By Doug Jacobson
TikTok CEO Shou Zi Chew testified before the House Energy and Commerce Committee on March 23, 2023, amid a chorus of calls from members of Congress for the federal government to ban the Chinese-owned video social media app and reports that the Biden administration is pushing for the company’s sale.
The federal government, along with many state and foreign governments and some companies, has banned TikTok on work-provided phones. This type of ban can be effective for protecting data related to government work.
But a full ban of the app is another matter, which raises a number of questions: What data privacy risk does TikTok pose? What could the Chinese government do with data collected by the app? Is its content recommendation algorithm dangerous? And is it even possible to ban an app?
Vacuuming up data
As a cybersecurity researcher, I’ve noted that every few years a new mobile app that becomes popular raises issues of security, privacy and data access.
Apps collect data for several reasons. Sometimes the data is used to improve the app for users. However, most apps collect data that the companies use in part to fund their operations. This revenue typically comes from targeting users with ads based on the data they collect. The questions this use of data raises are: Does the app need all this data? What does it do with the data? And how does it protect the data from others?
So what makes TikTok different from the likes of Pokemon-GO, Facebook or even your phone itself? TikTok’s privacy policy, which few people read, is a good place to start. Overall, the company is not particularly transparent about its practices. The document is too long to list here all the data it collects, which should be a warning.
There are a few items of interest in TikTok’s privacy policy besides the information you give them when you create an account – name, age, username, password, language, email, phone number, social media account information and profile image – that are concerning. This information includes location data, data from your clipboard, contact information, website tracking, plus all data you post and messages you send through the app. The company claims that current versions of the app do not collect GPS information from U.S. users. There has been speculation that TikTok is collecting other information, but that is hard to prove.
If most apps collect data, why is the U.S. government worried about TikTok? First, they worry about the Chinese government accessing data from its 150 million users in the U.S. There is also a concern about the algorithms used by TikTok to show content.
Data in the Chinese government’s hands
If the data does end up in the hands of the Chinese government, the question is how could it use the data to its benefit. The government could share it with other companies in China to help them profit, which is no different than U.S. companies sharing marketing data. The Chinese government is known for playing the long game, and data is power, so if it is collecting data, it could take years to learn how it benefits China.
One potential threat is the Chinese government using the data to spy on people, particularly people who have access to valuable information. The Justice Department is investigating TikTok’s parent company, ByteDance, for using the app to monitor U.S. journalists. The Chinese government has an extensive history of hacking U.S. government agencies and corporations, and much of that hacking has been facilitated by social engineering – the practice of using data about people to trick them into revealing more information.
The second issue that the U.S. government has raised is algorithm bias or algorithm manipulation. TikTok and most social media apps have algorithms designed to learn a user’s interests and then try to adjust the content so the user will continue to use the app. TikTok has not shared its algorithm, so it’s not clear how the app chooses a user’s content.
The algorithm could be biased in a way that influences a population to believe certain things. There are numerous allegations that TiKTok’s algorithm is biased and can reinforce negative thoughts among younger users, and be used to affect public opinion. It could be that the algorithm’s manipulative behavior is unintentional, but there is concern that the Chinese government has been using or could use the algorithm to influence people.
Can the government ban an app?
If the federal government comes to the conclusion that TikTok should be banned, is it even possible to ban it for all of its 150 million existing users? Any such ban would likely start with blocking the distribution of the app through Apple’s and Google’s app stores. This might keep many users off the platform, but there are other ways to download and install apps for people who are determined to use them.
A more drastic method would be to force Apple and Google to change their phones to prevent TikTok from running. While I’m not a lawyer, I think this effort would fail due to legal challenges, which include First Amendment concerns. The bottom line is that an absolute ban will be tough to enforce.
There are also questions about how effective a ban would be even if it were possible. By some estimates, the Chinese government has already collected personal information on at least 80% of the U.S. population via various means. So a ban might limit the damage going forward to some degree, but the Chinese government has already collected a significant amount of data. The Chinese government also has access – along with anyone else with money – to the large market for personal data, which fuels calls for stronger data privacy rules.
Are you at risk?
So as an average user, should you worry? Again, it is unclear what data ByteDance is collecting and if it can harm an individual. I believe the most significant risks are to people in power, whether it is political power or within a company. Their data and information could be used to gain access to other data or potentially compromise the organizations they are associated with.
