Texas this week develop into the fifth US state to ban the TikTok app on government-owned units over issues concerning the social media app harvesting delicate information from person units and doubtlessly making it accessible to the Chinese authorities.
The query now’s whether or not non-public firms will implement comparable restrictions on use of the favored social media app on units that staff use to entry enterprise information and functions.
Unacceptable Risk
Texas Gov. Greg Abbott on Wednesday stated he had ordered all state companies to ban TikTok on any state-issued units efficient instantly. Abbott stated he has additionally given every state company till Feb. 15, 2023 to implement their very own insurance policies relating to the usage of TikTok on private units belonging to staff — topic to approval by the Texas Department of Public Safety.
“TikTok harvests huge quantities of knowledge from its customers’ units — together with when, the place, and the way they conduct web exercise — and provides this trove of doubtless delicate info to the Chinese authorities,” Abbott stated, echoing issues that many others have expressed not too long ago.
Abbott pointed to China’s 2017 National Intelligence Law, which obligates Chinese firms and people to help in state intelligence-gathering actions, and a latest warning from FBI Director Christopher Wray about TikTok’s use in affect operations, as causes for his choice.
Abbott’s order got here simply at some point after Maryland Gov. Larry Hogan issued an emergency directive prohibiting the usage of TikTok and different Chinese and Russian-influenced merchandise on state-issued units, citing the “unacceptable” cybersecurity threat they offered to the state.
His order applies to TikTok, Huawei Technologies, ZTE Corp., Tencent Holdings merchandise together with WeChat, Alibaba merchandise together with AliPay, and Kaspersky. Hogan’s directive requires all Maryland state companies to take away these merchandise from state networks inside 14 days and to implement network-based restrictions stopping entry to those providers.
Like Abbott, Hogan additionally cited Wray’s warning about TikTok presenting a nationwide safety menace in his assertion, in addition to a latest NBC News report about Chinese hackers stealing thousands and thousands of {dollars} in COVID-related advantages.
The three different states which have issued comparable directives over comparable issues are South Dakota, South Carolina, and Nebraska. In addition, the US Departments of Defense, State, and Homeland Security have all banned TikTok on federally issued units. This July, members of the Senate Select Committee on Intelligence despatched a letter to the chair of the Federal Trade Commission urging the company to analyze what it claimed had been misleading practices by TikTok with regard to its information privateness practices.
Concerns Mount Despite TikTok’s Assurances
The rising variety of bans on the usage of TikTok on state and federal units and networks is certain to encourage different state governments, federal companies, and personal firms to weigh the safety and privateness implications of utilizing the social media app.
In a Senate listening to earlier this 12 months, TikTok COO Vanessa Pappas maintained that TikTok doesn’t function inside China and the app isn’t accessible there. She has described the corporate as integrated within the US and compliant with US legal guidelines. Though TikTok does have staff primarily based in China, the corporate has strict entry management over what information these staff can entry and the place TikTok shops the information, Pappas testified. Earlier this 12 months, the corporate additionally introduced it has launched an initiative known as Project Texas designed to bolster confidence within the safeguards the corporate has put in place and can put in place to guard US person information and nationwide safety pursuits. TikTok now shops 100% of US person information within the US in Oracle’s cloud surroundings and is working with Oracle to implement superior information safety controls, TikTok CEO Shou Zi Chew stated on the time.
In an emailed remark to Dark Reading, TikTok spokesperson Jamal Brown expressed disappointment over the latest developments. “We imagine the issues driving these choices are largely fueled by misinformation about our firm,” Brown says. “We are comfortable to proceed having constructive conferences with state policymakers to debate our privateness and safety practices. We are upset that many state companies, workplaces, and universities will now not have the ability to use TikTok to construct communities and join with constituents.”
Despite such assurances, the truth that a China-based entity known as ByteDance Ltd owns TikTok and that the Chinese authorities owns at the least a partial stake in one in every of its subsidiaries continues to be a significant supply of concern for a lot of. Recent stories about menace actors utilizing the platform to distribute malware haven’t helped issues.
“The particular scenario with TikTok being primarily based in China and being topic to Chinese regulation, which may give the Chinese Communist Party (CCP) entry to person information, is giving many individuals pause,” says Mike Parkin, senior technical engineer at Vulcan Cyber.
Social media functions like TikTok could be problematic for organizations as properly. “They are immensely well-liked, particularly with the generations which have grown up with social media,” he says. It’s solely affordable that organizations would prohibit what apps get put in on their organization-provided units and suggest their staff don’t set up it on any private techniques they use to entry enterprise techniques, Parkin says.
On units supplied by organizations, a ban on TikTok can be completely enforceable, he says. But the identical would not be true of personally owned and unmanaged units, he notes. “The group can lay out the necessities, however implementing them turns into way more difficult each ethically and legally,” Parkin says.
Patrick Tiquet, vp of safety and structure at Keeper Security, says the fast proliferation of BYOD insurance policies and distributed distant work environments has contributed to an exponential enhance in threat to endpoints and functions for each private and non-private sector entities. “This places organizations in a precarious scenario, as they have to weigh the comfort and cost-savings of BYOD insurance policies with the numerous cybersecurity threat,” Tiquet says. “Banning particular apps might look like a easy and easy method to making sure safety, however with a BYOD coverage, it’s troublesome to implement.”