On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct connection to the Chinese Communist Party, which is a foreign adversary of the U.S. This week, South Dakota Governor Kristi Noem signed an executive order banning all state workers or contractors from accessing TikTok’s website or app on any state-owned or leased devices. According to Governor Noem, “South Dakota will have no part in the intelligence gathering operations of the Chinese Communist Party.”

Other governors may wish to take note of this bold, yet necessary, move. U.S. federal agencies, including the State Department, Department of Defense, the Transportation Security Administration (TSA), Department of Homeland Security, the U.S. military, and the Pentagon have already banned federal workers from using TikTok. The reason: national security. Yes folks, the use of TikTok and voluntarily allowing the Chinese Communist Party unfettered access to all content in TikTok is a matter of national security.

Commissioner Brendan Carr of the Federal Communications Commission feels strongly that the Committee on Foreign Investment in the United States (CFIUS) should ban TikTok for American users due to national and cybersecurity concerns. According to Carr, he has little confidence in Tik Tok’s ability to properly handle U.S. users’ data, stating that TikTok is “a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data” with a direct connection to the Chinese Communist Party. He has asked Google and Apple to remove TikTok from their app stores. Users I have spoken with do not seem to care about national security or that they are endangering national security while they have fun with the app. We need to collectively understand and heed the warnings of our government and understand the impact, though unintentional or ignorant at best, our actions have on national security. Let’s not wait for the government to ban the use of TikTok; let’s collectively do the right thing: delete the app and stop using the website.

I continue to marvel at how many Americans are using TikTok but are oblivious to the fact that they are being duped by one of our foreign adversaries—the Chinese Communist Party. Folks, listen to and heed the warnings of both state and federal governments on the dangers that the use of TikTok poses to national security. Think about your country instead of yourself and stop using TikTok. It’s a matter of national security.

I am not an alarmist by nature, but the increased mention of TikTok in day-to-day conversations is very concerning, considering the overwhelming warnings about how the Chinese Communist Party is collecting information on Americans. The way to visualize it is to imagine there is a member of the Chinese Communist Party on your shoulder looking at everything you do, tracking your location, accessing your personal and health information and that of your children and other members of your family. We wouldn’t like it if our own government were surveilling us like that. Why are we comfortable with a foreign adversary doing it?

You don’t have to listen to me—just scroll through the articles below—from both sides of the media aisle (this is actually a bipartisan issue)—and get on the collective wagon to voluntarily ban TikTok on a national basis. We can all do this together to spare the government from having to ban us from harming ourselves or our national security.

The saga started in 2020, when President Trump attempted to ban TikTok in the U.S. with an executive order citing national security concerns. TikTok then pivoted to potentially selling its U.S. business to an American company. That strategy fizzled.

President Biden revoked Trump’s order, but started an investigation into security threats posed by Tik Tok. FCC Commissioner Brendan Carr asked Apple and Google to remove TikTok from their app stores.

Commissioner Carr wants TikTok to be banned for all U.S. users, citing concerns over how TikTok is handling the massive amounts of data it gathers from U.S. users and lingering doubts “that it’s not finding its way back into the hands of the [Chinese Communist Party.”

FBI Director Christopher Wray has testified before the Homeland Security Committee of the U.S. House of Representatives that the FBI has ‘national security concerns’ about the use of TikTok by American users. Wray testified that his concerns include “the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so chose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices.”

U.S. federal agencies including the State Department, Department of Defense, the Transportation Safety Administration, Department of Homeland Security, the U.S. military and the Pentagon have already banned federal workers from using TikTok.

State governors also are getting into the action to ban the use of TikTok by state workers. The Governor of South Dakota issued an executive order this week banning state workers and contractors from using the app or accessing TikTok’s website from state-issued devices. Enough is enough. Let’s start a grassroots movement to ban the use of TikTok on our own. I urge you to join the movement.

