“Easy target” TikTok is under fire from US federal agencies

The US President has told federal agencies to wipe TikTok from their devices. But a cybersecurity expert points out Facebook and others need some scrutiny

TikTok remains under heightened scrutiny from US government officials who have raised concerns about its potential to compromise security, culminating in the Biden administration’s order last week that federal agencies confirm within 30 days that TikTok is not present on any of their devices or systems.

Scott White, associate professor in the College of Professional Studies and director of the Cybersecurity Program and Cyber Academy at George Washington University, says some people believe TikTok may pose a security risk, but suggests it shouldn't be the only app to be in the firing line.

“If we’re going to talk security, let’s be realistic and talk real security across the board. Many companies collect reams of data on American citizens,” says White. “TikTok is just an easy target.”

According to White, who is a former officer with the Canadian Forces Intelligence Command, the typical mobile phone contains numerous apps that gather user data and track their movements throughout the day. While there are valid reasons to be apprehensive about the TikTok app, he also believes that some of the scrutiny is merely political showmanship.

White explains that TikTok, which is owned by a Chinese company called ByteDance, does indeed amass a significant amount of information about its users. This includes personally identifiable data such as names and birthdates, as well as biometric data.

“I think the concern for the government is they do collect biometric identifiers. So, the biometric identifiers that can be captured by TikTok are your voice pattern and your eyes scan,” says White. “Unlike other kinds of information that can change, once I capture your voice or capture your retina scan, that can't be changed. So that kind of biometric identifier will stay connected to the individual over time.”

Privacy and data differs in China

White says TikTok is not the only app that collects this type of data but the concern some government officials are raising is that its ownership is based in China. In China, White explains, there are laws for privacy and data collection that ultimately place the state's rights above the individual.

“The National Intelligence Law, article seven, for example, requires all organisations assist and cooperate with national intelligence efforts,” says White. “Technological companies must comply with the national intelligence work being done by the intelligence services. They must. So that’s the fear. That all this information, whether it's PII or biometric information, can theoretically be given to the intelligence service of China.”

He says the argument from government officials wanting to ban TikTok is that the app is an intelligence-gathering service of the Chinese government.

"Every single company that does business with China could theoretically have their information shared with the national security service of China," says White.

While those factors are legitimate concerns it’s important to note many other apps collect similar data on their users. “Facebook, Instagram, Tinder, Grinder, Uber—they all collect PII information on their customers as well,” says White.

People might argue those apps are collecting user information predominately for business and marketing purposes, but those companies can be and have been hacked, he explains.

“And when they get hacked, that information is automatically disclosed,” says White. “So, I think, you know, we want to be careful and understand the security risks.”

The US House Foreign Affairs Committee voted in favour of a bill that could grant the president the authority to ban TikTok entirely. White says if TikTok were ever banned in the United States, he would expect a lot of pushback.

“You're talking about regulating or outlawing a social media platform, which is an information-sharing platform for many. It will be seen as undemocratic because it is the free-flowing of ideas and information,” says White. “Whether that would withstand a constitutional challenge, I don’t know.”

Another argument against TikTok is its algorithm pushes harmful content onto users.

“Well, I would go back to Facebook. These algorithms are designed to meet certain needs of a company,” says White. “So whether it's drawing you, a user, into politically harmful dialogue on Facebook or directing you toward some other marketing strategy, there's a lot of psychology that's used in the development of applications and the algorithms that are run. I think that young people, people in general, must be cognizant of these things.”

He believes an important step is for everyone to be better educated about cyber security so they can be better consumers of technology.

“Technology is going to be with us. It's only going to get more powerful,” says White. “I think the issue for me is not outlawing the technology or outlawing the application. It's educating people as to what the technology is and how it may be harmful to you.”


Featured Articles

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security