Montana’s legislature last year passed legislation, signed by the Governor, to ban the use of TikTok within the borders of the state, seeking to protect Montana consumers’ personal information and limit spying by the Chinese government through TikTok.

Some Montana users sued Montana to block the ban. A federal judge in Montana issued a preliminary injunction blocking the ban that was set to start on January 1, 2024. On January 2, 2024, the state filed a notice to appeal the ruling to the U.S. Court of Appeals for the Ninth Circuit.

Montana’s ban of the use of TikTok in the state by anyone was more expansive than previous bans by the federal government and other states prohibiting its use by federal and state employees.

We have repeatedly written about the risks and concerns about consumers’ use of TikTok. Its use continues to be a national security threat, and Montana’s appeal is one we will be watching closely.

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than 100 million Americans have reportedly downloaded this popular short video-sharing app on their devices.

In its defense, ByteDance maintains TikTok is operated independently of ByteDance, that all TikTok app user data is held on servers outside of China and further that it doesn’t share data with the Chinese government. ByteDance also claims other social media companies collect far more user data than does TikTok, yet aren’t being threatened with bans.

Concerns about TikTok have existed for years. Since 2017, the Committee on Foreign Investment in the United States (CFIUS), which investigates foreign investments in U.S. companies which have a potential national security risk, has been reviewing ByteDance’s practices, as a result of ByteDance’s acquisition of U.S. company Musical.ly. CFIUS’ investigation into the Bytedance/Musical.ly transaction remains open because of unresolved concerns about ByteDance’s use of user data, the potential data could be passed on to the Chinese government and concerns about the inability to monitor or enforce whatever restrictions ByteDance might even agree even to. However, CFIUS has suggested ByteDance should divest the TikTok’s American operations.

Meanwhile, more than 30 states and now the Biden Administration have banned government employees from using the TikTok app on government-owned devices. In Congress, the House Foreign Affairs Committee voted to advance a bill, known as the Deterring America’s Technology Adversaries Act (DATA Act) to ban anyone in the United States from accessing or downloading the TikTok app on their phones. If enacted into law, this would mean that Apple and Google would no longer be able to offer the TikTok app in their app stores. ByteDance is reportedly talking with Apple and Google about a data security plan that ByteDance has proposed to CFIUS to be sure the plan would also be acceptable to Apple and Google. The plan purportedly includes having Oracle host TikTok’s U.S. user data on its servers, as well as vet TikTok’s software and updates before they are sent to the app stores.

The U.S. is not alone in raising security concerns over the TikTok app. Canada, The European Parliament, European Commission and the EU Council have banned the TikTok app from being loaded onto government or organization owned devices. Some require employees and staff ban the TikTok app on personal devices with access to government or organization systems. Most have also recommended lawmakers and employees remove the TikTok app from their personal devices, even if they don’t access government or organization systems. Pakistan and Afghanistan have also imposed bans on TikTok, but because of its content, not because of security concerns.

Some countries have gone even further to impose outright bans on the TikTok app. In 2021, India imposed a permanent ban on the TikTok app and several other Chinese apps. In December 2022, Taiwan imposed a public sector ban on the TikTok app after the FBI warned that the TikTok app posed a national security risk. 

While TikTok is the current focus of legislators and regulators, some say security developments at other social media platforms should also be kept under constant review. The DATA Act bill would also require Biden to impose a ban on companies transferring sensitive personal data to an entity subject to the influence of China, although the details of this provision are not completely clear from the bill. 

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct connection to the Chinese Communist Party, which is a foreign adversary of the U.S. This week, South Dakota Governor Kristi Noem signed an executive order banning all state workers or contractors from accessing TikTok’s website or app on any state-owned or leased devices. According to Governor Noem, “South Dakota will have no part in the intelligence gathering operations of the Chinese Communist Party.”

Other governors may wish to take note of this bold, yet necessary, move. U.S. federal agencies, including the State Department, Department of Defense, the Transportation Security Administration (TSA), Department of Homeland Security, the U.S. military, and the Pentagon have already banned federal workers from using TikTok. The reason: national security. Yes folks, the use of TikTok and voluntarily allowing the Chinese Communist Party unfettered access to all content in TikTok is a matter of national security.

