Why ban TikTok?
On Dec. 2, 2022, the FBI issued a warning about the use of TikTok because of the app’s data collection policies.
TikTok policies allow for the capture of sensitive, personally identifiable information (PII), and collected data can be accessed by the Government of the People’s Republic of China.
Following this announcement, many governors across the country, including our own Gov. Asa Hutchinson, responded by banning the app from state-owned devices. Since this memo came out, we’ve been asked by many of our clients, “Is there a legitimate active threat from the use of TikTok? If so, what has happened?”
TikTok is a wildly popular social engagement platform used by millions around the world. Like other social engagement platforms – such as Facebook, Twitter, LinkedIn, and Google – TikTok asks us to willingly concede our privacy in allowing the app to collect data purportedly related to our application use. However, there are claims across many of these types of applications that the data gathering may extend beyond that pertaining to application use.
In effect, information about our activities and preferences becomes their property. They use this property to form user profiles, which they use to market themselves and partner organizations to us and others.
What separates TikTok from other common social engagement platforms is that TikTok is owned by a Chinese firm, ByteDance, which is beyond U.S. legal jurisdiction and has ties to the Chinese government.
Within public knowledge, there has been no evidence to date of malicious use associated with TikTok. Still, the U.S. federal government is concerned about the potential abuse of TikTok usage data by the Chinese government to conduct surveillance and gather intelligence on specific users relative to national security concerns; hence, the warnings and policy changes at the federal and state government levels restricting the use of TikTok.
This announcement and the corresponding actions taken by our public officials raise a larger point: when we waive our rights to privacy, we open ourselves to risk.
Organizational policies that restrict the use of non-business applications on business devices and which disallow the use of personal applications on business devices are examples of sound cybersecurity practices and can be a model for all of us to follow individually.
Regardless of our relative level of trust in the integrity or intentions of the software provider, we should all be mindful of what we share on social engagement platforms and the potential privacy impacts of shared information. Does that selfie I just took reveal sensitive information in the background? Does the photo contain metadata that could lead someone to the location? Might I or other individuals referenced or “tagged” in a photo or post be placed in a compromising position in the future regarding the post?
Social applications are easy and fun to use. We need to watch out that we aren’t unknowingly sharing information that we shouldn’t or would rather not.
Editor’s note: Holt McConnell is the director of marketing for Little Rock-based Mainstream Technologies. The opinions expressed are those of the author.