Trying to make sense of TIkTok's cybersecurity concerns

Posted on : March 17, 2023
Trying to make sense of TIkTok's cybersecurity concerns

Illustration: Aïda Amer/Axios

It's not just regulators and lawmakers struggling to make sense of cybersecurity concerns about TikTok — even your Codebook author can't figure out which are overhyped and which are valid.

What's happening: It's now been about a month since I purchased a burner phone solely for TikTok.

  • I've loved the app since 2019, when dancing to the Home Depot theme song was its biggest trend. From travel and meal-prepping tips to cat videos to absurd Gen Z trends, it's just a fun place to be.
  • I got the burner phone idea from veteran tech journalist Kara Swisher, who did the same thing nearly three years ago.
  • I always thought those hollering about TikTok's potential for abuse were either out of touch or overzealous China hawks. But TikTok parent company ByteDance's admission last year that it had tracked the location of U.S. journalists convinced me to rethink my use.

Why it matters: TikTok reached 1 billion monthly active users in just five years, far more quickly than most U.S. social media apps, adding more urgency to U.S. officials' attempts to regulate the app.

  • And Pew Research estimates that about a quarter of U.S. adults under the age of 30 now get their news on TikTok.

The big picture: TikTok comes with a unique set of regulatory considerations because of its China-based parent company.

  • Companies in China are under different rules than U.S. ones and can be compelled to turn over user data without much recourse.
  • FBI director Christopher Wray said during a public event in December that the bureau is concerned the Chinese government could manipulate the TikTok algorithm, and "if they want to, to use it for influence operations."
  • TikTok has also reportedly censored videos that mention Tibetan independence, the Uyghur genocide and other videos. (A TikTok spokesperson attributed these reports to user violations of other content moderation policies and said anti-Chinese government arguments are still prominent on the app.)

The other side: However, since I got my burner phone, several security experts have told me in private conversations that I probably overreacted.

  • Keeping TikTok on my phone isn't much different from having any other mobile app with questionable practices on my phone, they argue.
  • A prime example is Twitter: The platform has temporarily suspended some journalists who report negatively about the company, and some have expressed concern about Elon Musk having access to DMs.
  • A TikTok spokesperson also told Axios that U.S. user data is currently accessible only by Oracle Cloud and the TikTok U.S. data security team, which will soon be spun out into its own subsidiary.

State of play: Navigating TikTok's cybersecurity concerns hasn't been easy for anyone involved — even security officials.

  • For three years, the federal government has been struggling to figure out whether security concerns about TikTok make it too dangerous to operate in the country — or if there's a way to protect U.S. user data.
  • Meanwhile, several states, universities and lawmakers have already jumped ahead and banned its use.
  • Former Cybersecurity and Infrastructure Security Agency assistant director for cybersecurity Bryan Ware told Axios his own kids use the app. "My kids — oh, my god — would they revolt or change their citizenship to Canada [if TikTok got banned]," said Ware, the current CEO of LookingGlass Cyber Solutions.
  • Though he'd "personally like to see us not using TikTok."

Reality check: If the Chinese government wants to spy on the U.S., it doesn't need TikTok to do so.

  • Chinese state-sponsored hackers exploited flaws in Microsoft Exchange servers, affecting 30,000 U.S. organizations, just two years ago.
  • The recent news cycle around the Chinese surveillance balloon drifting across U.S. airspace is just the latest example.

Between the lines: The average TikToker (e.g., my 16-year-old sister) probably doesn't need to run out and get a burner phone — but journalists, human rights activists and political dissidents have different considerations.

The bottom line: I'll probably keep my burner phone for now.

  • If anything, having to power up a separate phone to watch short videos has helped me become more mindful of my usage, and that's always a good thing.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Source: Read Full Article