Is TikTok a National Security Threat?
Cybersecurity Trends
Over the past few years, government entities around the world have banned public employees from installing TikTok on government phones. In the US, TSA personnel and soldiers are banned from using it entirely. To defend these moves, governments have issued
accusations that TikTok provides the Chinese government with unrestrained access to user data as well as a hugely popular platform which it can use to easily
influence opinions around the world.
In this article, we will break down the real threats that are posed by TikTok and discuss whether these governmental actions are indeed justified.
TikTok's parent company, ByteDance, was founded in 2012 by Beijing-based
entrepreneur, Zhang Yiming. ByteDance launched Douyin for domestic use four years later, before purchasing Musical.ly (another Chinese company, with an office in
LA) two years after that on its path to international expansion. Musical.ly was rebranded as TikTok, while Douyin remains in use for Chinese users. By now,
TikTok has been downloaded over 2 billion times, and has an estimated value of at least $75 billion.
As we see it, there are four potential threats that may be associated with downloading and using TikTok:
- TikTok can collect data on foreign government employees
- TikTok can collect data on private citizens
- TikTok is censoring/manipulating information within China
- TikTok is censoring/manipulating information outside China
There are really two questions here. Firstly, what kind of data is TikTok collecting? And, secondly, who has access to this data? While it may seem that the data
owned by a social media app like TikTok is rather benign, the truth is that most social media apps collect far more data than you'd like to think. Just ask
Facebook. In TikTok's case, their US data privacy agreement states that they "automatically collect certain information from you when you use the Platform,
including internet or other network activity information such as your IP address, geolocation-related data (as described below), unique device identifiers,
browsing and search history (including content you have viewed in the Platform), and Cookies" as well as certain third-party accesses from other apps and your
contact list.
While this is not much different than other popular (American) applications, there is a fear that TikTok might easily abuse its access to government devices to
retrieve sensitive or damaging information on federal employees. The question then becomes, who has access to this data?
While it is often assumed that the Chinese government has open access to nearly all data collected by domestic companies, the truth (as always) is a bit more
complicated. As reported, the Chinese government must request data from companies, and there is some leeway here for companies to provide partial or limited-time
access or (in rare cases) to even deny access entirely. Nonetheless, it's clear that Beijing has far more control over "Chinese" data than most other governments,
and this therefore presents a unique risk compared to American or European platforms.
In this case, the risk is greatly diminished, but there still is some potential for abuse. For example, many private citizens conduct work for the government, and
while a candidate for election is technically a private citizen, this can change very quickly.
Furthermore, there is a risk of Beijing conducting a Cambridge Analytica-style campaign to perform microtargeting and political posturing. Again, while it's
certainly possible for American companies to be guilty of the same, there is a clear difference regarding the Chinese government's ease of access to TikTok's data.
Putting aside direct threats that arise from the use of TikTok, there are some critics that would like to ban TikTok simply because it has conducted political
censoring within China on behalf of the government. This has been widely reported on and is generally undisputed.
However, while this does represent a human rights concern, it does not seem that such censoring poses any national security risks to foreign countries.
More troubling, however, are reports that TikTok routinely censors and manipulates content for its overseas users on behalf of the Chinese government. And while
TikTok maintains that all censorship decisions that affect American users are made by a US-based team, there are reports by former employees that Beijing still
maintains a final say.
While the political and cultural risks associated with this last threat are somewhat more significant in that it seeks to influence opinions internationally,
it is far from obvious that this poses any direct significant threat to either the US or Indian people. Instead, the sorts of regulations and warnings that are
being implemented on Twitter, Facebook, and Reddit might be more appropriate than an all-out ban.
In conclusion, while the fears of data and intellectual abuse pertaining to the popularity of TikTok are far from baseless, particular doomsday scenarios (such
as that peddled by a recent Forbes piece) are probably overblown at this point. TikTok primarily functions just like other social media platforms that we've used
for over a decade, and the main threats rather arise from its proximity to a government which is known to hold a tight hand around domestic activities as well as
the rising threat of political manipulations and censorship. Finally, much of the debate around TikTok is not specific to this particular platform, but reflects a
growing need to better understand, monitor, and legislate around the use and abuse of user data more generally. Rather than treating TikTok as an isolated case,
governments around the world should use this opportunity to institute consistent and effective measures that protect user data both at home and abroad.
Similar Reads:
Top 10 Challenges Facing CISOs in 2023
Are We At (Cyber) War With China?
How the Dark Web Can Protect Your Company
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.