or link their TikTok
account to a third-party service. It is necessary to obtain some data from these third-party service
providers to enable such functions.
The Honorable Mariannette Miller-Meeks
1. Does TikTok track users' individual keystrokes?
TikTok collects certain keystrokes or rhythms for security and performance related purposes,
such as to verify the authenticity of an account, for risk control, debugging, troubleshooting, and
monitoring for proper performance.
When users are using TikTok's in-app browser to browse a third party website, TikTok tracks the
fact that a key was pressed (a “key event”). TikTok does not track which buttons are clicked on a
website, but rather only the fact that a click has occurred (a “click event”). Beginning in
September 2022, when users utilize a current version of the app, no key events or click events
are logged when the in-app browser is used to view a third party website.
2. Is the only purpose that you would monitor keystrokes is for security purposes?
Please see answer to question 2.
3. Does TikTok keep records of users' credit cards and passwords?
To the extent users provide credit cards for purchasing goods and services on the platform, their
credit card information may be stored at their election to make it easier to make future purchases.
TikTok keeps records of users' passwords as part of their user profile to enable them to log into
the platform.
The Honorable H. Morgan Griffith
1. Did your legal team tell you to favorably cite the Citizens Lab in your written testimony
today?
Without commenting on communications with counsel, TikTok stands behind the accuracy of its
testimonial references to the Citizen’s Lab report.
50
The Honorable Frank Pallone, Jr
1. Would TikTok commit to not selling its data to anyone, and just using it for its own
purposes internally?
As stated in our Privacy Policy, "TikTok does not sell your personal information or share your
personal information with third parties for purposes of cross-context behavioral advertising
where restricted by applicable law".
The Honorable Kathy Castor
1. How much money does TikTok make off selling ads targeted to minors from ages 13 to
17?
As a privately held company, we don't disclose data about our revenue.
The Honorable Paul Tonko
1. What percentage of content that a user sees is considered potentially harmful?
TikTok strives to remove harmful content from the platform proactively and before it is viewed
by users. In Q4 of 2022, TikTok removed 91.2% of known violative content within 24 hours of it
being uploaded to the platform, and 84.7% before it received any views. TikTok also works to
empower its users with a range of controls to allow them to control their experience on TikTok.
The Honorable Yvette D. Clarke
1. Do you agree that platforms like TikTok should be subject to regular audits or
transparency requirements to identify whether policies have a disparate impact on
communities that are protected classes like race, religion, national origin, or gender?
We are supportive of legislation that would increase transparency in the technology community
and look forward to working with Congress on these important issues.
The Honorable Tony Cárdenas
1. How much you are investing with the number of bodies, the number of people, and the
number of resources in making sure that you are investing more in pulling down
content that is either deadly or dangerous on your platform?
In 2021, TikTok spent approximately $1 billion on trust and safety, and has about 40,000 people
working on trust and safety for the platform.
The Honorable Debbie Dingell
1. Does TikTok still use inferences that you have gained that were made using, in part or
whole, precise GPS information collected from U.S. users in your algorithms?
No.
51
The Honorable Marc A. Veasey
1. The non-profit, Global Witness, and the Cybersecurity for Democracy Team at NYU
published a report entitled, "TikTok and Facebook Failed to Detect Election
Disinformation in the U.S., While YouTube Succeeds.” The purpose of the study was to
test platforms like TikTok and whether or not they can detect and take down false
political ads targeted at U.S. voters, young voters, ahead of last year's midterm
elections. According to this report, 90 percent of election disinformation ads tested were
approved by your platform.
a. Can you detail how you responded to that report? Did you respond to that
report?
TikTok is always working to build a safe community where people feel comfortable expressing
themselves, and this includes enforcing a zero tolerance policy of harassment or threats of
violence. TikTok reviews all ad content to ensure it complies with our Community Guidelines,
Advertising Policies, and Terms of Service, and any content that violates these terms is not
allowed on the TikTok platform.
The Honorable Nanette Diaz Barragán
1. Do you know if TikTok has a specific strategy for tackling Spanish language content
that violates its trust and safety guidelines?
Yes, TikTok has Spanish-speaking content moderators, policy experts, and operations specialists
to support TikTok's Spanish-speaking community. In addition, TikTok partners with fact
checkers who help assess Spanish language content for misleading information and TikTok's
user reporting tools are available in a variety of languages, including Spanish. As a practical
example, TikTok's in-app election centers are available in dozens of languages, including
Spanish, and provide access to authoritative information about elections and voting.
2. When offensive English language search terms or hashtags are blocked for violating
community guidelines in English, is the Spanish translation of the term or the hashtag
automatically blocked, as well?
