Is TikTok a National Security Threat?

Cybersecurity Trends


After years of threats, suspensions, and negotiations, India has finally gone and banned TikTok entirely. But are these fears overblown?
     
This news comes after the US has issued directions to its public employees to uninstall it from all government phones and banned its use for Army and TSA personnel. To defend these moves, both governments have issued accusations that TikTok provides the Chinese government with unrestrained access to user data as well as a hugely popular platform which it can use to easily influence opinions around the world.

In this article, we will break down the real threats that are posed by TikTok and discuss whether these governmental actions are indeed justified.

Before jumping in, though, let's get clear what exactly TikTok is, and how it came to be. TikTok's parent company, ByteDance, was founded in 2012 by Beijing-based entrepreneur, Zhang Yiming. ByteDance launched Douyin for domestic use four years later, before purchasing Musical.ly (another Chinese company, with an office in LA) two years after that on its path to international expansion. Musical.ly was rebranded as TikTok, while Douyin remains until today for Chinese users. By now, TikTok has been downloaded over 2 billion times, and has an estimated value of at least $75 billion.

As we see it, there are four distinct and potential threats that may be associated with downloading and using TikTok:

  1. TikTok can collect data on foreign government employees
  2. There are really two questions here. Firstly, what kind of data is TikTok collecting? And, secondly, who has access to this data? While it may seem that the data owned by a social media app like TikTok is rather benign, the truth is that most social media apps collect far more data than you'd like to think. Just ask Facebook. In TikTok's case, their US data privacy agreement states that they "automatically collect certain information from you when you use the Platform, including internet or other network activity information such as your IP address, geolocation-related data (as described below), unique device identifiers, browsing and search history (including content you have viewed in the Platform), and Cookies" as well as certain third-party accesses from other apps and your contact list.

    While this is not much different than other popular (American) applications, there is a fear that TikTok might easily abuse its access to government devices to retrieve sensitive or damaging information on federal employees. The question then becomes, who has access to this data?

    While it is often assumed that the Chinese government has open access to nearly all data collected by domestic companies, the truth (as always) is a bit more complicated. As reported, the Chinese government must request data from companies, and there is some leeway here for companies to provide partial or limited-time access or (in rare cases) to even deny access entirely. Nonetheless, it's clear that Beijing has far more control over "Chinese" data than most other governments, and this therefore presents a unique risk compared to American or European platforms.

  3. TikTok can collect data on American/Indian private citizens
  4. In this case, the risk is greatly diminished, but there still is some potential for abuse. For example, many private citizens conduct work for the government, and while a candidate for election (say, Joe Biden) is technically a private citizen, this can change very quickly.

    Furthermore, there is a risk of Beijing conducting a Cambridge Analytica-style campaign to perform microtargeting and political posturing. Again, while it's certainly possible for American companies to be guilty of the same, there is a clear difference regarding the Chinese government's ease of access to TikTok's data.

  5. TikTok is censoring/manipulating information within China
  6. Putting aside direct threats that arise from the use of TikTok, there are some critics that would like to ban TikTok simply because it has conducted political censoring within China on behalf of the government. This has been widely reported on and is generally undisputed.

    However, while this does represent a human rights concern, it does not seem that such censoring poses any national security risks to foreign countries.

  7. TikTok is censoring/manipulating information outside China
  8. More troubling, however, are reports that TikTok routinely censors and manipulates content for its overseas users on behalf of the Chinese government. And while TikTok maintains that all censorship decisions that affect American users are made by a US-based team, there are reports by former employees that Beijing still maintains a final say.

    While the political and cultural risks associated with this last threat are somewhat more significant in that it seeks to influence opinions internationally, it is far from obvious that this poses any direct significant threat to either the US or Indian people. Instead, the sorts of regulations and warnings that are being implemented on Twitter, Facebook, and Reddit might be more appropriate than an all-out ban.

    In conclusion, while the fears of data and intellectual abuse pertaining to the popularity of TikTok are far from baseless, particular doomsday scenarios (such as that peddled by a recent Forbes piece) are probably overblown at this point. TikTok primarily functions just like other social media platforms that we've used for over a decade, and the main threats rather arise from its proximity to a government which is known to hold a tight hand around domestic activities as well as the rising threat of political manipulations and censorship. Finally, much of the debate around TikTok is not specific to this particular platform, but reflects a growing need to better understand, monitor, and legislate around the use and abuse of user data more generally. Rather than treating TikTok as an isolated case, governments around the world should use this opportunity to institute consistent and effective measures that protect user data both at home and abroad.


    About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.