Search results for: tiktok

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than 100 million Americans have reportedly downloaded this popular short video-sharing app on their devices.

In its defense, ByteDance maintains TikTok is operated independently of ByteDance, that all TikTok app user data is held on servers outside of China and further that it doesn’t share data with the Chinese government. ByteDance also claims other social media companies collect far more user data than does TikTok, yet aren’t being threatened with bans.

Concerns about TikTok have existed for years. Since 2017, the Committee on Foreign Investment in the United States (CFIUS), which investigates foreign investments in U.S. companies which have a potential national security risk, has been reviewing ByteDance’s practices, as a result of ByteDance’s acquisition of U.S. company Musical.ly. CFIUS’ investigation into the Bytedance/Musical.ly transaction remains open because of unresolved concerns about ByteDance’s use of user data, the potential data could be passed on to the Chinese government and concerns about the inability to monitor or enforce whatever restrictions ByteDance might even agree even to. However, CFIUS has suggested ByteDance should divest the TikTok’s American operations.

Meanwhile, more than 30 states and now the Biden Administration have banned government employees from using the TikTok app on government-owned devices. In Congress, the House Foreign Affairs Committee voted to advance a bill, known as the Deterring America’s Technology Adversaries Act (DATA Act) to ban anyone in the United States from accessing or downloading the TikTok app on their phones. If enacted into law, this would mean that Apple and Google would no longer be able to offer the TikTok app in their app stores. ByteDance is reportedly talking with Apple and Google about a data security plan that ByteDance has proposed to CFIUS to be sure the plan would also be acceptable to Apple and Google. The plan purportedly includes having Oracle host TikTok’s U.S. user data on its servers, as well as vet TikTok’s software and updates before they are sent to the app stores.

The U.S. is not alone in raising security concerns over the TikTok app. Canada, The European Parliament, European Commission and the EU Council have banned the TikTok app from being loaded onto government or organization owned devices. Some require employees and staff ban the TikTok app on personal devices with access to government or organization systems. Most have also recommended lawmakers and employees remove the TikTok app from their personal devices, even if they don’t access government or organization systems. Pakistan and Afghanistan have also imposed bans on TikTok, but because of its content, not because of security concerns.

Some countries have gone even further to impose outright bans on the TikTok app. In 2021, India imposed a permanent ban on the TikTok app and several other Chinese apps. In December 2022, Taiwan imposed a public sector ban on the TikTok app after the FBI warned that the TikTok app posed a national security risk. 

While TikTok is the current focus of legislators and regulators, some say security developments at other social media platforms should also be kept under constant review. The DATA Act bill would also require Biden to impose a ban on companies transferring sensitive personal data to an entity subject to the influence of China, although the details of this provision are not completely clear from the bill. 

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct connection to the Chinese Communist Party, which is a foreign adversary of the U.S. This week, South Dakota Governor Kristi Noem signed an executive order banning all state workers or contractors from accessing TikTok’s website or app on any state-owned or leased devices. According to Governor Noem, “South Dakota will have no part in the intelligence gathering operations of the Chinese Communist Party.”

Other governors may wish to take note of this bold, yet necessary, move. U.S. federal agencies, including the State Department, Department of Defense, the Transportation Security Administration (TSA), Department of Homeland Security, the U.S. military, and the Pentagon have already banned federal workers from using TikTok. The reason: national security. Yes folks, the use of TikTok and voluntarily allowing the Chinese Communist Party unfettered access to all content in TikTok is a matter of national security.

Commissioner Brendan Carr of the Federal Communications Commission feels strongly that the Committee on Foreign Investment in the United States (CFIUS) should ban TikTok for American users due to national and cybersecurity concerns. According to Carr, he has little confidence in Tik Tok’s ability to properly handle U.S. users’ data, stating that TikTok is “a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data” with a direct connection to the Chinese Communist Party. He has asked Google and Apple to remove TikTok from their app stores. Users I have spoken with do not seem to care about national security or that they are endangering national security while they have fun with the app. We need to collectively understand and heed the warnings of our government and understand the impact, though unintentional or ignorant at best, our actions have on national security. Let’s not wait for the government to ban the use of TikTok; let’s collectively do the right thing: delete the app and stop using the website.

