https://www.forbes.com/sites/emilyb...tedance-surveillance-american-user-data/

TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens

The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.
AChina-based team at TikTok’s parent company, ByteDance, planned to use the TikTok app to monitor the personal location of some specific American citizens, according to materials reviewed by Forbes.

The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang.

The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.

TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior."

But the material reviewed by Forbes indicates that ByteDance's Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

TikTok is reportedly close to signing a contract with the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS), which evaluates the national security risks posed by companies of foreign ownership, and has been investigating whether the company’s Chinese ownership could enable the Chinese government to access personal information about U.S. TikTok users. (Disclosure: In a past life, I held policy positions at Facebook and Spotify.)

In September, President Biden signed an executive order enumerating specific risks that CFIUS should consider when assessing companies of foreign ownership. The order, which states that it intends to “emphasize . . . the risks presented by foreign adversaries’ access to data of United States persons,” focuses specifically on foreign companies’ potential use of data “for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potential adverse impacts on national security.”

The Treasury Department did not respond to a request for comment.

The Internal Audit and Risk Control team runs regular audits and investigations of TikTok and ByteDance employees, for infractions like conflicts of interest and misuse of company resources, and also for leaks of confidential information. Internal materials reviewed by Forbes show that senior executives, including TikTok CEO Shou Zi Chew, have ordered the team to investigate individual employees, and that it has investigated employees even after they left the company.

The internal audit team uses a data request system known to employees as the “green channel,” according to documents and records from Lark, ByteDance’s internal office management software. These documents and records show that “green channel” requests for information about U.S. employees have pulled that data from mainland China.

TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

“Like most companies our size, we have an internal audit function responsible for objectively auditing and evaluating the company and our employees' adherence to our codes of conduct,” said ByteDance spokesperson Jennifer Banks in a statement. “This team provides its recommendations to the leadership team."

ByteDance is not the first tech giant to have considered using an app to monitor specific U.S. users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties. At the time, Uber acknowledged that it had run the program, called “greyball,” but said it was used to deny ride requests to “opponents who collude with officials on secret ‘stings’ meant to entrap drivers,” among other groups.

TikTok did not respond to questions about whether it has ever served different content or experiences to government officials, regulators, activists or journalists than the general public in the TikTok app.

Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Uber had monitored the location of journalists covering the company. Uber did not specifically respond to this claim. The 2021 book An Ugly Truth alleges that Facebook did the same thing, in an effort to identify the journalists’ sources. Facebook did not respond directly to the assertions in the book, but a spokesperson told the San Jose Mercury News in 2018 that, like other companies, Facebook “routinely use[s] business records in workplace investigations.”

“It is impossible to keep data that should not be stored in CN from being retained in CN-based servers.”

But an important factor distinguishes ByteDance’s planned collection of private users’ information from those cases: TikTok recently told lawmakers that access to certain U.S. user data — likely including location — will be “limited only to authorized personnel, pursuant to protocols being developed with the U.S. Government.” TikTok and ByteDance did not answer questions about whether Internal Audit executive Song Ye or other members of the department are “authorized personnel” for the purposes of these protocols.

These promises are part of Project Texas, TikTok’s massive effort to rebuild its internal systems so that China-based employees will not be able to access a swath of “protected” identifying user data about U.S. TikTok users, including their phone numbers, birthdays and draft videos. This effort is central to the company’s national security negotiations with CFIUS.

At a Senate hearing in September, TikTok Chief Operating Officer Vanessa Pappas said the forthcoming CFIUS contract would “satisfy all national security concerns” about the app. Still, some senators appeared skeptical. In July, the Senate Intelligence Committee began an investigation into whether TikTok misled lawmakers by withholding information about China-based employees’ access to U.S. data earlier this year, following a June report in BuzzFeed News showing that U.S. user data had been repeatedly accessed by ByteDance employees in China.

In a statement about TikTok’s data access controls, TikTok spokesperson Shanahan said that the company uses tools like encryption and “security monitoring” to keep data secure, access approval is overseen by U.S personnel, and that employees are granted access to U.S. data “on an as-needed basis.”


It is unclear what role ByteDance’s Internal Audit team will play in TikTok’s efforts to limit China-based employees’ access to U.S. user data, especially given the team’s plans to monitor some American citizens’ locations using the TikTok app. But a fraud risk assessment written by a member of the team in late 2021 highlighted data storage concerns, saying that according to employees responsible for the company’s data, “it is impossible to keep data that should not be stored in CN from being retained in CN-based servers, even after ByteDance stands up a primary storage cetner [sic] in Singapore. [Lark data is saved in China.]” (brackets in original).

Moreover, a leaked audio conversation from January 2022 shows that the Beijing-based team was, at that point, gathering additional information on Project Texas. In the call, a member of TikTok’s U.S. Trust & Safety team recounted an unusual conversation to his manager: The employee had been asked by Chris Lepitak, TikTok’s Chief Internal Auditor, to meet at an LA-area restaurant off hours. Lepitak, who reports to Beijing-based Song Ye, then asked the employee detailed questions about the location and details of the Oracle server that is central to TikTok’s plans to limit foreign access to personal U.S. user data. The employee told his manager that he was “freaked out” by the exchange. TikTok and ByteDance did not respond to questions about this conversation.

Oracle spokesperson Ken Glueck said that while TikTok does currently use Oracle’s cloud services, “we have absolutely no insight one way or the other” into who can access TikTok user data. “Today, TikTok is running in the Oracle cloud, but just like Bank of America, General Motors, and a million other customers, they have full control of everything they're doing,” he said.