TikTok maintains blocklists in 52 languages that are managed by regional policy staff
specializing in each market and fluent in the local language. This includes Spanish language
across the many different countries where it is spoken.
3. Do you have any idea how many people that you might have working at TikTok that
addresses Spanish misinformation?
As of February 2023, TikTok has more than 1,700 Spanish-speaking moderators.
52
The Honorable Lisa Blunt Rochester
1. In an August 2022 response to a letter I wrote to your company on abortion
misinformation, TikTok asserted several actions to address abortion misinformation.
How many posts did you take down that contained abortion misinformation?
TikTok does not track misinformation by subcategory and does not have a definitive answer to
this question. TikTok's policies do not prohibit the topic of abortion, and TikTok expects creators
to adhere to TikTok's Community Guidelines which apply equally to everyone and everything on
TikTok. TikTok's Community Guidelines prohibit content including medical misinformation,
hate speech, graphic content, and TikTok will remove any content we identify that violates these
policies. In the United States TikTok has an intervention designed to steer users to reliable
sources of information provided by MedlinePlus when they search for terms like "abortion."
The Honorable Kim Schrier
1. What is the percentage of teens who adhere to the 60-minute limit?
This feature was only launched in Q1 of 2023, and TikTok does not yet have representative data
sufficient to accurately answer this question.
The Honorable Lori Trahan
1. Will you commit to expanding your API to include data that would let researchers
investigate how your algorithm is pushing content to users, whether it is showing up on
your For You page, the hashtag page, or somewhere else, as well as the algorithm,
including data on what types of users were targeted by the algorithm so that
researchers can fully understand what content is being prioritized and who it is being
pushed to?
TikTok is proud to have recently launched a research API in the US. As the API evolves, TikTok
will continue to solicit feedback from external stakeholders and explore ways to expand its
features and usefulness.
2. Under TikTok’s proposal, you require that researchers give TikTok "worldwide, free,
non-exclusive, and perpetual” rights to their papers. This threatens to clash directly
with well-established practices of exclusive publication rights in research journals. Why
does TikTok need those rights?
The Terms of Service provide: "You agree TikTok and its affiliates will have a worldwide, free,
non-exclusive, perpetual or for the maximum term allowed by local law, license to use,
reproduce, distribute, transmit, and display, your Research in whole or in part for any internal
business purpose. Upon publication, the license will additionally allow reasonable excerpts to
be used externally. TikTok shall not monetize access to such external uses." (Emphasis added).
TikTok respects Copyright law. This non-exclusive license allows TikTok to share the papers
internally with staff for discussion and to externally quote the research derived from TikTok data
externally as needed. The Terms of Service are accessible at
https://www.tiktok.com/legal/page/global/terms-of-service-research-api/en.
53
The Honorable Lizzie Fletcher
1. As the Lark videoconferencing system has a translation feature in which Chinese is
translated to English text and vice versa, are those translated conversations somehow
saved into the Lark system?
Any text translation from recorded video conferences are stored pursuant to the Company’s
document retention practices. If the video conference is not recorded, no transcript is generated.
The Honorable Raul Ruiz
1. How many Spanish-speaking staff versus English-speaking staff for misinformation do
you have?
Roughly 5% of staff cover Spanish language content.
The Honorable Scott H. Peters
1. I understand that, under Project Texas, business data and public data will be permitted
to regularly leave the United States. Is that correct? Can you tell us what data, where
the data goes, and how it is used by the company? We would want to have some
understanding of how we would distinguish that by definition, and then also how it
would be enforced.
Consistent with the operation of a global platform, certain TikTok U.S. user data, such as the
public videos and comments available to anyone, is permitted to leave the Oracle Cloud
Infrastructure and USDS controlled infrastructure to ensure global interoperability so TikTok's
U.S. users, creators, brands, and merchants are afforded the same rich and safe TikTok
experience as global users.
2. How would TikTok distinguish between the data for interoperability that you suggest
needs to be shared and what data would not be shared? I think we would also want to
know how it is anonymized and what oversight and enforcement we can count on.
Under the proposed plan, all interoperability data fields need to be approved by CFIUS. These
are only data fields required for U.S. users to have a safe and global experience. For example, if
a U.S. user wants to send a message to a their friend in Germany, the cross-boarder direct
message would need to be permitted to leave. Another example would be if a U.S. user decides
they no longer want their public content to be public and they change their settings to "private".
In that case, a message needs to go out that the account is now private, so all of the public
content can be taken down globally, not just in the U.S., so that the user's privacy decisions are
respected.