I continue to marvel at how many Americans are using TikTok but are oblivious to the fact that they are being duped by one of our foreign adversaries—the Chinese Communist Party. Folks, listen to and heed the warnings of both state and federal governments on the dangers that the use of TikTok poses to national security. Think about your country instead of yourself and stop using TikTok. It’s a matter of national security.

I am not an alarmist by nature, but the increased mention of TikTok in day-to-day conversations is very concerning, considering the overwhelming warnings about how the Chinese Communist Party is collecting information on Americans. The way to visualize it is to imagine there is a member of the Chinese Communist Party on your shoulder looking at everything you do, tracking your location, accessing your personal and health information and that of your children and other members of your family. We wouldn’t like it if our own government were surveilling us like that. Why are we comfortable with a foreign adversary doing it?

You don’t have to listen to me—just scroll through the articles below—from both sides of the media aisle (this is actually a bipartisan issue)—and get on the collective wagon to voluntarily ban TikTok on a national basis. We can all do this together to spare the government from having to ban us from harming ourselves or our national security.

The saga started in 2020, when President Trump attempted to ban TikTok in the U.S. with an executive order citing national security concerns. TikTok then pivoted to potentially selling its U.S. business to an American company. That strategy fizzled.

President Biden revoked Trump’s order, but started an investigation into security threats posed by Tik Tok. FCC Commissioner Brendan Carr asked Apple and Google to remove TikTok from their app stores.

Commissioner Carr wants TikTok to be banned for all U.S. users, citing concerns over how TikTok is handling the massive amounts of data it gathers from U.S. users and lingering doubts “that it’s not finding its way back into the hands of the [Chinese Communist Party.”

FBI Director Christopher Wray has testified before the Homeland Security Committee of the U.S. House of Representatives that the FBI has ‘national security concerns’ about the use of TikTok by American users. Wray testified that his concerns include “the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so chose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices.”

U.S. federal agencies including the State Department, Department of Defense, the Transportation Safety Administration, Department of Homeland Security, the U.S. military and the Pentagon have already banned federal workers from using TikTok.

State governors also are getting into the action to ban the use of TikTok by state workers. The Governor of South Dakota issued an executive order this week banning state workers and contractors from using the app or accessing TikTok’s website from state-issued devices. Enough is enough. Let’s start a grassroots movement to ban the use of TikTok on our own. I urge you to join the movement.

FCC Commissioner Brendan Carr asserted that TikTok poses an “unacceptable national security risk” in a letter to the CEOs of Google and Apple urging the companies to remove the app from their mobile app stores. According to Carr, TikTok’s history of “surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok’s pattern of misleading representations and conduct” should disqualify it under Google’s and Apple’s app store policies.

The popular social media app, owned by Chinese-based company ByteDance, has attracted criticism from security experts for excessive data collection since its 2016 debut. More recently, watchdogs have accused the platform of giving the Chinese government unfettered access to the data it collects. According to the FCC letter, ByteDance “is beholden to the Communist Party of China and required by Chinese law to comply with the PRC’s surveillance demands.”

TikTok has denied cooperating with government surveillance, but has confirmed that employees in China might access American user data.

View the full letter here.

I have never been a fan of TikTok [view related post]. In general, I do not trust any Chinese technology companies because of the influence and requirements the Chinese government wields over them. The Chinese government has been stealing U.S.-based companies’ intellectual property for decades, has required U.S.-based companies to provide computer code in order to do business in China, and represses free speech on social media.

TikTok is a prime example of how important it is to monitor the apps that we and our children download. The newest apps become a craze overnight, everyone starts talking about them, and to be cool, we download them without reviewing the privacy policy and terms of use. Click, click “I agree” and before you know it a foreign government is amassing additional large amounts of data about you or your children that you are freely giving to it.

Unfortunately, many TikTok users are children, and they are even less likely to understand the risks of downloading the app. TikTok is facing as many as 10 lawsuits that allege it has been using facial recognition technology and collecting biometric information of its users, particularly children, without parental consent. The lawsuits were consolidated yesterday in Illinois.

