Despite what its privacy policy says, TikTok insists it is not collecting biometric data from users in the United States.
TikTok surreptitiously modified its privacy policy last year to enable the app to gather biometric data on U.S. users, including “faceprints and voiceprints,” a move the firm neglected to reveal at the time or during a later Senate hearing conducted in October of last year. In a Senate hearing today on the influence of social media on national security, the tech giant was questioned once again about its plans in reference to this data harvesting method.
A new subheading titled “Image and Audio Information” was added to the “Information we gather automatically” portion of the TikTok privacy policy in an earlier revision. In this section, it specified the acceptable visual and auditory data to gather, such as “biometric IDs and biometric information as defined under U.S. regulations, such as faceprints and voiceprints.”
The wording of the policy was unclear since it did not specify if it was referring to federal law, state law, or both. It also did not specify the reasons for collecting this information or how it may be shared.
Today, Senator Kyrsten Sinema (D-AZ) questioned TikTok’s Chief Operating Officer Vanessa Pappas, who was present at the hearing to determine whether the biometric data of Americans had been accessed by or supplied to any individual stationed in China.
Her second question was whether or not anybody in China might have access to her biometric information.
Rather of responding with a yes or no, Pappas elaborated on how TikTok classifies biometric data.
Pappas argued that TikTok does not use “any form of face, voice or audio, or body recognition that would identify a person,” while he admitted that the term “biometrics” has several meanings and that people may interpret the company’s claims differently.
She went on to say that the collected information was only utilized for video effects and that it was kept locally on users’ devices before being erased.
If you were uploading a video and wanted to add sunglasses or dog ears, for instance, we’d utilize facial recognition to determine which of your facial features to use to create the effect. Your smartphone is the sole place where such information is kept. And the moment it’s applied, like when the filter is applied and published, the data is wiped clean,” Pappas said. Therefore, “that information is not available to us.”
In other words, the TikTok executive said that the technological nature of the process precludes ByteDance personnel in China from gathering this data from TikTok’s U.S. users. (TikTok obviously has hundreds of filters and effects in its app, so researching how each one works separately would require technical skill and effort.)
This is the first time the firm has directly addressed questions raised by senators concerning the app’s usage of biometrics, which were first raised during a hearing in October 2021 but mostly ignored at the time. After the hearing, Senator Marsha Blackburn (R-TN) contacted TikTok for further information, but the issue concerning face recognition and voiceprints wasn’t on the list of questions TikTok responded to her office with in December.
After BuzzFeed News’ devastating report on the problem, TikTok sent a letter in June 2022 to a group of U.S. senators to address their follow-up concerns concerning Chinese ByteDance workers’ access to the data of TikTok’s U.S. users. However, the letter included no mention of the biometrics issue. Instead, the letter emphasized TikTok’s efforts to restrict Chinese employees’ access to user data by transferring it to Oracle’s cloud.
When the ACLU noted in April 2022 that a new trend on TikTok featured users filming their eyeballs up close and then applying a high-resolution filter to highlight the features, patterns, and colors of their irises, the lack of knowledge about the biometrics portion of TikTok became even more of a problem. According to the report, in less than a month, over 700,000 films were made using the filter. (As of right now, the TikTok app says there are over 533 thousand videos.) The American Civil Liberties Union (ACLU) had sent an email to TechCrunch recommending that it investigate Oracle’s biometric technology in light of the company’s intentions to store TikTok user data.
At today’s hearing, witnesses challenged TikTok not just about its acquisition of biometric data but also about its possible surveillance of users’ keystrokes.
TikTok iOS app allegedly injected code that might enable it to effectively execute keylogging, according to a report published in August by an independent privacy researcher. After this study came out, the Irish Data Protection Commission asked to speak with TikTok as well.
TikTok responded at the time by saying the report was deceptive since the app’s code wasn’t being utilized in any nefarious way, but rather for debugging, troubleshooting, and performance monitoring. To prevent malicious information like bogus logs or spam comments, the organization claims it uses keyboard data to identify suspicious trends.
Pappas said during today’s hearing that, to her knowledge, TikTok had never collected the substance of what was being written, and that this had been an “anti-spam measure.”
