FBI concerns about TikTok’s use of U.S. citizens’ user data were conveyed to the House Committee on Homeland Security by Director Christopher Wray. The Chinese owned social media app currently has over one billion monthly users. Among the FBI’s concerns is that the Chinese government could conduct influence operations with the app or use it to gain control of millions of user devices.
The Chinese government allows officials to obtain access to data from companies. Currently Chinese sponsored cyber attacks have stolen more U.S. personal and business data than all other nations combined. Wray stated that the bureau has seen an increase in cybersecurity cases. It is estimated that ransomware alone cost U.S. businesses $1.2 billion dollars in 2021.
Chinese Government Ties Not a New Concern
Former President Donald Trump attempted to ban TikTok in the United States in 2020 due to concerns for national security. This executive order was revoked in 2021 by President Joe Biden. The Biden administration then asked the Treasury Department to investigate the app. Consequently, the Committee on Foreign Investment in the United States (CFIUS) has been examining the risks and implications of TikTok’s continued activity in the U.S. market.
In 2020, the Department of Defense recommended that employees not install or uninstall TikTok on their personal devices. This was incorporated into Army, Navy, and Marine policies. These policies ban the app from all government phones because the app is considered a cyber threat.
Many private organizations are also banning the app on business owned devices and taking cybersecurity preventative measures such as blocking specific internet categories or domains.
Chief Concerns About TikTok
TikTok’s parent company ByteDance is a Chinese company. The Chinese National Intelligence Law requires all organizations and citizens to cooperate with state intelligence activities. The company collects sensitive information from millions of devices without the user’s knowledge or permission. This data can include browsing history, geolocation, and file names.
ByteDance also collects Personally Identifiable Information (PII) such as image, age, gender, and relationship status. Additionally it is alleged that the app collects various types of biometric data such as fingerprints, iris scans, and facial geometry. On the whole TikTok’s data collection activities are seen by industry experts as being far more intrusive than comparable apps.
Of even greater concern, TikTok has regularly been in violation of the Children’s Online Privacy Protection Rule (COPPA) which prohibits the collection of PII of children under the age of 13 without parental consent. App content has also been a recurring concern raise about the app. A national group of state attorneys have stated concerns that app content may pose a threat to the mental health of children.
Aside from distribution of content that is not appropriate for children, the app also is used as a propaganda device for the Chinese government by both putting forth influencing content and banning information critical of the policies and actions of the nation.
CVG Strategy Cybersecurity Solutions
FBI Concerns about TikTok illustrate scope of the problem businesses are facing with cybersecurity. IT solutions alone are not sufficient to combat these forces. Viable solutions include all stakeholders in an enterprise. They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.
CVG Strategy provides cybersecurity consulting and training for large and small organizations. Our experts can tailor a program using risk management process to identify information assets and interested parties. We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.
CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.