FCC Commissioner Brendan Carr asserted that TikTok poses an “unacceptable national security risk” in a letter to the CEOs of Google and Apple urging the companies to remove the app from their mobile app stores. According to Carr, TikTok’s history of “surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok’s pattern of misleading representations and conduct” should disqualify it under Google’s and Apple’s app store policies.

The popular social media app, owned by Chinese-based company ByteDance, has attracted criticism from security experts for excessive data collection since its 2016 debut. More recently, watchdogs have accused the platform of giving the Chinese government unfettered access to the data it collects. According to the FCC letter, ByteDance “is beholden to the Communist Party of China and required by Chinese law to comply with the PRC’s surveillance demands.”

TikTok has denied cooperating with government surveillance, but has confirmed that employees in China might access American user data.

View the full letter here.

I have never been a fan of TikTok [view related post]. In general, I do not trust any Chinese technology companies because of the influence and requirements the Chinese government wields over them. The Chinese government has been stealing U.S.-based companies’ intellectual property for decades, has required U.S.-based companies to provide computer code in order to do business in China, and represses free speech on social media.

TikTok is a prime example of how important it is to monitor the apps that we and our children download. The newest apps become a craze overnight, everyone starts talking about them, and to be cool, we download them without reviewing the privacy policy and terms of use. Click, click “I agree” and before you know it a foreign government is amassing additional large amounts of data about you or your children that you are freely giving to it.

Unfortunately, many TikTok users are children, and they are even less likely to understand the risks of downloading the app. TikTok is facing as many as 10 lawsuits that allege it has been using facial recognition technology and collecting biometric information of its users, particularly children, without parental consent. The lawsuits were consolidated yesterday in Illinois.

My recommendation is to delete TikTok from your phone and ask your children to do the same. I have been saying this for a long time, and if you don’t care about my recommendation, then consider that the U.S. Senate, which, following approval of a similar bill in the U.S. House of Representatives, unanimously approved a bill yesterday that requires all U.S. government employees to delete the TikTok app from their phones due to national security concerns. It is expected that the President will sign the measure into law. Now this is what bipartisan cooperation is all about. At the moment, the law only applies to federal workers, but it is a sound measure that private citizens may wish to consider.

The President will no doubt sign the bill into law as TikTok is in his crosshairs as well, and he has stated that he is on a mission to ban TikTok from the U.S.

The Federal Communications Commission (FCC) will categorically ban devices over national security concerns for the first time in history. Per a new order, the FCC will prohibit the import and sale of devices produced by Huawei and ZTE, and restrict the use of several other Chinese-produced devices for government and critical infrastructure purposes. Huawei and ZTE are electronic device manufacturers based in China with reportedly strong ties to the Chinese Communist Party, leading to high-profile data privacy and security concerns. In an official statement, FCC Commissioner Brendan Carr stated that these devices may allow hackers to “exploit backdoors in our electronics systems to obtain sensitive information and exploit that access to endanger America’s interests.” Commissioner Carr has publicly stated that TikTok should also be banned in the U.S. due to similar national security concerns.

Under the Secure Equipment Act of 2021, the FCC can grant and deny equipment authorizations for electronic communication equipment to be used on federally-regulated frequency bands. This order, passed unanimously by the Commissioners, will also empower the FCC to revoke previously-granted authorizations. Additionally, the order may not be the last federal action against a Chinese-based company. Carr ended his statement by calling on the FCC to address “insecure applications” (including TikTok) that send sensitive data “back to Beijing.”

If you use social media frequently, especially TikTok, Instagram and YouTube, you may want to take note of a recent report by a security research team at Comparitech that an unsecured database has exposed 235 million Instagram, TikTok and YouTube user profiles. The exposed information may have included profile names, real names, profile photos, and account descriptions, and some might also have included telephone numbers and email addresses. In addition, users’ statistics were exposed, including the number of followers, engagement rate, growth rate, audience age, gender, location, user’s age and likes. 

