The relentless pressure on TikTok ramped up further this week, with U.S. Secretary of State Mike Pompeo again claiming user data is sent to to China. âItâs not possible to have your personal information flow across a Chinese server,â he warned during a British media interview, suggesting that data would âend up in the hands of the Chinese Communist Party,â which he characterized as an âevil empire.â TikTok is firmly in the sights of the Trump administration, and theyâre not letting up.
But now, as TikTok continues to deny U.S. accusations of data mishandling, of it bowing to pressure from Beijing, a new report from the cyber experts at ProtonMail has called those denials into question. âBeware,â it warns, âthe social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending Chinaâs surveillance and censorship reach beyond its borders.â
TikTokâs world is now dominated by speculation as to whether the U.S. will find some way to ban the app, cutting access to tens of millions of American users and calling a halt to TikTokâs soaraway growth. The week had started with confirmation of a ban on federal employees installing the app on government-issued devices, seen by many as a precursor to some form of wider action by the Trump administration. We also now know how such a ban would operateâTikTok would be added to a Commerce Department entity list, in the same way Huawei has been sanctioned.
When TikTok is asked about claims to the contrary, it stands by the lack of proof, the missing smoking gun. Thereâs no evidence, it says, itâs a political campaign steeped in the standoff between Washington and Beijing. âThere’s a lot of misinformation about TikTok out there,â the company tells me, pointing to its U.S. CEO and its CISO âwith decades of U.S. military and law enforcement experience, and a U.S. team that works diligently to develop a best-in-class security infrastructure.â The company also reassures that U.S. data never travels to China.
But the warning this week from the cyber security analysts at ProtonMail isnât political point scoringâthese are ex-CERN security engineers. TikTokâs âzealous data collection,â the company warns, âits use of Chinese infrastructure, and its parent companyâs close ties to the Chinese Communist Party make it a perfect tool for massive surveillance and data collection by the Chinese government.â
Our take on #TikTok: Beware. The social media giant not only collects troves of personal data on you (sometimes without your consent), but also cooperates with the CCP, extending Chinaâs surveillance and censorship reach beyond its borders. Read more here: https://t.co/6uA4ScnAF6 pic.twitter.com/B4QgGnVVfo
— ProtonMail (@ProtonMail) July 23, 2020
ProtonMail says that it reviewed TikTokâs âdata collection policies, lawsuits, cybersecurity white papers, past security vulnerabilities, and its privacy policy,â and concluded that âwe find TikTok to be a grave privacy threat that likely shares data with the Chinese government. We recommend everyone approach TikTok with great caution, especially if your threat model includes the questionable use of your personal data or Chinese government surveillance.â
ProtonMail also cites a white paper published by Penetrum earlier this year, which warned that â37.70% of the known IP addresses linked to TikTok are Chinese,â and which described the âexcessive amount of data harvesting, vulnerabilities in TikTokâs code, as well as a few things that may make you feel pretty uncomfortable.â
Hey Tiktok users! You know that app you spend hours a day looking at? The one with almost a billion users? What if I told you it's spying on you, and gathering your personal information? Curious? Find out more here: https://t.co/n6wOlBi5ev #nevertiktok #chinaspying #infosec
— Penetrum (@PenetrumSec) April 10, 2020
TikTok stands by its defense, telling me âmillions of American families use TikTok for entertainment and creative expression, which we recognize is not what federal government devices are for. Our American CEO, our CISO… our entire and growing U.S. teamâwhich has tripled since the start of the yearâhave no higher priority than promoting a safe app experience that protects our users’ privacy. That’s our focus.â
ProtonMailâs conclusion on TikTok is pretty stark: âThe fact that TikTok is owned by a Chinese company, one that has explicitly said it would deepen its cooperation with the Chinese Communist Party, makes this excessive data collection even more concerning. The Chinese government has a history of strong-arming and co-opting Chinese tech companies into sharing their data and then using this data to intimidate, threaten, censor, or engage in human rights abuses.â
The Swiss-based company goes on to warn TikTok users that âfrom a security and privacy standpoint, TikTok is an extremely dangerous social media platform. Its potential for mass collection of data from hundreds of millions of adults, teenagers, and children poses a grave risk to privacy.â And its advice to those users is to proceed âwith great caution… and and if this concerns you, you should strongly consider deleting TikTok and its associated data.â
And so another week ends, and TikTok remains caught in this maelstrom of security controversy and Sino-American politics. A ban or sanctions of some sort seem ever more likely with each passing week, and the U.S. rhetoric has found an audience with other hawkish politicians around the world. As things stand, TikTok owner ByeDance has gone from topping the social media world to contemplating a sale of its prize asset to U.S. investors in just a few short weeks.
The real issue for TikTok, though, is that there doesnât need to be a smoking security gun for the U.S. and its allies to have a credible excuse to sanction and restrict the platform. China is an adversarial state to the U.S., the U.K. and their allies. There are reasons to believe Beijing could exert influence over TikTok parent ByteDance. That should be reason enough to actâand itâs looking ever more likely it will be.