My recommendation is to delete TikTok from your phone and ask your children to do the same. I have been saying this for a long time, and if you don’t care about my recommendation, then consider that the U.S. Senate, which, following approval of a similar bill in the U.S. House of Representatives, unanimously approved a bill yesterday that requires all U.S. government employees to delete the TikTok app from their phones due to national security concerns. It is expected that the President will sign the measure into law. Now this is what bipartisan cooperation is all about. At the moment, the law only applies to federal workers, but it is a sound measure that private citizens may wish to consider.

The President will no doubt sign the bill into law as TikTok is in his crosshairs as well, and he has stated that he is on a mission to ban TikTok from the U.S.

Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan. According to a Joint Advisory published on September 27, 2023, by the National Security Agency, the FBI, CISA, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity, “BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S.—the primary targets.”

In addition to targeting entities that support the U.S. and Japanese governments and militaries, BlackTech has targeted “industrial, technology, media, electronics, and communications sectors.” Its custom malware, dual-use tools, and living off the land tactics, such as disabling logging on routers, to conceal their operations.”

The Advisory provides detailed detection and mitigation techniques for organizations and recommends “monitor[ing] network devices for unauthorized downloads of bootloaders and firmware images and reboots. Network defenders should also monitor for unusual traffic destined to the router, including SSH.”

Researchers at Meta, the owner of Facebook, released a report this week which indicated that since March 2023, Meta “has blocked and shared with our industry peers more than 1,000 malicious links from being shared across our technologies” of unique ChatGPT-themed web addresses designed to deliver malicious software to users’ devices.

According to Meta’s report, “to target businesses, malicious groups often first go after the personal accounts of people who manage or are connected to business pages and advertising accounts. Threat actors may design their malware to target a particular online platform, including building in more sophisticated forms of account compromise than what you’d typically expect from run-of-the-mill malware.”

In one recent campaign, the threat actor “leveraged people’s interest in Open AI’s ChatGPT to lure them into installing malware…we’ve seen bad actors quickly pivot to other themes, including posing as Google Bard, TikTok marketing tools, pirated software and movies, and Windows utilities.”

The Meta report provides useful tools to guard against these attacks and responses in the event a device is affected.

Bad actors will use the newest technology as weapons. According to Cyberscoop, Meta researchers have said “hackers are using the skyrocketing interest in artificial intelligence chatbots such as ChatGPT to convince people to click on phishing emails, to register malicious domains that contain ChatGPT information and develop bogus apps that resemble the generative AI software.”

With any new technology comes new risk. Staying abreast of these risks and understanding how threat actors can pivot from personal accounts to business accounts, may prevent attacks against individuals and their companies.

Many companies are exploring the use of generative artificial intelligence technology (“AI”) in day-to-day operations. Some companies prohibit the use of AI until they get their heads around the risks. Others are allowing the use of AI technology and waiting to see how it all shakes out before determining a company stance on its use. And then there are the companies that are doing a bit of both and beta testing its use.

No matter which camp you are in, it is important to set a strategy for the organization now before users adopt AI and the horse is out of the barn, much like we are seeing with the issues around TikTok. Once users get used to using the technology in day to day operations, it will be harder to pull them back. Users don’t necessarily understand the risk posed to organizations when they use AI while performing their work.

Hence, the need to evaluate the risks, set a corporate strategy around the use of AI in the organization, and disseminate the strategy in a clear and meaningful way to employees.

We have learned much from the explosion of technology, applications, and tools through our experience over the last few decades with social media, tracking technology, disinformation, malicious code, ransomware, security breaches and data compromise. As an industry, we responded to each of those risks in a haphazard way. It would be prudent to learn from those lessons and try to get ahead of the use of AI technology to reduce the risk posed by its use.

A suggestion is to form a group of stakeholders from the organization to evaluate the risk posed by the use of AI, how the organization may reduce the risks, set a strategy around the use of AI within the organization, and put controls in place to educate and train users on its use within the organization. Setting a strategy around AI is no different than any other risk to the organization and similar processes can be used to develop a plan and program.

There are myriad resources to consult when evaluating the risk of using AI. One I found to be helpful is: A CISO’s Guide to Generative AI and ChatGPT Enterprise Risks published this month by the Team8 CISO Village.

The Report outlines risks to consider and categorizes them into High, Medium, and Low, and then outlines how to make risk decisions. It is spot on and a great resource guide if you are just starting the conversation within your organization.