I’m not the least bit surprised this is where this story is ending up. Starting last summer there were reports that, despite corporate denials, data on American TikTok users was essentially available to engineers at the parent company ByteDance in China.

The former employees who spoke to CNBC said the boundaries between TikTok and ByteDance were so blurry as to be almost non-existent.

Most notably, one employee said that ByteDance employees are able to access U.S. user data. This was highlighted in a situation where an American employee working on TikTok needed to get a list of global users, including Americans, who searched for or interacted with a specific type of content — that means users who searched for a specific term or hashtag or liked a particular category of videos. This employee had to reach out to a data team in China in order to access that information. The data the employee received included users’ specific IDs, and they could pull up whatever information TikTok had about those users. This type of situation was confirmed as a common occurrence by a second employee.

Under Chinese law, anything that is available to corporations in China is automatically subject to seizure by the Chinese government. Again, this has all been denied repeatedly by ByteDance and by TikTok in the US, but this summer Buzzfeed published a story confirming the CNBC report from last year based on leaked audio from inside the company.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.”

Why does any of this matter? Well for most of the teens and adults who use TikTok is probably doesn’t. The problem is that China could, in theory, single out certain individuals it is interested in and watch their online behavior very closely. In fact, the story today from Forbes suggests they planned to do more than that. They planned to monitor the locations of certain Americans without their knowledge or consent.

A China-based team at TikTok’s parent company, ByteDance, planned to use the TikTok app to monitor the personal location of some specific American citizens, according to materials reviewed by Forbes.

The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang.

The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.

A TikTok spokesperson claimed that the app uses location data in order to “help show relevant content and ads to users” but in this case that won’t fly.

…the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources.

What I’m sure everyone would like to know is who was targeted and why. All we know from this story is that they are American citizens who haven’t worked at TikTok. Are they politicians? Celebrities? Rival CEO’s? Chinese dissidents? Without knowing who was targeted and why it’s difficult to assess how sinister this effort was.

In any case, the fact that they could do this to anyone using the app means the CCP could get this kind of information on anyone it wanted to target. That may not have happened yet but it seems there’s nothing to stop it from happening in the future, at least not at the moment.