Site icon Sophos News

TikTok says no, senators, we’re not under China’s thumb

TikTok – the Chinese-owned, massively popular, kid-addicting, fine-accruing, short-and-jokey video-sharing platform – is a potential threat to national security, US lawmakers said last week.

Senators Tom Cotton and Chuck Schumer on Wednesday sent a letter to Acting Director of National Intelligence Joseph Maguire, asking that the intelligence community please look into what national security risks TikTok and other China-owned apps may pose.

TikTok’s parent company, Bytedance, is a private startup based in Beijing that was valued at $75 billion as of July. Most of that is thanks to TikTok and its Chinese equivalent, Douyin.

The senators pointed out that TikTok has been downloaded in the US more than 110 million times. At least one Chinese doctor specializing in addiction has warned that young people are so hooked on social media approval that they’ve been risking their lives to garner likes with their 15-second Douyin clips, which have featured things like dancing in front of a moving bus or trying to flip a child 180 degrees …and then dropping her.

The day after the letter was published, TikTok defended itself in a company blog post in which it reiterated what it’s repeatedly claimed – that Chinese law doesn’t influence TikTok, given that its data is stored on servers in the US:

We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.

The senators are familiar with that line, and they don’t necessarily buy it. From their letter:

TikTok’s terms of service and privacy policies describe how it collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information. While the company has stated that TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China.

Look, guys, we’re not about kowtowing to the Chinese government. We’re dedicated to entertainment and creativity, TikTok said in its post. The company denied ever having been asked by the Chinese government to remove content and said it “would not do so if asked. Period.”

But how, the senators asked, would we even know if that were true? As it is, there’s no legal means to appeal a content removal request in China, they pointed out.

Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party. Without an independent judiciary to review requests made by the Chinese government for data or other actions, there is no legal mechanism for Chinese companies to appeal if they disagree with a request.

Schumer and Cotton pointed to security experts’ concerns that Chinese law compels its companies to “support and cooperate with intelligence work controlled by the Chinese Communist Party.” They quoted the US Intelligence Community’s 2019 Worldwide Threat Assessment report, which notes that the hometown of TikTok’s parent company, Beijing, authorizes cyberespionage against US technology sectors “when doing so addresses a significant national security or economic goal not achievable through other means.”

From the report:

We are also concerned about the potential for Chinese intelligence and security services to use Chinese information technology firms as routine and systemic espionage platforms against the United States and allies.

The threat assessment report deemed China the most active nation-state when it comes to cyberespionage against the US government, its corporations and its allies. The report also said that China is working on improving its cyberattack capabilities and its ability to “alter information online” so as to shape Chinese views and, potentially, the views of US citizens…

…That’s been a major concern in the US, following the rise of fake news operations linked to Russia and Iran, both in the 2016 US presidential election and in the runup to the 2020 election.

Case in point: On Thursday, Facebook leader Mark Zuckerberg appeared on Capitol Hill to talk to lawmakers about his pet cryptocurrency project, Libra. Lawmakers took the opportunity to grill him about, and to slam, Facebook’s policy of not removing posts that contain misleading or bogus claims.

Zuckerberg said that Facebook would “probably” allow candidates to buy ads that lie about their opponents. Facebook doesn’t fact-check such ads because it thinks that in a democracy, “people should decide what’s credible, not tech companies,” he said.

Regarding TikTok, Schumer and Cotton noted that the company reportedly censors material deemed to be distasteful to the Chinese Community Party. TikTok could serve as a platform for foreign influence campaigns like those we saw in 2016, they said.

The government has already taken steps to limit potential dangers posed by the Chinese company Huawei, the senators pointed out. In 2018, due to concerns about spying, the Pentagon banned the sale of Huawei and ZTE phones at military exchanges – only one of multiple warnings about using gear from companies that might be under China’s thumb.

Exit mobile version