TikTok remains under heightened scrutiny from US government officials who have raised concerns about its potential to compromise security, culminating in the Biden administration’s order last week that federal agencies confirm within 30 days that TikTok is not present on any of their devices or systems.
Scott White, associate professor in the College of Professional Studies and director of the Cybersecurity Program and Cyber Academy at George Washington University, says some people believe TikTok may pose a security risk, but suggests it shouldn't be the only app to be in the firing line.
“If we’re going to talk security, let’s be realistic and talk real security across the board. Many companies collect reams of data on American citizens,” says White. “TikTok is just an easy target.”
According to White, who is a former officer with the Canadian Forces Intelligence Command, the typical mobile phone contains numerous apps that gather user data and track their movements throughout the day. While there are valid reasons to be apprehensive about the TikTok app, he also believes that some of the scrutiny is merely political showmanship.
White explains that TikTok, which is owned by a Chinese company called ByteDance, does indeed amass a significant amount of information about its users. This includes personally identifiable data such as names and birthdates, as well as biometric data.
“I think the concern for the government is they do collect biometric identifiers. So, the biometric identifiers that can be captured by TikTok are your voice pattern and your eyes scan,” says White. “Unlike other kinds of information that can change, once I capture your voice or capture your retina scan, that can't be changed. So that kind of biometric identifier will stay connected to the individual over time.”
Privacy and data differs in China
White says TikTok is not the only app that collects this type of data but the concern some government officials are raising is that its ownership is based in China. In China, White explains, there are laws for privacy and data collection that ultimately place the state's rights above the individual.
“The National Intelligence Law, article seven, for example, requires all organisations assist and cooperate with national intelligence efforts,” says White. “Technological companies must comply with the national intelligence work being done by the intelligence services. They must. So that’s the fear. That all this information, whether it's PII or biometric information, can theoretically be given to the intelligence service of China.”
He says the argument from government officials wanting to ban TikTok is that the app is an intelligence-gathering service of the Chinese government.
"Every single company that does business with China could theoretically have their information shared with the national security service of China," says White.
While those factors are legitimate concerns it’s important to note many other apps collect similar data on their users. “Facebook, Instagram, Tinder, Grinder, Uber—they all collect PII information on their customers as well,” says White.
People might argue those apps are collecting user information predominately for business and marketing purposes, but those companies can be and have been hacked, he explains.
“And when they get hacked, that information is automatically disclosed,” says White. “So, I think, you know, we want to be careful and understand the security risks.”
The US House Foreign Affairs Committee voted in favour of a bill that could grant the president the authority to ban TikTok entirely. White says if TikTok were ever banned in the United States, he would expect a lot of pushback.
“You're talking about regulating or outlawing a social media platform, which is an information-sharing platform for many. It will be seen as undemocratic because it is the free-flowing of ideas and information,” says White. “Whether that would withstand a constitutional challenge, I don’t know.”
Another argument against TikTok is its algorithm pushes harmful content onto users.
“Well, I would go back to Facebook. These algorithms are designed to meet certain needs of a company,” says White. “So whether it's drawing you, a user, into politically harmful dialogue on Facebook or directing you toward some other marketing strategy, there's a lot of psychology that's used in the development of applications and the algorithms that are run. I think that young people, people in general, must be cognizant of these things.”
He believes an important step is for everyone to be better educated about cyber security so they can be better consumers of technology.
“Technology is going to be with us. It's only going to get more powerful,” says White. “I think the issue for me is not outlawing the technology or outlawing the application. It's educating people as to what the technology is and how it may be harmful to you.”
- Wireless Logic: The impact of IoT cybersecurity guidanceApplication Security
- Enea SVP on how cybercriminals exploit mobile communicationCyber Security
- Why technology leaders should attend Cloud & 5G LIVECloud Security
- UK government follows US and bans TikTok on official devicesOperational Security