EXCLUSIVE-Behind Grindr's doomed hookup in China, a data misstep and scramble to make up

by Reuters
Wednesday, 22 May 2019 10:00 GMT

Grindr app is seen on a mobile phone in this photo illustration taken in Shanghai, China March 28, 2019. REUTERS/Aly Song/Illustration

Image Caption and Rights Information
Grindr's Chinese owner gave Beijing-based engineers access to the private messages and HIV status of millions of Americans

By Echo Wang and Carl O'Donnell

May 22 (Reuters) - Early last year, Grindr LLC's Chinese owner gave some Beijing-based engineers access to personal information of millions of Americans such as private messages and HIV status, according to eight former employees, prompting U.S. officials to ask it to sell the dating app for the gay community.

After taking full control of Grindr in January 2018, Beijing Kunlun Tech Co Ltd stepped up management changes and consolidated operations to cut costs and expand operations in Asia, one former employee familiar with the decision said.

In the process, some of the company's engineers in Beijing got access to the Grindr database for several months, eight former employees said.

While it is known that data privacy concerns prompted the crackdown on Kunlun, interviews with over a dozen sources with knowledge of Grindr's operations, including the former employees, for the first time shed light on what the company actually did to draw U.S. ire and how it then tried to save its deal.

Reuters found no evidence that the app's database was misused. Nevertheless, the decision to give its engineers in Beijing access to Grindr's database proved to be a misstep for Kunlun, one of the largest Chinese mobile gaming companies.

In early 2018, the Committee on Foreign Investment in the United States (CFIUS), a government panel that scrutinizes foreign acquisitions of U.S. companies, started looking into the Grindr deal to see whether it raised any national security risks, one source close to the company said.

Last September, it ordered Kunlun to restrict access of its Beijing-based engineers to Grindr's database, the source said.

Kunlun did not respond to requests for comment. A Treasury spokesman declined to comment on behalf of CFIUS.

A Grindr spokeswoman said "the privacy and security of our users' personal data is and always will be a top priority."

DATA PRIVACY FOCUS

Two former national security officials said the acquisition heightened U.S. fears about the potential of data misuse at a time of tense China-U.S. relations. CFIUS has increased its focus on safety of personal data. In the last two years, it blocked Chinese companies from buying money transfer company MoneyGram International Inc and mobile marketing firm AppLovin.

Based in West Hollywood, California, Grindr is especially popular among gay men and has about 4.5 million daily active users. CFIUS likely worried that Grindr's database may include compromising information about personnel who work in areas such as military or intelligence and that it could end up in the hands of the Chinese government, the former officials said.

"CFIUS operates under the assumption that, whether through legal or political means, Chinese intelligence agencies could readily access information held by private Chinese companies if they wanted to," said Rod Hunter, an attorney at Baker & McKenzie LLP who managed CFIUS reviews during President George W. Bush's administration.

In a faxed statement to Reuters, China's foreign ministry said it was aware of the situation with Grindr and urged the United States to allow fair competition and not politicize economic issues.

"The Chinese government always encourages Chinese companies to conduct economic and trade cooperation overseas in accordance with international rules and local laws," it said.

GRINDR'S TAKEOVER

Kunlun first acquired 60% of Grindr in 2016 for $93 million, amid a wave of acquisitions of U.S. technology companies by Chinese firms. At the time CFIUS focused on traditional national security concerns, such as the use of technology for potential military applications, the former U.S. security officials said.

Submissions of deals to CFIUS for review were entirely voluntary then, and Kunlun did not think it needed to submit its purchase of Grindr because it was convinced the deal posed no national security risk, two sources close to the company said.

After that deal was completed Kunlun tasked engineers in Beijing to improve the app, former employees said. The team worked out of the second floor of Ming Yang International Center, Kunlun's 11-story headquarters east of the Palace Museum in Beijing, one former employee said.

At first, they did not have access to Grindr's database, six former employees said. But that changed when Kunlun bought out the remainder of Grindr for $152 million, and the dating app's founder and CEO, Joel Simkhai, left.

Kunlun shifted a significant portion of Grindr's operations to Beijing, seven former employees said. Some outside contractors ended their work, and most of Grindr's U.S. engineers were subsequently let go or resigned, they said.

Some U.S. employees who learned that the database access had been given to colleagues in China raised concerns about privacy with management, but they were told that they should not worry, two former employees said.

CFIUS ORDER

About a month after CFIUS' September order, Kunlun told the panel the Beijing team's access to Grindr's database had been restricted, the source close to the company said.

Grindr also hired a cyber forensic firm and a third-party auditor at CFIUS's behest to report on its compliance and to make sure the data was secure, the source said.

Kunlun started to operationally separate Grindr as well, making Grindr Beijing a different legal entity, transferring some Chinese employees from Kunlun to Grindr, and finding separate office space for Grindr in Beijing, former employees said.

Reuters could not determine what triggered CFIUS' initial concerns about the Grindr deal, or whether Kunlun's steps were directly aimed at allaying the panel's fears.

By February, Kunlun had decided to shut down Grindr's Beijing office, parting ways with some of the roughly two dozen employees there, two former employees said.

It told them the decision was taken because of policy reasons and concerns about data privacy, they said.

In March, Reuters first reported that CFIUS had asked Kunlun to divest Grindr.

Behind the scenes, the source close to the company said, Kunlun kept trying to salvage the Grindr deal until as recently as last week, when it said it would sell it by June next year.

(Reporting by Echo Wang and Carl O'Donnell in New York Additional reporting by Stella Qiu and Liangping Gao in Beijing Editing by Greg Roumeliotis and Paritosh Bansal)

Openly is an initiative of the Thomson Reuters Foundation dedicated to impartial coverage of LGBT+ issues from around the world.

Our Standards: The Thomson Reuters Trust Principles.

Update cookies preferences