Texas this week became the fifth U.S. state to ban the TikTok app on government-owned devices over concerns the social media app collects sensitive data from users’ devices and potentially exposes it to the public. disposal of the Chinese government.
The question now is whether private companies will put similar restrictions on the use of the popular social media app on the devices employees use to access company data and apps.
Unacceptable risk
Texas Governor Greg Abbott said Wednesday he has ordered all state agencies to ban TikTok on all state-issued devices effective immediately. Abbott said he has also given each state agency until February 15, 2023 to implement their own policies regarding the use of TikTok on employee-owned personal devices — subject to departmental approval. Texas Public Safety.
“TikTok harvests vast amounts of data from its users’ devices – including when, where and how they conduct their internet activities – and offers this wealth of potentially sensitive information to the Chinese government,” Abbott said, echoing to the concerns that many others have expressed recently. .
Abbott pointed to China’s 2017 National Intelligence Act, which requires Chinese companies and individuals to participate in state intelligence-gathering activities, and a recent warning from FBI Director Christopher Wray regarding the use of TikTok. in influence operations, as reasons for its decision.
Abbott’s order came just a day after Maryland Governor Larry Hogan issued an emergency directive banning the use of TikTok and other Chinese and Russian-influenced products on devices issued by the state, citing the “unacceptable” cybersecurity risk they posed to the state.
Its order applies to TikTok, Huawei Technologies, ZTE Corp., Tencent Holdings products including WeChat, Alibaba products including AliPay, and Kaspersky. Hogan’s directive requires all Maryland state agencies to remove these products from state networks within 14 days and implement network-based restrictions preventing access to these services.
Like Abbott, Hogan also cited Wray’s warning about TikTok posing a national security threat in his statement, as well as a recent NBC News report about Chinese hackers stealing millions of dollars in COVID-related benefits.
The other three states that have issued similar guidelines for similar concerns are South Dakota, South Carolina and Nebraska. Additionally, the US Departments of Defense, State, and Homeland Security have all banned TikTok on federally issued devices. Last July, members of the Senate Select Committee on Intelligence sent a letter to the chairman of the Federal Trade Commission urging the agency to investigate what it claimed were deceptive practices by TikTok regarding its online practices. regarding data privacy.
Concerns mount despite assurances from TikTok
The growing number of bans on the use of TikTok on state and federal devices and networks will certainly encourage other state governments, federal agencies and private companies to weigh the security and privacy implications of use. of social media app.
During a Senate hearing earlier this year, TikTok COO Vanessa Pappas claimed that TikTok does not operate in China and the app is not available there. She described the company as incorporated in the United States and compliant with US laws. Although TikTok has employees based in China, the company has strict access control over what data those employees can access and where TikTok stores the data, Pappas said. Earlier this year, the company also announced that it had launched an initiative called Project Texas designed to build confidence in the safeguards the company has put in place and will put in place to protect US users’ data and the interests of national security. TikTok now stores 100% of US user data in the US in Oracle’s cloud environment and is working with Oracle to implement advanced data security controls, TikTok CEO Shou said at the time. Zi Chew.
In an emailed comment to Dark Reading, TikTok spokesperson Jamal Brown expressed disappointment with recent developments. “We believe the concerns driving these decisions are largely fueled by misinformation about our company,” Brown said. “We are pleased to continue to have constructive meetings with state policy makers to discuss our privacy and security practices. We are disappointed that many state agencies, offices and universities can no longer use TikTok to build communities and connect with voters.”
Despite these assurances, the fact that a China-based entity called ByteDance Ltd owns TikTok and that the Chinese government has at least a partial stake in one of its subsidiaries continues to be a major source of concern for many. Recent reports of threat actors using the platform to distribute malware haven’t helped matters.
“The specific situation of TikTok being based in China and subject to Chinese law, which can give the Chinese Communist Party (CCP) access to user data, has many people thinking,” says Mike Parkin, senior technical engineer at Vulcan Cyber.
Social media apps like TikTok can also be problematic for organizations. “They’re immensely popular, especially with generations who have grown up with social media,” he says. It’s only reasonable for organizations to restrict the apps installed on devices provided by their organization and advise their employees not to install them on the personal systems they use to access corporate systems, Parkin says.
On devices provided by organizations, a TikTok ban would be absolutely enforceable, he says. But the same is not true for personal and unmanaged devices, he notes. “The organization can state the requirements, but enforcing them becomes much more difficult both ethically and legally,” Parkin says.
Patrick Tiquet, vice president of security and architecture at Keeper Security, says the rapid proliferation of BYOD policies and distributed remote work environments has contributed to an exponential increase in endpoint and application risk for users. public and private sector entities. “This puts organizations in a precarious position as they must weigh the convenience and cost savings of BYOD policies against the significant cybersecurity risk,” Tiquet says. “Banning specific apps might seem like a simple and straightforward approach to ensuring security, but with a BYOD policy, it’s hard to enforce.”
#TikTok #bans #government #Devices #private #sector #follow