Obernolte, Johnson Use Tech Backgrounds To Question TikTok CEO
Rep. Jay Obernalte, D-Calif., said TikTok CEO Shou Zi-chiu's commitment to reviewing third-party code doesn't necessarily expose fraudsters.Last week, TikTok CEO Shou Ji Chon argued that the two lawmakers presented their technical testimony before a House of Representatives panel questioning Chou's assurances that the video-sharing app was safe for US users.
Chu asked Jay Obernalte of California, a member of the House Energy and Commerce Committee who owns the video game studio Republic and has experience in computers and information technology, to explain how third-party code verification works. . It works. Chu told the commission that the audit would help find loopholes that could allow China to spy on Americans.
Bill Johnson of Ohio, a former owner of IT companies that provided services to the Pentagon, filed a lawsuit over the report's interpretation of privacy, security and app censorship.
Obernolt and Johnson used their questions as lawmakers expressed disbelief at Chu's attempts to cover up congressional outrage over TikTok's data protection, ties to the Chinese Communist Party and the app's dangers to young users. Describe technical details or defects.
TikTok has agreed to a third-party review of its software code as part of an agreement with the US government to separate the company's US operations from its Chinese parent company ByteDance and require it to store all US user data in the US.
Chu said the $1.5 billion project, known as the Texas Project, is key to convincing US lawmakers and the government that TikTok is not Beijing's technology loophole.
Oberno Chu wanted to explain how TikTok integrates into a codebase that works on millions of programming instructions, including developed and tested code.
Does TikTok use custom integration software that updates the existing codebase with new lines of code, asked Obernolt, and if so, is that integration software subject to third-party review?
Chou said the verification process "has a multi-layered surveillance to verify anything someone sees ... there's a second level of verification to ensure there's no harm done by an attacker." In a typical rebuttal to questions, Chu also said he would get detailed information from lawmakers.
Obernault says an attacker cannot easily publish malicious code.
"I put unrelated lines of code in different pieces of code that work together to do something malicious," he says, adding that there are "too many loopholes" in the process.
control or ownership
The exchange showed the potential limitations of achieving reconciliation through surveillance, said Lindsey Gorman, senior fellow at the Alliance for Democracy's New Technologies division at Germany's Marshall Fund.
"I think there's a fundamental gap between oversight and ownership in the Texas project," Gorman said. "The national security consensus is more important than oversight."
Chou has repeatedly tried to convince lawmakers that patents are irrelevant.
Even if the audit doesn't find loopholes or security holes in the software code, those "pulling the strings of management or the company" can challenge these systems, said Gorman, a former senior adviser to White. Baseline of the Biden Administration's Science and Technology Policy. "No technological system and no surveillance system is perfect."
According to Gorman, software developers have difficulty testing their own code. "It's worse than looking at someone else's code."
Or, as Obernolt points out, testing interest by analyzing program code and algorithms is difficult.
"How can you verify that an algorithm is free from external influences?" Obernault said. Because the algorithm is the neural network architecture, the inputs and outputs, the weights and how they are trained… I mean the effect is an external factor.
"I am concerned that your proposal under the Texas project does not have the technical capacity to provide the necessary guarantees," Obernalt-Chu said.
Chu said he would provide written answers to technical questions.
American company TikTok Oracle Corp. It was created with a 20 percent stake in software maker and retailer Walmart Inc. The agreement calls for Oracle to monitor data flowing in and out of Texas data centers and help verify the software that powers TikiTok. .
TikTok is in discussions with the US Committee on Foreign Investment regarding the details of the Texas project and whether the move is appropriate to address US national security concerns.
While several lawmakers in the United States have called for the app to be banned entirely, the administration is considering a forced sale of the company. China's Ministry of Commerce said last week that it opposes forced sales as it relates to Chinese technology exports.
Civil laboratory
Johnson used Chu's question-and-answer session to say the CEO was misinterpreting TikTok's privacy, security and censorship report. He cited the 2021 Citizen Lab report based on the Citizen Lab School of Global Affairs and Public Policy. University of Toronto Munch specializes in studying backdoors in communication technology.
Chu said the Citizen Lab report "shows that TikTok has not shared information with the Chinese government and that TikTok has not accessed Chinese servers."
But Citizens Lab Director Ronald Deibert released a statement on March 23, the day Chu testified, that the CEO said in a statement to governments that the lab's research was "only limited."
The Citizen Lab report found that TikTok is similar to social media apps, acting "as a vacuum cleaner for personal data," but the researchers "didn't see what happens to user data once it's collected and transferred to TikTok's servers." Deibert said. He says in the statement.
"While we cannot determine whether this has occurred, we have identified methods by which the Chinese government may have used unusual methods to pressure ByteDance to obtain TikTok user data," Dibert wrote.
The lab found that TikTok contained code originally written for the Chinese version of TikTok called Duyin, which was owned by ByteDance.
"Although Citizen Lab is afraid to state the obvious, I am not Mr. Chu," Johnson said. "Tik Tok's source code is full of CCP gates and censorship tools," he said, referring to the Chinese Communist Party.
"The smallest of a million lines of code from zero to one of the thousands of versions of TikTok exposes CCP censorship and access to US information," he said.
In Obernolte's post, Johnson uses technical expertise to challenge the TikTok CEO, who appeared on a roll call.
