Cybersecurity experts: It’s smart to ban government employees from using TikTok

By Jenni Bergal—Stateline

At least 18 states, all led by Republican governors, have banned staffers’ use on government devices of the social media app TikTok over concerns about the possible security risks posed by the Chinese-owned company. They say the app can be used to collect data from users’ devices, which the Chinese government could then access.

Some states have gone even further, banning apps and products such as WeChat, QQWallet, and AliPay from other Chinese companies.

In Maryland, Republican Gov. Larry Hogan authorized his chief information security officer, Chip Stewart, to issue such an emergency directive. The directive prohibits state employees from using TikTok as well as information technology products and platforms from four other Chinese companies and one Russian one. Agencies must remove the products from state networks and stop using them.

“A lot of states issued executive orders, saying, ‘We’re banning TikTok.’ That’s great for today,” Stewart said. “But tomorrow, what if you have a new product you want to ban? Are they going to issue an executive order for each one?”

The governors of least three other states—Georgia, New Hampshire, and Virginia—also have gone beyond TikTok to ban WeChat and other apps and products from various Chinese companies.

Over the past few weeks, governor after governor has announced a TikTok ban for state employees, but none so far has been a Democrat.

However, action at the federal level has been bipartisan. Last week, the U.S. Senate unanimously passed a bill that would prohibit federal employees from using TikTok on government-owned devices. U.S. House Speaker Nancy Pelosi, a California Democrat, has said she supports such a restriction, as does House Minority Leader Kevin McCarthy, a California Republican.

Florida Republican U.S. Sen. Marco Rubio wants to go even further. He has introduced a measure, which has a bipartisan companion bill in the House, that would ban TikTok from operating in the United States, along with any other social media company in or under the influence of China, Russia, and several other “countries of concern.”

Then-President Donald Trump tried in 2020 to ban TikTok from U.S. app stores, citing security concerns, but that effort was blocked by a federal judge.

This November, FBI Director Christopher Wray testified at a congressional hearing that his agency is “extremely concerned” about TikTok’s operations in the United States. He said the Chinese government could use it to collect data on users and control the app’s algorithm to manipulate content and launch influence campaigns.

This month, Wray again warned about the possibility of TikTok user data getting into the hands of a Chinese government “that doesn’t share our values,” and said China could collect it for espionage.

Cybersecurity experts say the governors’ bans are a smart move.

“States oversee law enforcement, transportation, utilities. There is good reason for governors to be involved in this,” said Anton Dahbura, executive director of Johns Hopkins Information Security Institute, a cybersecurity academic and research center. “It’s not just the obvious security that someone could bring down the power grid. It’s infiltration of systems to obtain confidential information that is quite valuable to foreign actors.”

TikTok, which allows users to create and share videos on any topic, has more than a billion users worldwide and more than 100 million in the United States. The state bans would not apply to employees’ personal devices, as long as they aren’t connected to state networks.

A TikTok spokesperson said the accusations against the company are false and that the Chinese government is not involved in its operations.

“It is unfortunate that the many state agencies, offices, and universities on TikTok in those states will no longer be able to use it to build communities and connect with constituents,” spokesperson Brooke Oberwetter said in an email.

Indeed, several state agencies—including governor’s offices, tourism boards, and state universities—use TikTok to reach new, especially younger audiences.

Several federal agencies already bar staffers from using TikTok on their government phones and devices, including the State Department, the Pentagon and the Transportation Security Agency. The White House also bars the app.

“Now that states are jumping into the fray, the hypothesis could be that they want to use this as brownie points, saying, ‘Listen, if you can’t get your act together in Washington, we’re going to do it on the state level,’” said Harry Broadman, a former member of the Committee on Foreign Investment in the United States, a federal interagency body that reviews national security impacts of foreign investments in the U.S.

In Maryland, Stewart said officials had been considering banning TikTok for several months, but that Wray’s public warnings “tipped the scale for us” and led to the prohibition.

In response to the concerns in the U.S. that American users’ information can being shared with the Chinese government, TikTok announced earlier this year that it had moved all the data to Oracle, a Silicon Valley company. But TikTok said it would still store backups of that information.

Oberwetter, the TikTok spokesperson, said that although the parent company was founded in China, TikTok has offices and operations around the world and is not a state-owned enterprise or otherwise controlled by the Chinese government.

But China has laws that require private companies to provide information to the government, according to Holden Triplett, cofounder of Trenchcoat Advisors, a risk advisory firm headquartered in Washington, D.C.

“Any company located in China can have the best of intentions, but it doesn’t matter. In the end, if the Chinese government wants to force them to comply, they must,” said Triplett, who formerly was an FBI special agent and director of counterintelligence for the National Security Council.

And while it’s true that other social media companies such as Twitter and Facebook also track users’ data, the experts say TikTok is different. Those companies are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.

China doesn’t require that and could easily track data for the purpose of gathering information on Americans, they say.

“TikTok can access your camera and phone, the Wi-Fi connection, contacts, GPS, storage. It can read what you are doing and the things you’ve done.” said Brian Haugli, CEO of SideChannel, a cybersecurity company headquartered in Worcester, Massachusetts. “That thing can tell you where your eyeballs are looking.”


This article was first published on Stateline, an initiative of the Pew Charitable Trusts. Read the original article here.

Fast Company

(31)