This corroborates a January statement made by TikTok’s Head of Data Defense in another leaked audio call. In that call, the executive said to a colleague: “It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we're building our VMs [virtual machines] on top of it.”

Glueck made clear that this would change if and when TikTok finalizes its contract with the federal government. “But unless and until that’s the case,” he said, Oracle is not providing anything “other than our own security” for TikTok.

TikTok did not answer questions from Forbes about the status of the company’s negotiations with CFIUS. But in a statement to Bloomberg published early this morning, TikTok spokesperson Brooke Oberwetter said: “We are confident that we are on a path to fully satisfy all reasonable U.S. national security concerns.”

Richard Nieva contributed reporting.

So that will be just one more entity on the list of entities already tracking your location.

Pretty much the way I feel... and we all sign up for it without batting an eye.

Craziest thing I've ever seen -- and probably the watershed moment of "turning the corner" towards our doom -- people running around with their hair on fire (and a cell phone in their hand) insisting the vaccine had a tracking microchip.

But what about all the tik tok dances and tik tok challenges and tik tok whatevers?

Call me old, but I never understood why tik tok was such a craze when people already belonged to multiple platforms that already did the same thing.

and the only one that shares with the Chinese government your physical location.

Ya think? lol.

I can't wait for the day when my biggest worry is wondering if China is stalking my hashtags.

Yes, I do and the amount of data the Chinese govt is collecting on Americans is beyond disturbing. Plus, the content they serve is much different than the content that is served in China.

...and you can solve multiple problems at once.

Social Media combined with AI is a largely unrecognized danger to society. It is becoming very clear that the threat of AI is not one where a bunch of robots come to life and threaten mankind, rather, AI can use media to hack the human mind. It turns out, that humans are pretty easily influenced through social media that manages to keep them engaged and there are all sorts of tricks that can be used to keep users eyes on the screen. TikTok is notorious for using every trick in the book to keep users engaged. It even does things like apply beauty filters behind the scene to make peoples skin and facial features appear more attractive without telling users that they are doing this. It may seem like a sort of benign thing, but it is actually a trick that was discovered to significantly influence users choice of social platform and the degree to which they used that platform.

This is the reason many people are actually concerned about TikTok. It is not just data going to China. If China wants data on you, they can go purchase it from many companies. It is the ability to then use that data to change your mind without you realizing it that should be considered the real danger.

TikTok is recognized as a concern in many countries and is even blocked in China itself. They don't want their own youth exposed to the system.
In the U.S., both the Biden and Trump administrations have attempted to block TikTok in some way.

Lol. So you’re worried about the Chinese following your every movement? Ahhh bless your heart. Two words. Opt out. Paranoid maga sheep crack me up.

This is just the first generation of meta data operations. It’s going to take at least another generation of meta data users to correct our adolescent use of it.

Im in the industry... What they are doing is wrong.

1. I'm definitely not Maga
2. I don't use TikTok because of their datacollection
3. Imagine military/hacking applications that this can be used against

1. Maybe
2. Then you don’t have anything to worry about.
3. Paranoid much? Which military/tracking applications are you talking about?

My question to you would be where is it you go or what is it you do that you're so worried China will find out? I mean why would they give a damn where you go and what you do?

aren't there a bunch of apps that track locations, like snapchat and such?

seems like the data would be easy to obtain regardless of who has access to the information, or whether they own the app or not. especially since a lot of our data gets sold to third parties, as well as being used for the algorithm when it comes to ads and marketing.

i guess i'm trying to understand why TikTok is unique and why i should be concerned.

Because it's China.

https://www.axios.com/2022/11/01/interview-fcc-commissioner-says-government-should-ban-tiktok

FCC commissioner says government should ban TikTok

https://www.npr.org/2022/11/17/1137155540/fbi-tiktok-national-security-concerns-china

The FBI alleges TikTok poses national security concerns

There are different data party types. 1st, 2nd, 3rd and zero.

1st party data is your data of your company acquired from your efforts
2nd party is acquiring someone else's first party data
3rd party is acquiring data from a data warehouse and is hot garbage
Zero party is a user willingly trades their personal info to a company in exchange for something.

When you are buying on a platform....you are buying the ability to target the platform's 1st party user data & reach multiple user IDs with audience minimums so you can't target an individual person. The only one who has direct access to the individual user data would be the platform (TikTok).

IE TikTok has all of the data and no one really knows all of that they have.

They may not care about him, but I think if the horizon is broadened a bit, you can see where that could be a problem.

https://www.nytimes.com/2022/02/03/technology/elon-musk-jet-tracking.html



A Teenager Tracked Elon Musk’s Jet on Twitter. Then Came the Direct Message.
Jack Sweeney, a freshman at the University of Central Florida, said that Mr. Musk raised privacy and security concerns about his popular Twitter account, @ElonJet.


For Elon Musk, the billionaire chief executive of Tesla and founder of SpaceX, traveling by private jet is not such a private endeavor.

Jack Sweeney, 19, a freshman at the University of Central Florida in Orlando, has been tracking a Gulfstream G650ER that he identified as Mr. Musk’s private jet and posting maps of its whereabouts on a popular Twitter account since June 2020.

Mr. Musk is not the only famous person being followed by the pesky wingman, who has thwarted efforts by Mr. Musk and others to cloak their movements on aircraft-tracking applications and websites.

The nosy can also keep up with Drake, Mark Cuban, Jeff Bezos and Bill Gates on Mr. Sweeney’s other accounts.

Mr. Sweeney said on Wednesday that he was able to track them using data from their plane’s transponders — a public record that includes the aircraft’s altitude, latitude and longitude and heading — an algorithm and a bot that he created.

