I recently did a radio interview with Morning Wave in Busan, a morning news talk show in South Korea, on the topic of security concerns related to TikTok. If you are interested in learning more about TikTok, you can read my thoughts to some of the possible questions. Or you can listen to the radio interview here.
Why do you think Tiktok gained such popularity recently? Who uses it and how do they use it?
TikTok is the perfect social media platform for these times. We have been spending a lot of time at home, which gives us time to look at TikTok and to also create our own videos. The videos are short, creative, and entertaining. The company actually saw the most downloads of an app ever (315 million) in the first quarter of 2020, and I expect when the data are available, the download numbers for quarter 2 will be staggering.
TikTok is definitely a platform for Gen Z-ers with users aged 18-24 comprising about one-third of all users, although usage by older people in their late 20s, 30s, and even 40s is increasing. Overall, about 50% of the global audience is under 34.
The most appealing and addictive part of TikTok is the challenges, which might be a dance or lip-synched skit. Users can watch the challenges created by others and then make their own version. Many users view TikTok as a fun way to engage with others, but we are actually seeing healthcare and mental health professionals using the platform to disseminate health messages and political campaigns using it for political messages.
Should we have security concerns related to TikTok?
When a social media platform is free for users, you need to take a look at the company’s business model. The revenues for most of these platforms are coming from selling user data and also selling advertising on the platform, which involves the use of user data. I would say that regardless of the type of platform, the security concerns are the same. For those of us outside China, there are concerns about possible government access of the data.
Being a Chinese-owned company, one of the concerns related to TikTok was that user data would be accessible to the Chinese government. TikTok, however, has tried to distance themselves from their Chinese owner ByteDance with a global headquarters in Los Angeles and a CEO who is an American and ex-Disney executive. They say that user data is stored in the United States with a backup in Singapore and that they would never turn user data over to the Chinese government.
We have seen entire countries have concerns about TikTok, most notably India and the United States, but it seems that political issues are driving a rejection of TikTok in some cases. India has had violent clashes over a shared border with China and retaliated by banning 59 Chinese apps, including TikTok and WeChat. Indian users represent about 30% of app downloads so this is a significant blow. In the United States, although Secretary of State Mike Pompeo cited national security concerns for the government stance on TikTok, Trump has indicated he wanted to punish China for the pandemic. He may also be annoyed because K-pop fans spread a campaign on TikTok to snap up tickets to Trump’s rally with the intent to be no-shows. Other countries, such as Australia, that are having their own political tensions with China are discussing a possible ban as well.
Most of the concerns are about whether the Chinese government would have or would be able to gain access to the data. In turn, some people are concerned that the data could be used for espionage or foreign influence campaigns during an election. Some experts say that Beijing wouldn’t be able to get their hands on the data as easily as people think as Chinese companies have previously been able to resist pressure from Beijing. But others disagree.
Other concerns include security vulnerabilities, but many social media platforms have had security issues that are patched through updates. Some of TikTok’s previous flaws involved people being able to gain control of user accounts and collect email addresses. But TikTok has addressed the issues. Facebook has had similar issues with users being able to find profiles based on email addresses or phone numbers. That’s different than being a threat to national security.
The most problematic issue is foreign and domestic actors using the platform for propaganda, similarly to how Cambridge Analytica exploited Facebook users. For example, false claims about coronavirus have been disseminated on TikTok. Other concerns include the platform censoring content that’s critical of the Chinese government.
Some companies are not allowing their employees to use TikTok. Can they do this?
On the corporate side, Wells Fargo no longer allows employees to have TikTok on their company-issued phones, but as a bank, it is in the heavily-regulated and security-conscious financial services industry. Similarly, the U.S. military does not allow TikTok on military-issued phones and discourages it on personal phones. Amazon sent out an email to employees to remove TikTok from mobile devices where they access their Amazon email and then later said it was a mistake and rescinded the request.
Amazon’s initial policy seems a bit overreaching, and I’m wondering if Amazon backed off because they were concerned about legal issues. It’s one thing if it’s a company-provided device and another if the employee owns the phone.
As users of these apps, what security risks should we be concerned about?
The best strategy for a social media user is to learn as much as you can about how to protect yourself on the sites you are using. Learn how to adjust your privacy controls. Be aware that social media platforms are not only collecting everything you share, like, comment on, etc. on the platform, but also might be able to access your photos and videos, your contact list, and your geolocation. They often know where else you go on the web, even if you use a different device, and they match your online data to what they can learn about you offline, such as where you use your credit cards, to form a more complete picture of who you are.
We also need to be aware that we could be the targets of a disinformation campaign on social media. Question what you read. Google the details of any story to try to discover if it’s true. Don’t mindlessly share content you see others posting. Fake political news stories are an assault on democracy and those who post them may be trying to interfere in elections or sow divisiveness in a country. Some social media platforms are doing a better job than others at taking down or marking fake stories.
How would recent action taken against governments and companies to limit and even ban social media affect social media service providers? What kind of changes can we expect from the apps themselves or business?
For TikTok, it might be in the company’s best interest to spin off from parent company ByteDance to distance itself from China. All companies though need to do a better job at protecting user data and being more transparent in how they are using your data. Quite a few governments have passed regulations in recent years that affect social media platforms. For example, the EU introduced the General Data Protection Regulation or GDPR, which regulates how companies, including social media platforms, store and use people’s data.
Can a country “ban” a certain social media app?
A government can force Apple and Google to remove apps from the app stores and also require telecom companies and ISPs to block certain sites. But people are always going to be able to get around any social media bans. The most popular way is probably with a Virtual Private Network or VPN. If you can trick the platform into thinking you are in a different country or in an unknown location, you will be able to access the app. On a phone, you can download a Hotspot VPN to give you access to apps that are blocked in the app store.
In a less extreme situation where a social media app needs more controls, a government or even advertisers, as we are seeing right now with Facebook because of hate speech and misinformation, can pressure or force the social media companies to change their practices. Resulting legislation is often related to the content posted on the social media sites or data privacy.
The Korea Communications Commission (KCC), the local telecommunication watchdog in South Korea, fined Tiktok around $155,000 for failing to protect users’ private data. Why?
In this case, TikTok collected data from children under age 14 without parental consent and then did not inform them that the data were being stored overseas. These kinds of laws to protect the use of children’s data are common. In the United States, we have the Children’s Online Privacy Protection Act. TikTok also made a similar mistake in the U.S. and was fined $5.7 million, which was the largest fine ever imposed in this country in a child privacy case. TikTok is now under suspicion for not actually deleting the children’s data.
Personally, I think we need to hold all social media platforms to a higher standard. Just because a platform is based in your home country doesn’t mean we should overlook their issues and give them a pass. We usually just ask these companies to do better and they say they will do better and we trust them until the next mistake.