TikTok has reported that it is responding to a cyber attack targeting a limited number of known brands and celebrity accounts. The BBC has identified that Paris Hilton’s account as being targeted, but TikTok says it was not compromised.

The BBC identified CNN as a victim whose account was successfully attacked. TikTok is working with CNN and other affected users to restore access to their accounts.

To add to TikTok’s legal woes in the U.S., Nebraska Attorney General Mike Hilgers (AG) filed suit against TikTok on May 22, 2024, alleging that TikTok violated Nebraska’s consumer protection laws and engaged in deceptive trade practices by “designing and operating a platform that is addictive and harmful to teens and children.” In addition, the AG alleges that “TikTok’s features fail to protect kids and regularly expose underage users to age-inappropriate and otherwise harmful content.”

The AG alleges that the use of TikTok by children in Nebraska “has fueled a youth mental health crisis in Nebraska.” The AG further alleges that TikTok is “addictive, that compulsive use is rampant, and that its purported safety features, such as age verification and parental controls, are grossly ineffective.”

The AG filed suit after his office conducted an investigation into TikTok’s practices, which included creating TikTok accounts of fictitious minors. According to the AG, TikTok’s algorithm directed the fictitious minors to inappropriate content “within minutes” of opening an account.

TikTok denies the allegations. We will continue to follow and update our readers on developments in the TikTok debate.

As threatened, TikTok, Inc. and ByteDance, Ltd., the owner of the TikTok app, filed suit against the United States on May 7, 2024, alleging that the Protecting Americans From Foreign Adversary Controlled Applications Act (“the Act”) is unconstitutional and is a violation of the free speech of 170 million Americans who use the app. 

The 77-page petition, filed in the U. S. Court of Appeals for the D.C. Circuit, alleges that ByteDance is unable to divest TikTok, that such “is simply not possible: not commercially, not technologically, not legally. And certainly not on the 270 -day timeline required by the Act.”

The petitioners allege that divesting the U.S. TikTok platform is not commercially viable and would “dramatically undermine the value and viability of the U.S. TikTok business.” In addition, the petitioners allege that moving TikTok’s source code from ByteDance to a new owner would require that the code be moved to an alternative team of engineers, which would “take years.” They also allege that the Chinese government will not permit a divestment of the algorithms that are at the heart of TikTok as “the Chinese government clearly signaled that it would assert its export control powers with respect to any attempt to sever TikTok’s operations from ByteDance,” That affirmation alone is worthy of why the Act is so important for national security. The Chinese government will not allow the algorithms being used on the TikTok platform, which is used to suggest a review of content and are arguably manipulative, to be divested and, therefore, out of its potential purview and control.

The petition alleges that the Act is a violation of the First Amendment, is an unconstitutional bill of attainder, a violation of Article I of the U.S. Constitution, and a violation of the Fifth Amendment’s Due Process and Takings Clauses. The relief requested includes a declaratory judgment that the Act violates the U.S. Constitution, an order enjoining the Attorney General from enforcing the Act, and a judgment in favor of petitioners.

For TikTok users, the law is applicable unless a Court rules otherwise. Transitioning away from TikTok while the issue moves through litigation is one way to respond to the Act and the subsequent dispute. There are other social media platforms to use that are not deemed a national security threat by the federal government.

President Biden signed a historical aid package into law on Tuesday that includes aid for Ukraine, Israel, and the Indo-Pacific region. The package also includes a bill increasing sanctions on Russian assets and requiring TikTok owner ByteDance to sell TikTok within 270 days or risk that the app will not be available through app stores or Internet hosting services in the U.S.

The bipartisan bill, entitled “Protecting Americans from Foreign Adversary Controlled Applications Act,” classifies TikTok as a foreign adversary-controlled application, which has been confirmed by the FBI and the Five Eyes [see previous blog posts on TikTok here]. TikTok, owned by a foreign adversary, has access to over 170 million Americans’ microphones, cameras, location, contacts, and moment-to-moment movement. It is essentially spyware.

ByteDance vows to sue. How contradictory. A foreign adversary suing for its constitutional rights in the U.S.

Yesterday, with broad bipartisan support, the U.S. House of Representatives voted overwhelmingly (352-65) to support the Protecting Americans from Foreign Adversary Controlled Applications Act, designed to begin the process of banning TikTok’s use in the United States. This is music to my ears. See a previous blog post on this subject.

The Act would penalize app stores and web hosting services that host TikTok while it is owned by Chinese-based ByteDance. However, if the app is divested from ByteDance, the Act will allow use of TikTok in the U.S.

National security experts have warned legislators and the public about downloading and using TikTok as a national security threat. This threat manifests because the owner of ByteDance is required by Chinese law to share users’ data with the Chinese Communist government. When downloading the app, TikTok obtains access to users’ microphones, cameras, and location services, which is essentially spyware on over 170 million Americans’ every move, (dance or not).