But Mr. Musk was rather vexed by the flight-tracking gambit, Mr. Sweeney recalled in an interview, saying that he received a direct message on Nov. 30 from the billionaire on Twitter asking him to deactivate the account @ElonJet.



“I go like, Oh my gosh, Elon Musk just DM’d me: ‘Can you take this down? It’s a security risk,’” Mr. Sweeney said. “Then he offered me $5,000 to take it down and help him make it slightly harder for ‘crazy people to track me.’”

Mr. Sweeney provided screenshots of the exchange to The New York Times, which was not able to independently verify its authenticity.

Mr. Musk did not immediately respond to messages seeking comment on Wednesday, including to say whether he sent the messages.

Editors’ Picks

Help! I Was Banned From Lyft and No One Will Tell Me Why.

Laughing at Kanye Doesn’t Help

Adele Returns to the Stage in Las Vegas, Resolute and Reflective
The exchange highlighted the tension between open public records and privacy — and it was not the first time famous people had been tracked. Journalists have used flight-tracking apps to follow politicians ahead of vice-presidential selections. Investors use them to shadow chief executives to get wind of corporate mergers. Sports fans have used them to track coaching candidates of their favorite teams.

Mr. Cuban, the billionaire owner of the Dallas Mavericks, declined to comment on Wednesday. Representatives for Mr. Bezos, the Amazon founder; Mr. Gates, one of Microsoft’s founders; and Drake, the hip-hop mogul, did not immediately respond to requests for comment on Wednesday.

Ryan Calo, a law professor at the University of Washington whose focus is technology and its legal implications, said on Wednesday that the Federal Aviation Administration required planes to transmit location data to prevent collisions and to help find lost aircraft.

“What this teenager is taking advantage of is a lack of foresight on the part of the F.A.A. that this would become a privacy problem for some people,” Professor Calo said.

Reached for comment on Wednesday, the F.A.A. said that the situation was outside the agency’s scope of authority.

Professor Calo was amused that a teenager would hear directly from Mr. Musk.

“There almost couldn’t be a greater power asymmetry between Musk and this teenager,” Professor Calo said. “This is not David and Goliath. This is like Goliath and a flea on David.”

Mr. Sweeney said that he was drifting off to sleep when his Android phone buzzed at 12:19 a.m. on Nov. 30. He had been in his dorm room, where several posters promoting SpaceX, Mr. Musk’s space exploration company, were hanging on the wall above his bed, according to a photograph shared on Mr. Sweeney’s personal Twitter account.

Mr. Sweeney made a counteroffer to Mr. Musk, according to the screenshots of the exchange, saying that he would abandon the account if Mr. Musk upped the ante to $50,000. He said that he would also accept a Tesla Model 3, an electric car that costs more than $38,000, adding that he was joking.

In the exchange, Mr. Sweeney was asked how he had been able to track Mr. Musk. He explained that he had obtained the plane’s transponder data. When told that paying to have the Twitter account shut down didn’t seem right, Mr. Sweeney made another proposal: How about an internship?

The exchange, which carried on for more than a month, went silent after Jan. 23.

Mr. Sweeney downplayed the privacy and security concerns associated with his tracking account for Mr. Musk, which has more than 305,000 followers.

“It’s a private jet so he goes right from the jet to the car,” he said, adding that he has long been fascinated by tracking planes. “I don’t think it’s that big of a concern. Some people are just interested in seeing where he goes.”

Mr. Sweeney said that he obtained the data for his aircraft-tracking accounts from the ADS-B Exchange, which describes itself on its website as the world’s largest source of unfiltered flight data.

Dan Streufert, the founder of ADSBexchange.com L.L.C., said in an email on Wednesday that anyone with basic electronics could obtain the signals from aircraft that broadcast their locations. The information is also available by listening to air traffic controllers, he added.

“However, it is important to note our website tracks aircraft, not individuals,” Mr. Streufert said. “We cannot say who is or is not on the plane. Mr. Musk’s companies own and operate many aircraft — this is only one of them. Mr. Musk may find Mr. Sweeney’s activities annoying, similar to paparazzi, however, this information is already public from a myriad of sources.”

Professor Calo said that as long as Mr. Sweeney did not create the flight-tracking accounts to demand money from Mr. Musk and others, it would be difficult to make a criminal case that it was extortion.

“You’d have to purposely create this harm and hold it over somebody,” he said.

Professor Calo said that it would be difficult for a public figure like Mr. Musk to bring a civil lawsuit against Mr. Sweeney contending that his privacy had been breached.

“So I think there would be real hurdles to try to pursue this kid, civilly,” he said.

Still, he cautioned that Mr. Sweeney could open himself up to litigation if he took it too far.

“That’s quite a ride,” he said. “He just has to proceed carefully from here.”

After Mr. Sweeney’s last message to Mr. Musk on Jan. 23, the exchange bore a certain finality.

“You can no longer send messages to this person,” an automated message from Twitter read.

please tell me you are not trying to equalize a kid who is publishing flight info of Musk's plane (which is public accessible) and trying to compare it to what the Chinese government has 24/7 access to (individual) American citizens' information.


They are not the same.

I'm pointing out that people can be tracked in many ways, tik tok is hardly the primary source needed.

Our cell phones are essentially tracking devices in general, there are multitude of ways one could track someone.

Even a non-techie person could get a general sense of someone location by their social media posts. Heck, millions of people "check-in' to location when they go somewhere.


Besides, on a humorous side, I equate China tracking tik tok'rs to aliens learning about humans by our 1960's sitcoms broadcast acrost space. Just imagine aliens watching Mr Ed and wondering, "which ones are the primary species?" . Just look at the general content on Tik Tok, and you'd probably gladly let China have them.