The aspect of TikTok I find most concerning is the algorithm that decides what videos users see and how it can affect vulnerable groups, particularly young people. Independent of a ban, families should have conversions about TikTok and other social media platforms and how they can be detrimental to mental health. These conversations should focus on how to determine if the app is leading you down an unhealthy path.
Doug Jacobson is Professor of Electrical and Computer Engineering, Iowa State University.
Pogo says
@Yes, No, and it doesn’t matter
The jinnī is out of the bottle. Everything is for sale.
Think about it.
Dennis C Rathsam says
BAN IT, China is not our friend, they are looking to dominate the world. They want to be #1. How you like to be controled like a serf? Do what they tell you! eat what they my give you! Wake up dont let your fathers & grandfathers sacrifice go to waste.
Brian says
Should the United States government ban Tik Tok? No.
Should the United States government regulate the Internet? Definitely. All apps and sites that collect user data for users within the United States should be subject regulation regarding the data they collect and what they can do with it. Additionally those same apps and sites should be able to be held liable for displaying demonstrable derogatory or misinformation. This should be federal legislation.
But won’t these companies simply pass along their costs? Sure. Legislate paywall requirements (which might also curtail illicit use by minors) and incrementally increasing penalties against hosting providers and content creators. Solutions exist. Apply them.
Skibum says
One of the biggest problems with the social media apps as I see it is that their business models rely on ad revenue, so in all of the fine print that users never read but implicitly are forced to agree to without understanding all of the mumbo jumbo is they agree to allow the app to glean tons of user data as well as the user’s personal info, which becomes the property of the social media platform and can be sold to advertisers and who knows what other companies. Not only should there be stricter limits and safeguards for all users under 18 years old and the ability of parents to have access to their children’s social media accounts, we need to have federal legislation that prohibits social media companies from using or selling anything related to a user’s account unless the user proactively grants permission to do so, or in the case of anyone under the age of 18, a parent should be required to give authorization before their child’s info and data are shared. Simply burying a vague authorization in the fine print as part of the agreement to access the app is wrong and should be prohibited. Then, if an individual is okay with his or her data and personal info being shared or sold, I say let the buyer, or in this case, the user, beware of potential consequences.
Geezer says
You’d be shocked at how many apps in the IOS ecosystem are of Chinese origin.
They all collect your data—that’s how they make their money.
Free isn’t so “free.”
Don’t just click “yes” blindly when the apps ask for permission to access your contacts and photos.
Geezer says
Aw shoot, I plumb fergot somthin.’
Android phones right out of the box are spying on you because the operating system
is a customized Google-flavored Linux, which by itself is designed to harvest your data
before you even download an app.
Add to that, the gigantic assortment of apps joining the party to hijack your web viewing
habits, scan your emails, and copy your contacts. All this is sold to data companies.
What do you get in return? A free app that spies on you.
You can bet that there’s a database containing your name and traits kept by the CCP.
Apple does gather data as well, but not on the colossal scale of Google/Android phones.
Oh, and Apple has released a “backdoor” for their phones to the FBI.
Oh joy!
Pogo says
@Geezer, you may be hearing from Apple’s CLO
Credit where it’s due
https://www.google.com/search?q=pegasus+spyware
@Meanwhile
Dodge this bullet
https://www.tampabay.com/news/florida-politics/2023/03/24/desantis-state-guard-helicopters-arrest-cellebrite/?itm_source=parsely-api
Anyone here who knows what the 4Diamond sheriff has to say?
Geezer says
Hey there Pogo… Love your posts!
I have a bone to pick with Apple’s Tim Cook.
I think that their user-serviceable product policies are disgusting.
I still run a Mac Pro 1,1 from 2006, and a Powerbook G4 from 2005.
This is because I am able to take them apart and repair parts as they break
over the years. I have a new Lenovo ThinkPad and hate its goddamn guts.
Windows 10 is a big spy too, and I disabled all forms of advertising and telemetry.
I also lost some usability.
Greedy bastards, all of ’em.
Katie Berry says
I hope so..nothing worse than the short sounds of music or annoying reels of someone else phone wile they scroll through toc toc, I absolutely hate it. I find it mind numbing. I never will ever have tic toc. I think it’s the devil. It’s ruining music and communication. No longer do people appreciate an entire song or lyrics. Also I’ve read terrible challenges that have ended lives due to innocent children taking on these challenges. It’s serious and the app should be shutdown. We will survive without it and I dintt understand why the question is even a question, it’s ignorant and evil.