Lawmakers are concerned about the detailed sharing of Americans’ data with one of its top adversaries and the ability of TikTok’s algorithms to influence and launch disinformation campaigns against the American people. The Act will make its way through the Senate, and if passed, President Biden has indicated that he will sign it. This is a big win for privacy and national security.

The bill that passed in the U.S. House of Representatives potentially banning TikTok’s use in the U.S. is not a novel idea. The federal government has already banned TikTok’s use for federal employees, some states have banned its use for state employees, and the state of Montana has attempted to ban its use in the state, which was litigated by ByteDance and is presently on appeal. Other countries have banned the use of TikTok over similar concerns without the uproar levied by users in the U.S. Perhaps users in other countries are more sophisticated or care more about national security and privacy concerns than users in the U.S.

The Washington Post published an article on March 13, 2024, that outlines other countries that have already banned TikTok from certain use. They include India, Nepal, European Union, Canada, Britain, Australia, Taiwan, New Zealand, Pakistan, Afghanistan (yes, even the Taliban banned TikTok in 2022 to “prevent the younger generation from being misled”), and Somalia.

The article is a very interesting read and shows that the concern over the intent of the Chinese Communist Party as it relates to TikTok is global. Encourage your Senators to adopt the House bill banning TikTok in the U.S. unless ByteDance divests the app, so it can be sent to President Biden for signature.

Montana’s legislature last year passed legislation, signed by the Governor, to ban the use of TikTok within the borders of the state, seeking to protect Montana consumers’ personal information and limit spying by the Chinese government through TikTok.

Some Montana users sued Montana to block the ban. A federal judge in Montana issued a preliminary injunction blocking the ban that was set to start on January 1, 2024. On January 2, 2024, the state filed a notice to appeal the ruling to the U.S. Court of Appeals for the Ninth Circuit.

Montana’s ban of the use of TikTok in the state by anyone was more expansive than previous bans by the federal government and other states prohibiting its use by federal and state employees.

We have repeatedly written about the risks and concerns about consumers’ use of TikTok. Its use continues to be a national security threat, and Montana’s appeal is one we will be watching closely.

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than 100 million Americans have reportedly downloaded this popular short video-sharing app on their devices.

In its defense, ByteDance maintains TikTok is operated independently of ByteDance, that all TikTok app user data is held on servers outside of China and further that it doesn’t share data with the Chinese government. ByteDance also claims other social media companies collect far more user data than does TikTok, yet aren’t being threatened with bans.

Concerns about TikTok have existed for years. Since 2017, the Committee on Foreign Investment in the United States (CFIUS), which investigates foreign investments in U.S. companies which have a potential national security risk, has been reviewing ByteDance’s practices, as a result of ByteDance’s acquisition of U.S. company Musical.ly. CFIUS’ investigation into the Bytedance/Musical.ly transaction remains open because of unresolved concerns about ByteDance’s use of user data, the potential data could be passed on to the Chinese government and concerns about the inability to monitor or enforce whatever restrictions ByteDance might even agree even to. However, CFIUS has suggested ByteDance should divest the TikTok’s American operations.

Meanwhile, more than 30 states and now the Biden Administration have banned government employees from using the TikTok app on government-owned devices. In Congress, the House Foreign Affairs Committee voted to advance a bill, known as the Deterring America’s Technology Adversaries Act (DATA Act) to ban anyone in the United States from accessing or downloading the TikTok app on their phones. If enacted into law, this would mean that Apple and Google would no longer be able to offer the TikTok app in their app stores. ByteDance is reportedly talking with Apple and Google about a data security plan that ByteDance has proposed to CFIUS to be sure the plan would also be acceptable to Apple and Google. The plan purportedly includes having Oracle host TikTok’s U.S. user data on its servers, as well as vet TikTok’s software and updates before they are sent to the app stores.

The U.S. is not alone in raising security concerns over the TikTok app. Canada, The European Parliament, European Commission and the EU Council have banned the TikTok app from being loaded onto government or organization owned devices. Some require employees and staff ban the TikTok app on personal devices with access to government or organization systems. Most have also recommended lawmakers and employees remove the TikTok app from their personal devices, even if they don’t access government or organization systems. Pakistan and Afghanistan have also imposed bans on TikTok, but because of its content, not because of security concerns.

Some countries have gone even further to impose outright bans on the TikTok app. In 2021, India imposed a permanent ban on the TikTok app and several other Chinese apps. In December 2022, Taiwan imposed a public sector ban on the TikTok app after the FBI warned that the TikTok app posed a national security risk. 

While TikTok is the current focus of legislators and regulators, some say security developments at other social media platforms should also be kept under constant review. The DATA Act bill would also require Biden to impose a ban on companies transferring sensitive personal data to an entity subject to the influence of China, although the details of this provision are not completely clear from the bill. 

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.