You made direct contact with the head of the nail.

1. Foreign governments shouldn't have 1st party access to individual American data. (how in the living heck are people ok with this?)
--- Would you care if Russia had access to this info?

2. I think you are underestimating China's Military & government from a technological perspective. They are only a few years behind us military speaking and they are on our level when it comes to coding. In many ways, they are advanced compared to the Americans I am dealing with on a regular basis... American developers have become very lazy & sloppy.

- A couple of lines of code through TikTok could cause 100 million phones to be weaponized simply by overheating them until they explode.
- Some lines of code through TickTok and someone can take over your vehicle if it is connected through BT or through the internet.
- A few lines of code through TikTok and they can record all of your keystrokes/login info and siphon off all of your accounts.

These are all real things and it's very concerning that China can have access to them through the app along with your user data.

I'm not happy about any invasion of my privacy or gathering of my personal information. I grew up during a time when that was held in high regard.

That's just not the way our world works any longer. It's been normalized and accepted. Everyone from your local grocery store, to social media to big box stores to your cell phone gathers information on you. I for one hate the very thought in regards to any of it. But let me tell you the way I look at it. The Chinese government has no control over me. They are not able to use that information against me the way my own country and government can. My own government has jurisdiction over me. They have direct authority over me. It's they who could persecute me for my beliefs which they can easily identify by social media. The enemies you fear should probably the one's closest to home.

I really wish the American people truly understood the laws regarding their data being collected, that info being sold, and communication laws.

What people believe vs reality is light years apart.



The Chinese govt has no control over you because they never had access or the ability to communicate with you. Through apps like TikTok, that can change.

You're going on the assumption that those laws are being kept. What I described is far more than "communicating" with you. Your own government has far more power than that.

There are very strict international laws about what data can be collected and how to store it. (GDPR). But most people sign their rights away by clicking agree on TOS and Privacy Policies.

Im not that worried about the chinese government. Chinese hackers are a worse problem. And especially apps that you install assuming they are safe.

Um... yeah. those laws can destroy/bankrupt most companies under 100 million in revenue. They are not being broken. Back in 2002... that was a much different story in my industry. Everything was the wild west. Today, our industry is much more regulated. Fines can easily be up to $16,000 per individual communication sent.

As a bonus, you get to look forward to criminal penalties on your record & jail time.

I'm very much aware of all of the laws. It's part of my job to know them

also, the Chinese govt has been paying hackers to back secrets & sensitive data for years. Since 2018, they have really stepped up their game and paid bigger bounties.

IE they are one in the same.

You switched the topic from gathering personal data to hacking businesses. Those are two totally different topics. We were discussing gathering personal information on Americans.

Nail meet coffin.


https://www.linkedin.com/news/story/tiktok-staff-wrongly-accessed-data-5093057/


TikTok staff wrongly accessed data

By Jessica Hartogs, Editor at LinkedIn News
Updated 2 hours ago


ByteDance has admitted that its employees breached TikTok user data, reports The Wall Street Journal, citing anonymous sources. Two U.S. journalists had their data accessed by the social media company, according to an investigation by the Chinese owner of TikTok. In an internal email, TikTok's General Counsel wrote that in order to identify leaks of confidential company information, Internal Audit and Risk Control department staff had come up with "a misguided plan" to access the data of the journalists. TikTok has been under the scrutiny of the U.S. government, with several states banning the app from government devices.


https://www.forbes.com/sites/emilyb...s-journalists-bytedance/?sh=717dcf817da5

ByteDance fired four employees who accessed US journalists' TikTok data

The workers were allegedly attempting to track down the sources of leaks to the reporters.

ByteDance says it has fired four employees who accessed the data of several TikTok users located in the US, including journalists. According to The New York Times, an investigation conducted by an outside law firm found that the employees were trying to locate the sources of leaks to reporters. Two of the employees were in the US and two were in China, where ByteDance is based.

"ByteDance condemns this misguided plan that seriously violated the company's Code of Conduct," a ByteDance spokesperson told Engadget. "We have taken disciplinary measures and none of the individuals found to have directly participated in or overseen the misguided plan remain employed at ByteDance."

The company reportedly determined that members of a team responsible for monitoring employee conduct accessed the IP addresses and other data linked to the TikTok accounts of a reporter from BuzzFeed News and Cristina Criddle of the Financial Times. The employees are also said to have accessed the data of several people with ties to the journalists. Forbes claims that ByteDance tracked three of its reporters who previously worked for BuzzFeed News. All three of those publications have published reports on TikTok, including on its alleged ties to the Chinese government. 

“The misconduct of those individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users," ByteDance said in a statement to Variety. "We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”

In October, Forbes reported that members of ByteDance’s Internal Audit and Risk Control department planned to use TikTok to track the locations of specific US citizens. ByteDance refuted those claims, but the report tracks with the results of the internal investigation. The company told the Times it has restructured that department and prevented it from accessing any US data.

“No matter what the cause or the outcome was, [the employees'] misguided investigation seriously violated the company’s Code of Conduct and is condemned by the company," ByteDance CEO Rubo Liang reportedly told employees in a memo. "We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders. We must exercise sound judgment in the choices we make and be sure they represent the principles we stand behind as a company.”

Word of the investigation and employees' dismissal comes amid various attempts to ban TikTok in the US. More than a dozen states, including Georgia and Texas, have blocked the app on government-owned devices. Earlier this month, a bipartisan bill sought to effectively ban TikTok from US consumer devices, along with other social apps that have ties to China, Russia, Cuba, Iran, North Korea and Venezuela.