Although some of the information is publicly available, according to Comparitech, “…the fact that it was leaked in aggregate as a well-structure database makes it much more valuable than each profile would be in isolation.”  This is because it saves the scammers a lot of time and effort with having to aggregate all the data elements together to prepare a profile of the user.

The information is a set up for massive phishing schemes.  If you use TikTok (consider twice before using TikTok in the first place), Instagram or YouTube, and you have a user profile, be especially aware that you will be targeted more than ever before with phishing attacks.

In the Privacy Law classes I teach in the Brown University Executive Masters of Cybersecurity and at Roger Williams University School of Law, we discuss the enforcement authority that the Federal Trade Commission (FTC), the Office for Civil Rights (OCR) and other federal and state agencies have over data privacy and security, including how effective the enforcement has been over the past decade. In the wake of massive data breaches, my classes uniformly are of the opinion that the present enforcement scheme is not a big enough stick to deter big tech companies from collecting, selling and monetizing data.

Recently, members of the FTC have publicly lamented that this is true. What look like large fines against tech companies that have violated consumers’ privacy are often not sufficient to act as deterrents, such as the $5.7 million levied against Musical.ly (or TikTok), which was less than 1% of the parent company’s annual revenue, and therefore inconsequential to company executives.

According to one member of Congress, “for large companies, fines are simply a cost of doing business.” This is consistent with my classes’ conclusion. Facebook is poised to pay a significant fine and has set aside $3-5 billion (yes, that’s with a “b”) to pay for various alleged privacy violations. Many observers have opined that this is a drop in the bucket for Facebook, and is not enough to change behavior.

Perhaps the private right of action in the California Consumer Privacy Act, which takes effect in 2020, will change tech companies thoughts about privacy violations. Congress is looking into how the FTC and other agencies can regulate the big tech companies, and candidates for the Presidency have gotten into the fray, with one declaring that the tech companies should be broken up. The FTC has publicly stated that it is looking into assessing personal fines against company executives as a way to encourage compliance.

No matter how this shakes out—and it will—the present discourse should be enough for tech company execs to be concerned about personal liability. Executives may want to start focusing on the organization’s data privacy and security plan, and making policy decisions on its implementation a top priority.

Parents have historically struggled with how to address their children’s online activity. Parenting styles differ, but most parents understand that monitoring and supervising their children’s online activity is important and necessary.

There is a federal law, the Children’s Online Privacy Protection Act, (aka, COPPA) that applies to the online activities of children under the age of 13. . In general, COPPA prohibits companies from collecting the personal information of children under the age of 13 without providing notice to a parent or legal guardian and getting their consent.

That means that before your child downloads an app or provides personal information to a company through its website, the company must have written consent from the parents or legal guardian.

The Federal Trade Commission (FTC) is the watchdog for COPPA. To show how important it is to the FTC, the agency issued a press release this week announcing that it has fined Musical.ly $5.7 million for violations of COPPA because the company failed to obtain parental consent before collecting the personal information of children using their app.

The Musical.ly (now TikTok) app is free and when one downloads it, they then can create a 15-second video of lip-syncing and dancing and share it with other users. When one registers for the app, they give their name, email address, telephone number, bio and profile picture. All of this is personal information that can’t be collected without parental consent.

According to the FTC, “Musical.ly did not get parents’ consent even though Musical.ly knew that many kids were suing their app,” which justified a $5.7 million payment for failure to comply with COPPA. The company also must remove all recordings made by anyone under the age of 13.

Talking to your children about online activities is obviously a must. This includes visits to websites and social media platforms. It also includes the apps your kids are downloading, so reviewing the requirements of COPPA with them might be an interesting dinner conversation, and looking through the apps on your children’s phones with them will give you an idea of what apps have been downloaded, and whether you gave your consent or not.

And while you are having that dinner conversation with your kids about the apps they have downloaded, it might be interesting to review their privacy settings with them as well.