Comment by patmcc

1 day ago

The reporting I found (from the Verge) was that an employee of TikTok (in America) would email spreadsheets to executives in China, and other similar cases of US employees having the actual access to data and passing it along to other folks in China.

This all suggests to me that the 'Operation Texas' technical controls were actually in place and pretty good (or dude in China would have just run some SQL himself), and what isn't in place is hard process control to prevent US workers from emailing stuff to China. Which, you know, is exactly what Congress could pass a law to deal with.

4 comments

patmcc

glenstein 1 day ago

I took the article to be absolutely damning in its reckoning on the utility of Operation Texas, precisely because it proved that no amount of technical control would be a match for the human infrastructure that tied Tiktok to China.

Which I suppose is a different way of making the same point as you.

patmcc 1 day ago
Haha, yah, I think we agree; Operation Texas does what it says on the tin (the data is stored in the USA! It can only be directly accessed from within the USA) but ultimately that doesn't matter at all, since Jim in Texas can just email it all to China.
- glenstein 6 hours ago
  
  Actually, I think we do have a little bit of a disagreement overall, but maybe not a huge one. I would not take the human exchange of data to imply or count as proof of otherwise airtight data security. I don't think the one follows from the other. It certainly could be the case, but, that kind of conclusion would hinge on contextual information that we don't currently have.
- cma 16 hours ago
  
  That can still happen without Chinese ownership too.