Meanwhile, the Senate has passed a $1.7 trillion spending bill, which includes a measure that would ban TikTok on most devices issued by the federal government. There will be some exceptions for elected officials, congressional staff and law enforcement. The House is yet to vote on the omnibus bill but is expected to pass it on Thursday evening. 

According to the Times, ByteDance said the fired employees accessed historical data that it plans to delete from its own data servers in the US and Singapore. The company said in June that all of TikTok's TikTok user traffic is being routed to Oracle's servers. That's now the "default storage location of US user data," but at the time ByteDance continued to back up the data on its own servers.

https://www.engadget.com/bytedance-tiktok-employees-us-user-data-journalists-210339650.html

I just don’t get it. Complaining about tic-toc stealing your information when everyone has an an option to sign up or unsubscribe is comical.

Even more comical is that many of the people who would/are be up in arms over tik tok "tracking" them, are doing so while posting where they are every 10 minutes in their feeds.

I think what people are failing to understand is that the Chinese Government has a very high probability of getting access to this data including extremely sensitive information like biometrics.

https://www.reuters.com/technology/...bans-tiktok-official-devices-2022-12-27/

U.S. House administration arm bans TikTok on official devices

https://www.bizjournals.com/sanjose...erns-revive-push-for-tiktok-us-sale.html

Security concerns may revive push for sale of TikTok's California-based U.S. unit

https://okcfox.com/news/nation-worl...-foreign-investment-in-the-united-states


Lawmakers consider an outright ban on TikTok in the US due to security risks

Warner fears the data TikTok is collecting on its more than 60 million U.S. users will end up on Chinese servers, including biometric data.

What I almost find is a bigger problem is that TikTok is also a communications network, and the Communist Party in China can dial the algorithms, they can dictate to TikTok, the parent company ByteDance, we’ll show this kind of content or that kind of content," the senator added. "And the proof of that is the TikToks that Chinese kids see which advances science and engineering versus the TikTok that our kids see is dramatically different.

Nothing in the average Americans data threatens national security.

Parents that allow their kids to use tic-tok are nuts.

Au contraire mon frère. National Security would be exactly something like allowing millions of citizens to have their electronic data taken from them or used improperly.

Examples:
There is a point between when someone enters a new password in a text field as plain text... before it is submitted to be hashed and stored in a database where it can be printed and captured as plain text whcih can be stored in a database. I would not put this past the Chinese Gov't to do this. This still passes the data security check because... the data is stored hashed and it only take a few lines of code to capture the data. *This is another reason we are moving to 2FA, 2-step, or multi-factor.*

The other is that algos are able to guess a user's password with high success rates. Last I read up on the topic... it was about 75% https://ieeexplore.ieee.org/document/9209690 (guess where all of the authors are from)

The last reason is people are lazy and don't change their passwords or are unimaginative and reuse the same 5-10 passwords over and over again.

The biggest concern I have is the amount of people who have access to sensitive or biometric data is mind-blowing. About 20-25 million US citizens have access to this data in one shape or another. If you get the right people you can access 200+ million people's information either by stitching or parsing data.

Not to be rude... I can promise that you are very much out of your depths when it comes to these conversations around AI/data collection/storage and accessing it.

What Tik Tok is doing needs to be stopped ASAP.

and there is this kind of stuff that is also happening at the same time.

https://www.msn.com/en-us/news/worl...mp;cvid=712bfd1684e04e70a5cc7aadfede8be5

China publicly gets closer to Russia despite war
Despite all of Russia's missteps in Ukraine, China is standing firmly behind the Kremlin and pushing further from the U.S.

Chinese Foreign Minister [censored] Yi said his country would “deepen strategic mutual trust and mutually beneficial cooperation” with Russia a week after warships from the two countries held joint naval drills in the East China Sea.

[censored] also defended China's refusal to condemn Russia's invasion of Ukraine and join in the sanctions imposed by the U.S. and EU, which has led to a growing distancing from China by much of Europe. He blamed the U.S. for the deteriorating relationship between the world’s two largest economies.

Like all evil empires they blame the rest of the free world on their violent encroachment and inflicted atrocities.Nothing new here.

I repeat, most things in every day Americans information threaten the national security of The United States.

Really? I would think the opposite but what do I know.

Yeah, that was a brain fart of epic proportions. lol I meant the exact opposite.

Lol thought so bro.

I disagree. When your banking info, passwords, etc, are stolen due to tiktok, yeah, it CAN threaten the national security.

I'm not concerned with the chinese knowing where I was at any given time. I'm concerned about about the information they glean from taking all the info off your phone.

Keep in mind, I was gone for a few days, and I read Blowback, by James Patterson. (heck of a good book. Some 500 pages, took a day and a half to read, while spending time with family, skiing, etc. I know it's a book - but dang - read it.)

Doesn't quite work like that arch. Not saying if they hacked your phone that, they couldn't take info, but the app itself can not get anything except maybe contacts,

That's not how I understood it. But oh well.

Your OS won't allow apps to just randomly take info off your phone unless you've consented. But if somebody hacks your phone, they usually get admin user privileges and can take anything.

OCD is correct. Each app is it's own ecosystem, and need explicit permission from the User during install to access other data, but only OS data (Contacts, Calendar, etc) to interact with device features.

In recent years, on Android at least, it has gotten very restrictive what an app creator can access, and they all come with permission pop ups.

I hope the explanations from OCD and Florida helped explain how this works. And maybe even Super got something out of it. Maybe he was out of his depth when discussing things like this.

They’re too involved in reading political fiction that meets their agenda, then how things really work.

somewhat inaccurate.

you can give a general "I consent" without knowing exactly what you are consenting to. 99.999% of people do not read every single description of what they are consenting.

People do it all the time with apps.

