TikTok Analysis: the onus is on us

TikTok is in the news again with the State of Montana legislating an absolute ban on the app even though the legislator has no idea how that can be accomplished. But after several weeks of research, Cyber Protection Magazine has found that TikTok is no more a threat to the security of a country than any other social media platform. Regarding personal use, subscribers must accept personal responsibility for the consequences of using it. The only viable approach to controlling social media security abuses is for corporations and governments to limit, if not ban social media use in the organizations.

Fourteen countries preceded Montana in outright banning TikTok, like India, or restricting the use of the platform on government or corporate devices. But the application is still being downloaded more than any other app in the world. The growth is compounded by the recent introduction of another app from TikTok’s parent company ByteDance, Lemon8, which seems to be a direct competitor to Facebook’s Instagram. In spite of the growth of the app, It still rates only the 7th most popular app in the world, behind first-place Facebook, YouTube, and WhatsApp.

Just being honest

So what is the big deal about security and TikTok? On one level, it seems like TikTok is just more honest about what it is doing, or more accurately, what could be done with the data it collects on users, compared to the US. On another, it’s just competitive jealousy.

“American Tech is a big lobby group when it comes to the government, Ian Thornton-Trump, CISO for Cyjax, pointed out. “I think American Tech is a little bit jealous of the massive success of a Chinese app that has gone completely viral. However, I think the concern has some legitimacy in that the data is being harvested and pushed back to servers.”

A Forbes article late last year revealed that China tracked the movements, meetings, and activities of its journalists. Similar Western social media companies have the same capabilities. “The big difference is the relationships big tech with the United States government, and with the Chinese government,” Thornton-Trump explained. “There is a lot more transparency and due process involved in the American relationship. If the government wants to collect data on certain people, it can issue a National Security Letter requesting the information.”

Some companies, like AT&T, are well known for cooperating, while others, like Apple, not so much. The sticking point of the problem is Article 7 of China’s National Intelligence Law, that went in to affect that effectively turns every Chinese citizen and corporation into an agent of the government. Since the law took effect in 2017, literally dozens of Chinese nationals have been charged or convicted of espionage while working in U.S. companies, attending universities, or visiting government and military facilities.

The rub here is that none of them involved the use of TikTok. That doesn’t mean it doesn’t pose a clear and present danger.

“If Western government agents and politicians have TikTok on their devices, it gives the Chinese government an unquantifiable advantage in identifying those people, what their roles are, and whether they are influenced by large bags of cash right?” Thornton-Trump said.

Smoking gun

Recently, Yintao Yu, former head of engineering for TikTok’s U.S. offices five years ago, filed a wrongful termination suit filed in San Francisco alleging the Chinese government maintained a special unit within ByteDance referred to as the “Committee” that “guided how the company advanced core Communist values.” He stated that ByteDance served as a “useful propaganda tool,” pointing to instances when the company was “responsive to the Chinese Communist Party’s requests to share information, and even to elevate or remove content.”

Related:   You Can’t Stop Cyberattacks on your Organization!

The US military has been trying to balance the benefits and potential harms of social media for at least 10 years. what they have come up with might be a way forward for legislation and corporate practices. In a 2015 report, THE U.S. MILITARY AND SOCIAL MEDIA, Michael E. Reheuser, Director of the DOD’s Defense Privacy and Civil Liberties Office, said, “The DOD doesn’t monitor personal social media accounts, DOD’s social media policy requires that personnel follow certain rules. Under the UCMJ, service members are prohibited from disparaging the President or other senior leaders, revealing operational details, or divulging classified information.”

The report abstract calls it the benefits of social media for communication within military organizations, “if implemented correctly” and then outlines what that means in the form of personal responsibility for members of the military. That may be the key to what should be done with TikTok.

In his testimony to Congress, TikTok CEO Show Zi Chew referred to Project Texas, the platform’s plan to house all data collected from users by the app in U.S. servers to keep the data secure. However, none of the committee members connected that project with the National Intelligence Law requirements on Chinese citizens. Cyber Protection Magazine repeatedly asked TikTok management for comments specifically asking if Chinese nationals working in the US offices would be required to turn over the data on specific users. What we got was a handful of marketing documents that said no more than what was said by the CEO to Congress without getting to the point.

Culture clash

For some people, that deflection might seem rude. Not in Chinese culture.

There are no words in Chinese for “yes” or “no”. Answering a direct question so abruptly would be considered due, especially if the answer would disappoint the questioner. So when the TikTok representatives answered the direct question with general information about Project Texas, we can assume the answer is, yes, Chinese nationals will be required to turn over sensitive data on individual users when required.

With this understanding, instituting a national ban on TikTok would create significant hardship for private citizens and violate the core beliefs and rights of Western countries, even if it is even technically possible. That doesn’t mean selective bans cannot be instituted, but they would be needed for all social media platforms, not just TikTok. Personal use of social media in government facilities and corporations should be severely restricted with penalties for transgressing the restrictions.

Lou Covey

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

One thought on “TikTok Analysis: the onus is on us

Leave a Reply

Your email address will not be published. Required fields are marked *