Over the past 24 hours, rumors picked up by Bloomberg, the Wall Street Journal and CNBC have put some boundaries on what a possible deal between Oracle and TikTok’s parent company ByteDance will look like.
In its current incarnation floating around the DC press corps, it appears that TikTok’s data on American users will be stored in Oracle’s cloud, with Oracle acting as a “trusted technology partner.” Oracle will have some sort of real-time source code verification duty, in which it will audit TikTok’s codebase to ensure that there aren’t “backdoors” that allow China to siphon data into its national security apparatus. ByteDance will create a new organization for its U.S. operations, which will have a board of directors approved by the U.S. government and will have a license agreement to access TikTok’s algorithms. One member of that board (at least) will come from the American national security community.
There remains a pretty yawning gap in these rumors over what the ownership of this new entity looks like, and precisely who is going to own what. Oracle is presumed to take a fairly large stake, with CNBC reporting this morning that it will get a 20% stake. Walmart apparently has broken away from its deal partner Microsoft, and is still pursuing some sort of deal engagement with the company, now with Oracle as its champion.
While President Trump has repeatedly said that a deal had to be reached by September 15, his executive order gave the parties until September 20 to hash out an agreement. Therefore, we expect a final deal to be approved — or denied outright — in the next two to three days.
Obviously, all terms are still under negotiation, and for all we know, McDonalds will end up buying the company (it’s been that kind of year).
Given what we know so far though, how did the Trump administration do in furthering its goals? The administration has repeatedly said that it wants to protect American users, particularly the young users who love TikTok, from the prying eyes of China. It also wanted to ensure that any protections would last into the future and couldn’t be changed retrospectively by, say, a more aggressive future policy implemented by China. And Trump has also said that the U.S. government should be paid for allowing the company to essentially continue to exist in the U.S. at all.
The latter point is the easiest one — U.S. government lawyers have said outright that the country can’t accept a payment for allowing a deal through, a point that Trump now appears to agree with.
So let’s head over to national security and privacy. Hosting American data on American soil helps with some jurisdictional issues of course. So-called data sovereignty laws have been popular in the European Union, China, India, Brazil and elsewhere as a means of ensuring that citizen data comports with the laws of those citizens’ countries. If the EU wants better privacy protections than America for instance, then it actually needs to “own” its own data to put its policies into place.
However, what has not been made clear is how “TikTok US” (or whatever the entity is called) will be able to take advantage of its parent company’s algorithms without actually handing American data over for processing.
The kinds of algorithms that run TikTok’s feed — like other social media feeds or Google’s search results — require real-time tuning of millions if not billions of parameters benchmarked against the quality of the user experience. For instance, users who linger on a particular video for longer than others, interact with it in specific ways, and share it are all data points that get fed into the “algorithm” to optimize exactly what each user sees in their own feeds.
This is an extraordinarily hard problem, and one that the word “algorithm” barely begins to describe. TikTok has to ingest billions of data points in real time from its app, needs to evaluate mullions of uploaded videos in real time, and needs to curate a custom stream of videos in real time for hundreds of millions of active users. That’s not an algorithm so much as a massively scaled computing system.
In the current deal framework, it sounds like “TikTok US” will supposedly “license” the underlying systems that power TikTok Global’s feeds. Yet, there has so far been zero clarity on how those algorithmic systems can tune their parameters without peering into U.S. data, or even how you can bifurcate such a system into a global half and a U.S.-only half.
One answer might be that the U.S.will just have an entirely independent algorithmic system that is tuned to the tastes of U.S. users and doesn’t take input from other global sources. That might work, although it’s an open question whether the smaller scale of TikTok US’ data will allow it to create as compelling a feed as today.
The larger issue is the pace of change in these systems. Updates to these algorithmic systems happen around the clock as engineers, product managers, data scientists and others determine ever more optimal and novel ways to improve the user experience. TikTok’s engineering team is expected to stay in China, meaning that any entity licensing those systems would have to absorb that constant avalanche of new code changes and integrate it into the U.S. codebase. Worse, those changes would have to be continuously evaluated by Oracle for backdoors — an incredibly hard engineering problem that remains by and large unsolved even if certain services offer a modicum of protection here.
Finally, building this infrastructure is not going to be easy. We haven’t heard much on how long TikTok would have to transition its systems, but it is hard to imagine that the company could rebuild its infrastructure on Oracle, add in real-time source code verification, completely separate its core machine learning algorithms into independent systems, and do all that while continuing to adapt its product to changing consumer whims in anything less than three years. One doesn’t just rebuild the code from scratch of a system used by hundreds of millions of people.
In all honesty, the rapid iterations required of a social media service will wither and die in the deal framework offered here. Which means that TikTok’s U.S. engineering efforts look all but doomed if this deal is approved.
Then there is this deal term of potentially adding an all U.S. government-approved board, with at least one director coming with a national security background. That experience isn’t unheard of in tech companies these days: Amazon just last week added former National Security Agency director Keith Alexander to its board, presumably due to the company’s expanding cloud services sales to the government.
Given that so many of the concerns expressed by the administration were around citizen privacy though, how exactly does this board structure protect privacy whatsoever? The company will essentially replace presumed Chinese surveillance with presumed American surveillance, and that’s a Pyrrhic victory in the end. We’ve heard next to nothing in these rumors about how the company can better protect user data in a more transparent fashion.
So the net-net right now is that the U.S. government isn’t going to get paid its tithe/bribe, the company’s engineering velocity is going to crater from bureaucracy, and its user data won’t have any more protections than what pretty much already exists with other social networks.
Maybe in the end, killing TikTok was the goal all along. Certainly some analysts in the DC national security community would like to see that happen. But at least from the seat over here, what a colossal failure of imagination and opportunity.