You can consent to browser access, contacts, calendars, files, etc

If you consent to browser access they can capture everything they would ever need.

Is there any such consent request for such a thing on Tic Tok? That may be a very pertinent piece of information for this thread.

Yes. It's on install.

This is extremely inaccurate.

Here is an example of a hack that just happened today.

https://news.yahoo.com/delete-popular-task-manager-app-195317442.html

If you have the app, the app has the ability to do what it wants. I hope you understand that.

In general application silos in mobile OSes are much like locks on your house. They may defeat bad thieves, but they aren't as effective against more sophisticated attacks. China is a known state level actor that uses multiple techniques to compromise systems. If they have direct access to the TikTok code that gets installed on devices it would not surprise me one bit thy can use that as a viable attack surface and break out of the silo to compromise other data.

jc

https://dot.la/what-data-does-tikto...ign=post-teaser&utm_content=bo9ywg5v

Here

No, they can't! Every website you go to most certainly does NOT have the ability to access important files on your PC or mobile device. I'm not going to let a site like this access my encrypted password files, financial accounts, etc. A system that didn't, at a minimum, defend against that silliness would be totally useless to anyone using a PC for business or personal finance. Apps can access their own data, files the owner gives admin rights to the app to open, and allows the app to control parts of the PC like the camera. They can not just log in and surf your PC. It doesn't work like that, and I'm shocked you don't understand this.

Yes they can capture keystrokes and the password prior to submission to be stored in hashed format.
This is the basis of how a website knows if you met all of the criteria with numerical or symbols and legnth.

When you click "I Accept", you grant whatever permissions the app is requesting.
*no one else reads the fine print what the app is actually getting access to.


I'd bet a lot of money I understand how this stuff works better than almost everone, if not everone on this board.

Smh. Okay, man, you know what you know. We can all see that.

So, is tik tok safe, or not?

Not with any data they do collect. I'll watch their videos online with all my protection running. But I wouldn't want to give them anything more than an email. I would even pass on any security questions or use very unique answers.

Of course I do... it's literally my job.

Personally, I would never download it and I I hope it gets removed from the playstores.

Well the TODO: Day Manager app was not on the play store, you had to manually install it after downloading from a third-party site.

If someone is doing that without understanding the consequences, they put themselves in that position.

I had to take down one of our company apps, from the play store, because google was making it more and more difficult to collect device data to ensure our company apps worked as intended. I moved them all to web-based and everyone is much happier, and we have less issues.

Did I forget the purple? You are clueless when it comes to computer security. CLUELESS.

Not trying to be mean; I just didn't want to be the reason the prince of Nigeria gets your money.

Lmao. I am responsible for building and optimizing AI, databases & connections, plugin/app builds, website builds and and updates, and data encryption/security.... among other things.

[quote=FloridaFan]Well the TODO: Day Manager app was not on the play store, you had to manually install it after downloading from a third-party site.
/quote]



Not sure if it was or was not ever in it. Regardless, this happens quite often if it is in the playstores or not.

OMG He's a rare thing. He's a software developer! Nobody else has that job. Dont tell India.

Then you might want to learn about app security and what they can and can't do. Stop wasting my time correcting the misinformation that you are putting out. Find a single coder that agrees with what you are saying, then we can argue.


This should help for a start:

https://oag.ca.gov/privacy/facts/online-privacy/protect-your-computer

Sounds like an IT gig.

I bet Microsoft, Google, and Apple were all shocked to find out that the millions, if not billions, invested in their OS security was a complete waste and any 500lb guy on his bed can hack your banking, passwords, and personal files and reduce you to poverty by getting you to download Fatman's angry birds. Somebody has no clue.

You have no clue what you are taking about.

There are hundreds of keystroke tracker and loggers out there

https://www.spyrix.com/en/spyrix-free-keylogger.php

Oldcal

I find it odd you are a subconscious fat shaming sexist.

On topic:

1. Tik Tok is not some person. It is an app millions of Americans are granting access to their personal devices that is accessie by the Chineese Goverment.... not an individual on their bed.
2. Us citizens are granting the Tik Tik app acess to their devices. So... they (Chinese govt) doesn't need to hack to get permission. They already have it.
3. Tik Tok standard access includes real time location, IP biometrics, contacts, calendars, camera, other app info, browser/cookies. Plus...any potential tracking software similar to the one I shared above.
https://www.gizmodo.com.au/2022/07/tiktok-app-phone-access/
4. It doesn't take much before you can lose everything because you granted an app access to your device.
5. You really don't even know or understand what you are saying. Please stop.

We already acknowledged that the app could control device functions like the camera. This is still not access to encrypted files. And "fat guy on a bed" is a Trump reference.

Hopefully someone won't come along and say that since you didn't spell that out in detail in your first post that it doesn't mean anything. That just because they didn't comprehend the inference means it wasn't there. It could happen.

https://english.elpais.com/usa/2023...olitical-battle-against-chinese-app.html


Weeks earlier, in an opinion piece in The Washington Post signed with Congressman Mike Gallagher (Wisconsin), Rubio wrote: “The app can track cellphone users’ locations and collect internet-browsing data – even when users are visiting unrelated websites.” “That TikTok, and by extension the CCP, has the ability to survey every keystroke teenagers* enter on their phones is disturbing,” the two lawmakers wrote, pointing out that China’s 2017 National Intelligence Law requires organizations and citizens to “support, assist and cooperate with state intelligence work.”

*all ages not just teenagers keystrokes can be recorded*

Again... I implore you to stop spreading misinformation.

I don't know how else to tell you that I know what I am talking about on this topic.

You do realize that plainly states it's an opinion piece, right?

