A team at ByteDance based in China conducted several audits and investigations into the former head of global security at US-based TikTok. The U. S. Department of Health and Consumer Protection was tasked with overseeing efforts to minimize China-based employees’ access to U. S. user data. According to internal corporate documents reviewed through Forbes.
TikTok hired Roland Cloutier as its head of global security in March 2020, some time after the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) opened an investigation into TikTok’s ties to China. In public statements, TikTok touted the paintings of Cloutier, a U. S. Air Force veteran. A former veterans affairs police detective, as proof that TikTok takes cybersecurity and knowledge issues seriously.
But according to current and former employees, as well as internal documents reviewed through Forbes, Cloutier’s efforts to build a strong security team have been stalled through ByteDance’s threats and internal audit department, which is led by Song Ye, an executive in Beijing.
The documents show that the internal audit introduced several audits and investigations into Cloutier, alleging that he had generated contracts worth millions of dollars for U. S. -based security vendors. That they were his non-public friends. Forbes has not found any documents that refute or conclusively refute the veracity of those allegations.
However, some current and former employees have characterized Cloutier’s investigations as fishing expeditions under pretexts designed to find an explanation for why he is kicked out of the company. They noted that TikTok’s lead internal auditor, Chris Lepitak, had argued that some paintings treated through Cloutier. Instead, the TikTok team belongs to ByteDance’s internal audit team. The resources said Lepitak said internal audit oversees spaces such as virtual forensics and internal risk, which are critical to ensuring the security of user data. Lepitak reports to Song Ye, who reports to ByteDance co-founder and CEO Liang Rubo. (Disclosure: In a past life, I held political positions at Facebook and Spotify. )
TikTok and ByteDance did not respond to questions about why Cloutier was investigated, whether he was fired or fired from the company because of his paintings of access to knowledge controls. ByteDance spokeswoman Jennifer Banks said “[a] internal investigation is conducted for the purpose of maintaining a proper workplace,” but declined to comment on the express investigations.
An investigation into Cloutier focused in particular on Global Security Organization appointments with consulting giant Booz Allen Hamilton. Several former Boaz painters recently work on TikTok’s security team. Among other things, Boaz helps TikTok manage China-based painters’ access to U. S. user data Earlier, Boaz declined to comment on his relationship with TikTok and did not immediately respond to a request for comment.
TikTok is recently negotiating a national security deal with CFIUS that will govern how the Chinese-owned social media app handles the private data of American users. Before leaving his position at the company in July 2022, Cloutier applied to reduce access to data China-based workers: In an April 2020 blog post, he wrote: “Our purpose is to minimize access to knowledge in all regions so that, for example, workers in the APAC region, adding China, have minimal access to EU users ‘knowledge. and us’.
BuzzFeed News reported in June that information from U. S. users had been accessed. U. S. workers in China until at least January 2022. TikTok app.
Cloutier did not respond to requests for comment. TikTok announced it would step down as chief security officer in July, and its LinkedIn profile says it left the company in September.
ByteDance spokesman Banks said the internal audit team is “responsible for objectively auditing and comparing compliance with our codes of conduct by the company and our employees. “
TikTok did not comment on a detailed list of issues and questions from Forbes related to Cloutier’s investigations and other investigations conducted through ByteDance’s internal audit team. However, in reaction to Forbes’ earlier report on the team, TikTok’s communications arm tweeted: “Our internal audit team follows established policies and processes to obtain the data it wants to conduct internal investigations into violations of company codes of conduct[. ]”
Despite TikTok’s claim that the internal audit is “our” team, the internal documents imply that the internal audit team does not report to any member of TikTok’s control team, but reports directly to ByteDance executives in China. TikTok did not respond to a query about why it referred to the internal audit team in this way.
The documents also show that internal audit investigations have been thorough, adding contracts with outside security firms and reviews of several thousand emails, worker correspondence and messages on Lark, ByteDance’s office internal control software. The documents also show that some investigations have remained confidential with workers. and human resources managers.
Cloutier isn’t the only U. S. executive either. U. S. attacked through internal audit department. Two appeals also said that at least one other executive, TikTok’s former global marketing leader, marketing officer Nick Tran, also criticized allegations of conflicts of interest due to non-public relations, which the resources called an excuse to fire the employee. Tran declined to comment.
Three existing and former workers also described a list of TikTok workers, some of whom have already left the company, that ByteDance hoped to oust from their posts. Neither TikTok nor ByteDance have commented on the lifestyles on the list. The Financial Times in the past reported that TikTok had created a “removal list” for workers it sought to oust from the company. At the time, TikTok told FT that it “couldn’t find a list that fit that description. “
TikTok has yet to call its next global security director, but the documents show that the company’s global security organization is lately in the midst of a corporate restructuring, aiming to address “pain points,” adding redundancy between teams. TikTok and ByteDance declined to answer questions about the restructuring that would replace the day-to-day work department between TikTok’s global security organization and ByteDance’s internal audit team.
In the past, TikTok has struggled to retain U. S. -based executives. U. S. In September, Forbes reported that at least five senior TikTok executives had left the company because they felt they couldn’t contribute to key decision-making. ByteDance’s internal audit arm found the same thing: A threat assessment conducted by the branch in late 2021 found that many senior workers felt “that they and their groups are just ‘front men’ or ‘defenseless mediators'” who are “functionally subject to the control of CN groups. “
Neither TikTok nor ByteDance commented on the evaluation.
Last month, President Biden issued an executive order instructing CFIUS to take a closer look at the dangers foreign companies pose to Americans’ personal data. Yesterday, the Justice Department held a press conference to announce the indictments of two Chinese government intelligence officials who allegedly tried to save it from a federal investigation into alleged wrongdoing through Chinese telecommunications giant Huawei. (Huawei did not immediately respond to a request for comment. )
At the press conference, Deputy Attorney General Lisa Monaco, who is reportedly among the officials reviewing the deal between TikTok and CFIUS, said of the Huawei case: “This case shows the interconnectedness between PRC intelligence officials and Chinese companies. And it demonstrates once again why those companies, especially the telecommunications industry, cannot be trusted to securely manage our sensitive knowledge and non-public communications.
Richard Nieva contributed to the report.