Commissioner Brendan Carr of the Federal Communications Commission feels strongly that the Committee on Foreign Investment in the United States (CFIUS) should ban TikTok for American users due to national and cybersecurity concerns. According to Carr, he has little confidence in Tik Tok’s ability to properly handle U.S. users’ data, stating that TikTok is “a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data” with a direct connection to the Chinese Communist Party. He has asked Google and Apple to remove TikTok from their app stores. Users I have spoken with do not seem to care about national security or that they are endangering national security while they have fun with the app. We need to collectively understand and heed the warnings of our government and understand the impact, though unintentional or ignorant at best, our actions have on national security. Let’s not wait for the government to ban the use of TikTok; let’s collectively do the right thing: delete the app and stop using the website.

I continue to marvel at how many Americans are using TikTok but are oblivious to the fact that they are being duped by one of our foreign adversaries—the Chinese Communist Party. Folks, listen to and heed the warnings of both state and federal governments on the dangers that the use of TikTok poses to national security. Think about your country instead of yourself and stop using TikTok. It’s a matter of national security.

I am not an alarmist by nature, but the increased mention of TikTok in day-to-day conversations is very concerning, considering the overwhelming warnings about how the Chinese Communist Party is collecting information on Americans. The way to visualize it is to imagine there is a member of the Chinese Communist Party on your shoulder looking at everything you do, tracking your location, accessing your personal and health information and that of your children and other members of your family. We wouldn’t like it if our own government were surveilling us like that. Why are we comfortable with a foreign adversary doing it?

You don’t have to listen to me—just scroll through the articles below—from both sides of the media aisle (this is actually a bipartisan issue)—and get on the collective wagon to voluntarily ban TikTok on a national basis. We can all do this together to spare the government from having to ban us from harming ourselves or our national security.

The saga started in 2020, when President Trump attempted to ban TikTok in the U.S. with an executive order citing national security concerns. TikTok then pivoted to potentially selling its U.S. business to an American company. That strategy fizzled.

President Biden revoked Trump’s order, but started an investigation into security threats posed by Tik Tok. FCC Commissioner Brendan Carr asked Apple and Google to remove TikTok from their app stores.

Commissioner Carr wants TikTok to be banned for all U.S. users, citing concerns over how TikTok is handling the massive amounts of data it gathers from U.S. users and lingering doubts “that it’s not finding its way back into the hands of the [Chinese Communist Party.”

FBI Director Christopher Wray has testified before the Homeland Security Committee of the U.S. House of Representatives that the FBI has ‘national security concerns’ about the use of TikTok by American users. Wray testified that his concerns include “the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so chose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices.”

U.S. federal agencies including the State Department, Department of Defense, the Transportation Safety Administration, Department of Homeland Security, the U.S. military and the Pentagon have already banned federal workers from using TikTok.

State governors also are getting into the action to ban the use of TikTok by state workers. The Governor of South Dakota issued an executive order this week banning state workers and contractors from using the app or accessing TikTok’s website from state-issued devices. Enough is enough. Let’s start a grassroots movement to ban the use of TikTok on our own. I urge you to join the movement.

FCC Commissioner Brendan Carr asserted that TikTok poses an “unacceptable national security risk” in a letter to the CEOs of Google and Apple urging the companies to remove the app from their mobile app stores. According to Carr, TikTok’s history of “surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok’s pattern of misleading representations and conduct” should disqualify it under Google’s and Apple’s app store policies.

The popular social media app, owned by Chinese-based company ByteDance, has attracted criticism from security experts for excessive data collection since its 2016 debut. More recently, watchdogs have accused the platform of giving the Chinese government unfettered access to the data it collects. According to the FCC letter, ByteDance “is beholden to the Communist Party of China and required by Chinese law to comply with the PRC’s surveillance demands.”

TikTok has denied cooperating with government surveillance, but has confirmed that employees in China might access American user data.

View the full letter here.

I have never been a fan of TikTok [view related post]. In general, I do not trust any Chinese technology companies because of the influence and requirements the Chinese government wields over them. The Chinese government has been stealing U.S.-based companies’ intellectual property for decades, has required U.S.-based companies to provide computer code in order to do business in China, and represses free speech on social media.