You do realize that doesn't mean it cannot have any facts in it, right? I mean, you love your opinion pieces and blogs when they are to your advantage. And let's not forget your paid for "studies" that are biased.

I'm over talking to you two.


https://www.google.com/amp/s/amp.abc.net.au/article/101356198

https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research/?sh=1f8d8a767c55

https://www.google.com/amp/s/www.nytimes.com/2022/08/19/technology/tiktok-browser-tracking.amp.html

https://www.business2community.com/...kes-yep-its-for-troubleshooting-02541078


TikTok users click a link to access a website from the iOS app, code that can track a lot of their activity on these external websites is installed. The JavaScript code in TikTok allows it to track all keystrokes. In addition, the company can monitor every screen tap, text input such as passwords and credit card numbers, and keyboard press.


https://www.google.com/amp/s/amp.th...sites-through-ios-app-new-research-shows


https://www.google.com/amp/s/amp.abc.net.au/article/101356198

You remind me of that Police song. Every Breath You take. I refer to it as the stalker song. And no, I don't post opinion pieces and blogs. Try again Weedhopper.

So let's get back to your original premise. What does that have to do with national security by usage from the average American?

Look at you with your victimhood on full display.

So it has access to location and history... it's still not hacking you. FFS, just admit you are clueless.

Additionally, I wouldn't put much faith in any tech definition or report created by congress. Personally watching congress talk about tech makes my ears bleed with how stupid and non-tech-savvy they are.

And just an FYI. Keyloggers are about as low-grade an attack as you can do, and ALL antivirus can detect them and disable them. So, I don't see google allowing that in their play store. I really struggle to believe you have a job in it or whatever you do, and you don't know these basic security principles.

SMH... I just realized I'm arguing with someone who has no basic education or comprehension of how any of this stuff works.

You are struggling because you don't understand what you read (in the one paragraph about hacking and keylogging) that you found when you searched on Google before you proceeded to type out whatever illogical garbage that was.

What you have been saying in these last two pages has literally made everyone else dumber for reading it. Please stop.

Troll.

Just to be clear. Even though I believe Tik Tok is a problem on many levels, what is being perceived as Tik Tok "hacking", is actually small scripts that OTHER website include on their sites (usually to generate revenue), and it's these small scripts that track thing. They call them "pixels", and Google, Facebook use them as well.

First you would have to be important enough or a threat in order for me to be a victim. You are neither.

Not important enough to be used as an insult to other posters.


Of course this is another one of your silly little go tos.

Just reminding you of how butt pimples work. Nothing important. Just a slight, temporary pain in the ass.

kind of (close).

TikTok is actually the one doing the tracking/data harvesting through their allowed permissions (that everyone blindly accepts) when a person installs the app.

From there... TikTok is using JS (outside of its app ecosystem) to track every single tap on your phone.

In addition, the app also has additional access to:
Internet browsers
Texts/IMessage
Google
Calendar
Camera/photo gallery
clipboards
other apps

From there, they can record things like banking information, biometrics, passwords, etc.


The issue everyone is freaking out over is that China's Intelligence Law requires TikTok to give the Chinese government access to all of the data they collected where TikTok has collected the above-mentioned keystrokes.

Hence the problem.

Does anybody really believe that Google, Microsoft, Apple, and Linux developed and sold the app idea, knowing they would allow app devs access to banking information, biometrics, passwords, etc.? I know you can't see how absurd you sound, but I can. It's rumors, misinformation, and the uneducated trying to explain tech. This congressman does not understand how apps work. You do not understand how apps work or that app stores scan these apps for malicious code and control their installation. The fears and concerns being raised over TicTok could be raised against any app and would still be just as dangerous, having the same abilities to access peripherals on the device. The truth is that many features are built into the app infrastructure that would make it extremely hard for any bad actor to hack critical data on a target device. No, it's not entirely impossible, but calling it highly unlikely would be an understatement.

Don’t install the app? …Or Uninstall the app. Problem fixed. If users want to give up their info, so be it. Or you can take their freedoms away as is what usually happens.

Ture. However, this is where I said it's the government's job to ban the app.


Also, TikTok is doing separate data collection from you (yes you) even if you don't use TikTok or have never logged in from the thousands of websites their code is now on.

How it works:

Visit www.HelloFresh.com

View their source code:
view-source:https://www.hellofresh.com/
lines 51-59 Their Google tag manager code is: GTM-KMWJG5K (you can search by this as well)

*Google Tag Manager does a lot of the heavy lifting to insert TikTok's code (and other tracking codes) with a container and separate tags onto your device.

From there, TikTok code is now installed on your device and the fun beings.

What Happens next:

TikTok will start data harvesting on you and storing it in a database that matches using a unique ID as a primary key that has your information.

They backfill/update the data with everything from your IP address, user devices, device types, name, email, home address, phone, employment information, age, gender, any biometrics they can capture etc etc etc, and store your data in a single row anytime you submit a form on a website. *realistically, they probably store this data in multiple tables.

Now, they have your data and will continue to update it every time you visit one of the websites on their tracking code is installed. (thousands of websites)

For keystroke capturing, they need you to create an account and install their app or log in to your account from their website. (80+ million US users already captured)

If you would like to learn about how keystroke recording works:
https://empmonitor.com/blog/keystroke-recorder-how-it-works/

Long and short: it records and tracks every keystroke and is mostly done without the permission or knowledge of the user.

OMG

+1

It must be the result of side-loading his brain. Security protocols were definitely set and breached. The device is not trustworthy.

So, I'll ask again: Is tik tok a safe app, or not?

I want to know who the fun beings are and if I've partied with them before.

