Critics of TikTok, the popular short-form video service, have long feared that Chinese parent company ByteDance is sharing user information with the government there and allowing it to manipulate content.
Since late November, the Republican governors of Maryland, Nebraska, Oklahoma, South Carolina, South Dakota, and Texas have banned TikTok from state-owned devices, and FBI Director Christopher Wray has raised concerns that the Chinese government has control over the app’s recommendation algorithm, allowing it to manipulate what users see.
TikTok is “in the hands of a government that doesn’t share our values and that has a mission that’s very much at odds with what’s in the best interests of the United States,” Wray told an audience at the University of Michigan’s Gerald R. Ford School of Public Policy on Dec. 3. “That should concern us.”
Meanwhile, South Dakota Gov. Kristi Noem signed an executive order in late November banning TikTok from devices used by state government agencies, employees, and contractors. “South Dakota will have no part in the intelligence gathering operations of nations who hate us,” the Republican governor said in a statement. “The Chinese Communist Party uses information that it gathers on TikTok to manipulate the American people, and they gather data off the devices that access the platform.”
South Carolina Gov. Henry McMaster, also a Republican, followed suit on Dec. 5. “Protecting our state’s critical cyber infrastructure from foreign and domestic threats is key to ensuring the health, safety, and well-being of our citizens and businesses,” McMaster wrote in a letter. “Federal law enforcement and national security officials have warned that TikTok poses a clear and present danger to its users.”
Maryland Gov. Larry Hogan, Nebraska Gov. Pete Ricketts, Oklahoma Gov. Kevin Stitt, and Texas Gov. Greg Abbott, all Republicans, issued similar statements over their directives to ban TikTok from state devices.
TikTok spokeswoman Brooke Oberwetter noted that ByteDance is a private company. TikTok Inc., which offers the TikTok service in the United States, is a U.S. company bound by U.S. laws, she added.
Responding to Wray’s criticisms, Oberwetter said the FBI’s input is being considered in negotiations between TikTok and the U.S. government.
“While we can’t comment on the specifics of those confidential discussions, we are confident that we are on a path to fully satisfy all reasonable U.S. national security concerns and have already made significant strides toward implementing those solutions,” she said.
Many cybersecurity experts share the concerns of U.S. officials, although some said there’s little proof the Chinese government is indeed accessing user information or manipulating content.
“It is generally accepted that the Chinese government has broad powers to access data from Chinese companies, including TikTok’s parent company, ByteDance,” said Peter Luo, founder of DTonomy, a cybersecurity provider. “This means that it is possible that the Chinese government could gain access to user data from TikTok.”
The biggest harm to users is that the Chinese government could use TikTok to monitor and surveil them, he said. “While TikTok users may not be sharing sensitive government information through the app, they may still be sharing personal information that could be used to identify and track them,” Luo added.
The Chinese government has a strong reputation for using apps and internet services for its own purposes, added Sanjay Raja, vice president of product marketing and solutions at cybersecurity provider Gurucul.
“While any nation is capable of embedding backdoors, spyware, and kill switches in technology, China’s intermingled control, influence, and oversight over business must be of great concern to any government, business, or institution,” Raja said.
Social media and related apps can be used in many ways to target businesses, groups, and people for “various nefarious purposes,” he added.
While it may make sense to ban TikTok, “it is important to understand that technology from overseas is so pervasive within our business operations and infrastructure,” he added.
Organizations concerned about threats from TikTok and other apps should consider advanced threat detection services, he recommended.