At a glance.
- The drama surrounding TikTok continues.
- Private spyware companies evade export controls.
The drama surrounding TikTok continues.
Western lawmakers and intelligence agencies are saying popular video streaming app TikTok, owned by Chinese company ByteDance, could pose a security threat, and the Guardian offers an overview of the reasons for this concern. As AP News explains, world leaders have expressed worries that the Chinese government could force ByteDance to hand over TikTok data on its users, or it could use the platform to spread disinformation. Last week TikTok’s CEO Shou Zi Chew testified before Congress in the US, where a full ban of the app is being considered. He was grilled about the platform’s content and data handling processes, but the bipartisan lawmakers seemed unconvinced. The Telegraph posits that there’s little TikTok could say or do at this point to change policy makers’ minds. One TikTok source says, “We are a private company that is bending over backwards to try and separate ourselves from the broader and serious and genuinely right concerns that Western countries have around China. You can’t make up trust in an instant, some of this we just have to earn over time.”
However, some experts say a ban of TikTok might not succeed, as it would be determined a threat to users’ freedom of speech. Jameel Jaffer, executive director of the Knight First Amendment Institute at Columbia, writes in the New York Times, “Of course, to say that a ban on TikTok would implicate the First Amendment is not to say that it would violate it. But a ban would have to satisfy First Amendment scrutiny to survive a constitutional challenge.” If a ban were to be successful, the burden would be on the government to demonstrate that such an action is related to important government interests. Historically, Jaffer says, court decisions have set a precedent that freedom of speech trumps any attempts to stem the flow of information to citizens.
Nonetheless, users are preparing for a future that might not include TikTok. The Washington Post notes that the platform has served as a launching pad for newcomers in the entertainment industry, and a ban could force entertainers and those who hire them to change the way they do (show) business. Adam Faze, chief at entertainment studio FazeWorld, explains, “I see TikTok as the old days of free network TV…Taking it away would go back to an era where we’re relying on legacy media brands and what Hollywood wants us to watch because they’re the only ones who can afford a marketing budget to find an audience.”
Meanwhile, TikTok is attempting to control the damage that has already been done. Some advertisers are already pulling contracts linked to TikTok brand campaigns. The Information reports that TikTok on Friday sent email to advertisers reiterating Chew’s major arguments from the hearing supporting the trustworthiness of the App. Blake Chandlee, TikTok’s US head of sales, added a note stating that the company is “actively correcting” misinformation about TikTok.
Paul Bischoff, privacy advocate with Comparitech:
“Realistically, TikTok will be banned from government devices in the US, and the campaign against it will most likely end there. No one has been able to prove that TikTok collects more data or more sensitive data than competing social networks, nor that it is controlled by the Chinese government. It is true that while TikTok stores US user data in the US, TikTok staff in China could still access that data from abroad. However, accusations of TikTok being a national security threat are overblown, and the company continues to take steps to segregate US user data from the rest. These hearings are primarily fueled not by security concerns but by anti-China sentiment.”
Tamara Kirchleitner, Sr. Intelligence Operations Analyst with Centripetal:
“While the US government has raised concerns about user privacy due to TikTok’s Chinese ownership and the possibility of the Chinese government accessing user data, online privacy issues in the United States are not limited to TikTok. Online privacy has been a significant concern in the US long before TikTok gained popularity. Over the years, numerous high-profile data breaches have exposed the personal information of millions of Americans.
"Many US-based companies have been involved in data privacy scandals. In 2019, Google was fined $170 million for violating children’s privacy laws on its YouTube platform. The company was accused of collecting personal information from children without their parents’ consent.
"The main reason why online privacy problems in the US go beyond TikTok is that the US lacks a comprehensive federal privacy law that protects people online. While other countries have implemented strict data protection laws, such as the European Union’s General Data Protection Regulation (GDPR), the United States does not have a federal law that outlines clear standards for how companies should handle user data. The rapid growth of technology over the past decades has made it challenging for lawmakers to keep up with the pace of innovation and to come up with effective laws and regulations around cybersecurity and online privacy.
"Nonetheless, in order to effectively safeguard the online privacy of Americans, a comprehensive federal approach that extends beyond select companies is essential. Banning TikTok is not going to fix the underlying issue."
Private spyware companies evade export controls.
Lawfare discusses the dark world of cyber mercenaries, private companies that sell spyware and other offensive cyber tools. While such tools are frequently used for legitimate operations seeking to take down terrorists or other criminals, they are also often abused by governments seeking to gather data on rival countries, or even to spy on their own citizens in order to control dissidents. Both the EU and the US are exploring ways to use export controls to curb the trade and abuse of spyware, but Lawfare argues that such controls are unlikely to be the solution they're looking for. For decades cyber mercenaries have found ways to circumvent such controls, categorizing their spyware as “network traffic management systems” or simply exporting their tools without a license. To avoid export violations, some companies even resort to employing intermediaries in other nations to sell their surveillance software to authoritarian countries in their stead.
What’s more, inclusion of spyware companies on blacklists like the US’s Entity List does not always have the desired impact, as a blacklisted company can resurrect itself under a different name in order to avoid regulation. One solution could be for the US and the EU to convince others to sign on to a comprehensive export control regime, but this could be a hard sell given the spyware market has led to diplomatic gains for countries like Israel and China. In order for export controls to be successful, some experts recommend that the EU and US need to focus on the root causes of the issue: there’s lack of incentive for cybermercenaries to play by the rules, and some government clients knowingly enable the surveillance market. They could do this by clarifying exactly what a good customer of surveillance software looks like, and by publicly calling out business behaviors that will result in indictments.