TikTok is a prime example of how important it is to monitor the apps that we and our children download. The newest apps become a craze overnight, everyone starts talking about them, and to be cool, we download them without reviewing the privacy policy and terms of use. Click, click “I agree” and before you know it a foreign government is amassing additional large amounts of data about you or your children that you are freely giving to it.

Unfortunately, many TikTok users are children, and they are even less likely to understand the risks of downloading the app. TikTok is facing as many as 10 lawsuits that allege it has been using facial recognition technology and collecting biometric information of its users, particularly children, without parental consent. The lawsuits were consolidated yesterday in Illinois.

My recommendation is to delete TikTok from your phone and ask your children to do the same. I have been saying this for a long time, and if you don’t care about my recommendation, then consider that the U.S. Senate, which, following approval of a similar bill in the U.S. House of Representatives, unanimously approved a bill yesterday that requires all U.S. government employees to delete the TikTok app from their phones due to national security concerns. It is expected that the President will sign the measure into law. Now this is what bipartisan cooperation is all about. At the moment, the law only applies to federal workers, but it is a sound measure that private citizens may wish to consider.

The President will no doubt sign the bill into law as TikTok is in his crosshairs as well, and he has stated that he is on a mission to ban TikTok from the U.S.

In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt Typhoon is a People’s Republic of China (PRC) sponsored group that uses slow and persistent techniques to gain entry into U.S.-based critical infrastructure. CISA urges “critical infrastructure organizations and technology manufacturers to read the joint advisory and guidance to defend against this threat.

Soon after the Joint Alert, Dragos released its Report “VOLTZITE Espionage Operations Targeting U.S. Critical Systems,” which provides concerning information about the overlap between Volt Typhoon and VOLTZITE and how it is targeting and successfully gaining access to U.S. critical infrastructure.

According to Dragos, “VOLTZITE has been observed performing reconnaissance and enumeration of multiple U.S.-based electric companies since early 2023, and since then has targeted emergency management services, telecommunications, satellite services, and the defense industrial base. Additionally, Dragos has discovered VOLTZITE targeting electric transmission and distribution organizations in African nations.” Dragos also notes that the threat actors are difficult to detect, and therefore, the “slow and steady reconnaissance, enables VOLTZITE to avoid detection for lengthy periods of time.”

Dragos has tracked VOLTZITE in 2023 as follows:

  • Early 2023 – US Territory of Guam compromise.
  • June 2023 – VOLTZITE infiltrates United States emergency management organization.
  • August 2023 – Dragos discovers VOLTZITE targeting African electric transmission and distribution providers.
  • November 2023 – Dragos collaborated with E-ISAC on analysis of VOLTZITE activity against multiple U.S. based electric sector organizations.
  • December 2023 – Dragos discovered evidence that VOLTZITE has overlaps with UTA0178, a threat activity cluster tracked by Volexity, exploiting Ivanti ICS VPN zero-day vulnerabilities.
  • January 2024 – Extensive reconnaissance of a U.S. telecommunication’s providers external network gateways.
  • January 2024 – Evidence of compromise against a large U.S. city’s emergency services GIS network.

Not only is the PRC conducting slow and steady reconnaissance of critical infrastructure in the U.S., but it is also conducting daily reconnaissance of TikTok users. The PRC is a threat to national security on both fronts. Dragos provides ways critical infrastructure operators can mitigate the threat posed by VOLTZITE, which is an important read.

If you didn’t get to watch “60 Minutes” on Sunday and see the “Five Eyes” warn us all about China, put it on your list to watch soon.

The Five Eyes are the intelligence leaders of five allied countries: U.S., Canada, U.K., Australia, and New Zealand. I have never seen all five together before and it was daunting.

According to the segment (which you should still watch), China poses the largest risk and an “unprecedented threat” to the five allied countries, through a threat to innovation in artificial intelligence, quantum computing, theft of intellectual property, and theft of personal information of Americans. On my own soapbox, that would include the use of TikTok which is a national security threat.

 The Five Eyes are reaching out to the public to educate us on the threat of China to our national security. This is a highly unusual move, but one that is overdue as millions of Americans continue to view the threat as existential and not relevant to their TikTok dance videos. Wake up—when spy agencies have to educate us, there is a dire need.

Take heed of this well-written editorial by Matthew Brooker of Bloomberg and watch the 60 Minutes interview.

It is a matter of national security.