Your deleted TikTok content can still be used against you by the FBI

Social media companies in general don’t know how long they keep information users thought they deleted, but TikTok is less transparent than others. Law enforcement is ready to take advantage.

The FBI said it used cellphone tower data earlier this year to link seven bank robberies in five states to a phone number used by a suspect named Fernando Enriquez and possible associates. According to a search warrant discovered by Forbes, by cross-referencing the phone number and name with other law enforcement databases, the agency used this information to retrieve email addresses and Google, Instagram and TikTok accounts belonging to Enriquez. This unearthed a photo on TikTok of Enriquez standing in front of a Chevrolet SUV that resembled the getaway vehicle, the FBI said. The photographs also showed tattoos that appeared to match those in the bank’s surveillance footage, investigators said. Later, the FBI sought to obtain more information directly from TikTok, including any deleted information on his account.

While the warrant shows how surveillance beginning with a so-called “cellphone tower dump” can lead cops to target all sorts of other social media accounts, the FBI search warrant also showed a confusion about how long TikTok retains information and what can be viewed by police once a user chooses to delete it.

When it comes to other social media giants, the rules are clearer. According to its policy, Google retains a user’s data for two months after deletion, although this could extend up to six months if the data was stored on an encrypted backup. Facebook’s policy is a bit more complicated. It says to retain data according to its “nature” and relevant legal requirements. “For example,” the policy says, “when you search for something on Facebook, you can access that query and delete it from your search history at any time, but the log for that search is deleted after six months. If you submit a copy of your government issued ID for account verification purposes, we delete this copy 30 days after review unless otherwise specified It does not go into all the different types of information that people give to Facebook. However, it states that once a Facebook account is deleted, all information will be erased forever within 90 days.

Less transparent is how long TikTok retains deleted information and how US law enforcement can obtain that data from the company, owned by Chinese company Bytedance. Based on the Enriquez case, it appears the FBI thinks it can get all sorts of information from ByteDance’s huge social platform – from messages to videos to location data – even if they are deleted by TikTok users.

The FBI’s request for information about Enriquez, who was suspected of thefts in Arizona, Texas, New Mexico, California and Mississippi, was directed to an address in Culver City, Calif., where TikTok opened a office on the West Coast in 2020. As the FBI agent who wrote the search warrant notes in the court filing, “even if…content is removed, locked, or removed, social media companies often keep the data on their information systems”. TikTok, the agent wrote, “appears to store data that has been made private, locked, or deleted by users.”

Enriquez was charged in April in Arizona and Texas. He did not enter a plea in Arizona, although he pleaded not guilty in Texas.

“People confuse deleted with erased,” said Professor Alan Woodward, an encryption and security expert at the University of Surrey in the UK. “A true secure erase has always required overwriting storage and memory with unrelated data to delete the original. Many email apps make claims, but the devil is in the details, and forensic techniques can recover to an extraordinary level of detail.

When Forbes asked TikTok how it handles user data and when it is deleted, the company pointed to public documentation, which showed that user information was stored on servers in the United States and Singapore. As for what it does with the deleted data, that’s a little less clear.

“We retain information for as long as necessary to provide the Platform and for the other purposes set forth in this Privacy Policy,” TikTok’s policy reads. “We also retain information where necessary to comply with contractual and legal obligations, where we have a legitimate business interest to do so (such as improving and developing the Platform, and enhancing its security, security and stability), and for the exercise or defense of legal claims. Its law enforcement guide provides more details on what information police can request and from where, but TikTok does not provide any timelines. as to when the deleted data is permanently erased.

This is relevant because, according to TikTok’s latest transparency report, law enforcement is increasingly interested in obtaining information from the company. Government requests for TikTok user data rose from just under 2,000 in the first half of 2021 to almost 3,500 in the following six months. Just three years ago, he received 1,000 applications for the whole of 2019.

The only time the veil was lifted on the dynamic between US law enforcement and TikTok was in the so-called BlueLeaks files. Released by DDoSecrets in 2020 after a cyberattack on the Metropolitan Police Department in Washington, it only showed that TikTok could provide granular information about a user, such as their phone number, smartphone model, address list IPs used to access TikTok and any related social network. media accounts. The availability of the deleted information was unclear.

About Geraldine Higgins

Check Also

Trial captains set off to answer tough questions as suits hide out at Headingley | England v New Zealand 2022

A day after the third Test between England and New Zealand and Headingley could hardly …