National Security. PHOTO: Cybercrime Magazine.

Is TikTok A National Security Threat? Tell Us What You Think.

Help protect U.S. citizens and organizations

Paul John Spaulding

Northport, N.Y. – Apr. 25, 2023

“Every company spies on you,” according to Bruce Schneier. In a recent phone interview with Cybercrime Magazine, Schneier, a public-interest technologist and New York Times best-selling author said, “That’s (spying on us) the business model. The question is, do you trust a company headquartered in a government you don’t trust? Is it a national security threat? I don’t know. What are you worried about?”

The CEO of TikTok, Shou Zi Chew, testified before Congress late last month, which has kept the issue of censorship and control for native Chinese tech companies in the spotlight. The hearing took place after The White House threatened a ban if Chinese owners don’t sell their stake, while the U.S. and other nations have already banned the app on government devices due to security concerns.

Former White House CIO Theresa Payton told us her worries were not quelled by Chew. “The [TikTok] algorithms could be tweaked to shape citizens of the United States to act or behave a certain way on socio-economic issues or to manipulate voters.”

Payton would like to see all social media platforms “show what their process is like if any government or law enforcement agency subpoenas data.”

China’s 2017 National Intelligence Law, and 2014 Counter-Espionage legislation indicate the TikTok parent company, ByteDance — which is headquartered in Beijing — would have to turn over data to the Chinese government if asked.

Heather Engel, managing partner at Strategic Cyber Partners, told us that although there is no evidence TikTok has handed over any information, “China has considerable authority over Chinese companies. Evidence showed the OPM breach in 2015 was on behalf of the Chinese government.”

ByteDance has 60 percent of its shares owned by non-Chinese investors, 20 percent by employees, and the remaining by its founders. However, the Chinese government has acquired a 1 percent stake and one of three seats on the board of advisors in ByteDance’s Chinese entity, which offers Douyin — TikTok’s sister app — in the Chinese market.

A 2020 article in Axios stated that the TikTok app does not operate inside China and routes U.S. user data through Oracle’s cloud infrastructure as part of an initiative called Project Texas. This supposedly gives the American software company the ability to conduct regular audits of TikTok’s algorithms and content moderation processes.

That hardly relieves the concern.

“The White House, and the intelligence community, including General Nakasone, director of the NSA, and Christopher Wray, director of the FBI, and a bipartisan group of U.S. senators, all believe that TikTok poses a national security threat to the U.S.,” said Steve Morgan, editor-in-chief of Cybercrime Magazine. “It’s hard to disagree. But there are media assertions claiming the evidence is unclear.”

“All apps that we download to our smartphone are used to mine data about us. Most of the time it is innocent and sold to advertisers,” said Scott Schober, chief security officer at Cybercrime Magazine and author of the popular book Hacked Again, when asked about the danger of TikTok compared to other social media apps.

Schober pointed out that TikTok and any “3rd party developers that have API access” can analyze our “likes/dislikes, what we search, where we live, our browser history, what is on our clipboard, our email and home address, and the contact list in our phones.”

So, does anyone in Schober’s family have TikTok installed on their smartphones?

“After I investigated and noted the numerous security risks, I removed it from all our devices,” he commented.

If the U.S. decides to ban TikTok, what does that entail?

Montana is the first U.S. state to pass legislation banning TikTok on personal devices. This proposed bill makes it illegal for app stores to offer the popular app to those in the state, but allows users who already have the app installed to keep using it.

Enforcing a ban, and preventing individuals from using the app is another issue entirely.

Schneier, who also recently authored the book A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back, which examines how anyone can think like a hacker, said if the video-sharing app is delisted from the Google and Apple App stores, everyone will learn how to install the app through sideloading. Not to mention, it can be accessed through any web browser.

Is TikTok a national security threat? Tell us what you think.

Paul John Spaulding is GM of production at Cybercrime Magazine.