Yes, to view. I would not personally install it. But it can really only access info you give it permission to access. The one bad thing is that they are run under the Chinese state by a private company, and the government can not be trusted to always do the right thing. But the app is not going to get anything you don't give it access to, it won't steal your bank account, it won't stand outside your window like a big meanie, it will just upload videos and allow you to watch content. You can also go to tictok.com to do those things, which is what I do on PC.

Also, just as an FYI, there are no pcs or mobile devices made today that are not running 'some' Chinese written code. NONE.

https://www.npr.org/2022/12/23/1145...ndan-carr-supports-a-total-ban-on-tiktok

NPR's Leila Fadel talks to FCC Commissioner Brendan Carr about the issues with the social media app.

The other thing to note is that most of the data that article listed is completely legal to collect and routinely collected by websites, especially google. Unless the user is under the age of 13. If you ever install an app or create a website account and its asking for your age, thats a tipoff they want to collect PII data about you.


If you dont want tiktok having that data about you, then dont go to tiktok.

from the article you read in 1 minute:

But the reality is it operates as a very sophisticated surveillance technology. And for years now, it's been taking all of this data - not the videos themselves but data from your phone, including search and browsing history, keystroke patterns. It reserves the right to take biometrics, including face prints and voice prints.



That's not normal PII information. Some of that is very sensitive PII.

Its not a secret that google spies on you. Its not illegal either.

They need that data to make money from when they sell ads. They also make most of that data available to website owners in their google analytics app. In metadata form.

But that doesn't align with his conspiracy theory.

I never said it was illegal that Google collects data. They are a US based company and we have the perverbial throat to choke if they break laws.

Trust me, I know how the how ad space and data collection works along with Analytics/GA4.

Granted, Google keep getting fined for hundreds of millions for violating laws. But, we still have the hammer. Which, we don't over Tok Tok.

side note...

I don't think people realize how much of their privacy is still really intact. I feel like people thought they have lost completely control of it.

Meanwhile, there is growing support in the ad/tech world to stop allowing us to gather so much data without transparency (one of the reasons why we are going to a cookieless world).

The best they can do legally is put out PSA warnings on the app and ban it from government employees devices. Taking away our freedoms is not the answer. If you don’t trust the app don’t install it. What we install on our personal devices is not going to be controlled by old politicians on Capitol Hill and their pundits who have no clue what they are talking about.

false.

The feds have banned several apps

Is that why I can't get my "Classless Milfs" app to work anymore,, eerrr. I mean "Glassless Milk" app?

Can you give some examples? Probably not, because I can’t find any banned apps by the feds. Except for tic tok being banned on fed employee devices.

https://www.lawfareblog.com/new-bill-proposes-banning-tiktok-us

New Bill Proposes Banning TikTok in the U.S.
By Justin Sherman Wednesday, December 28, 2022, 8:31 AM


Tiktok by Solen Feyissa (https://www.flickr.com/photos/solen-feyissa/50179261657)
The Committee on Foreign Investment in the United States (CFIUS), which screens foreign investments in the U.S. for national security risks, is by multiple accounts in conversation with the social media platform TikTok, which is owned by the Chinese tech giant ByteDance. Little is publicly known about these conversations, but media reports indicate that CFIUS and TikTok are discussing a deal that would address U.S. government security concerns while also allowing TikTok to keep operating in the U.S. without sale by its parent ByteDance.

As this saga plays out behind closed doors, some members of Congress are pursuing a different approach. On Dec. 13, Sen. Marco Rubio (R-Fla.), along with House members Rep. Mike Gallagher (R-Wis.) and Rep. Raja Krishnamoorthi (D-Ill.), introduced a new bill to ban TikTok and ByteDance from operating in the United States. There has been some bipartisan consensus around TikTok-related issues, but Democratic co-sponsorship is notable, as Republicans have on the whole been more vocal in calling for a complete ban. The members titled the bill the Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and Algorithmic Learning by the Chinese Communist Party Act—or the ANTI-SOCIAL CCP Act, for short. The bill’s stated purpose is “to protect Americans from the threat posed by certain foreign adversaries using current or potential future social media companies that those foreign adversaries control to surveil Americans, learn sensitive data about Americans, or spread influence campaigns, propaganda, and censorship.”

In several ways, the bill contributes to the risk assessment landscape around foreign technology companies. It defines terms such as “entity of concern” and establishes a list of criteria that would indicate a foreign social media platform is unduly subject to a foreign adversarial government’s control. It also lists countries of concern beyond China, including Russia, Venezuela, Cuba, and North Korea.

The bill has several concerning components. While it describes particular risks associated with foreign social media platforms—including the ability for a foreign government to compel a firm to hand over data or compel a company to modify its content moderation practices—it is not clear the bill and its writers are building a policy that allows for a more nuanced risk assessment that translates into adaptable policy responses. Instead, the bill proposes a template, one-size-fits-all approach—a complete ban—to foreign social media companies identified as a security risk under the criteria. Notably, the bill would also circumvent an executive action limitation meant to constrain the president from overreaching in banning information-related transactions.

All told, it is a noteworthy piece of legislation, and it delineates between the risk of data access and the risk of content manipulation better than then-President Trump’s executive order on TikTok. But it raises many questions about how the U.S. government should approach concerns about foreign social media platforms and national security—and how the U.S. government should be able to respond to potential risks. In addition to clearly defining a problem and distinguishing between distinct security risks, a remaining imperative for legislators and policymakers is developing risk frameworks that are precise, nuanced, and compatible with a suite of tailored policy responses.

Invoking the International Emergency Economic Powers Act

This new bill has many provisions, but at its core, it directs the president of the United States to effectively ban certain foreign social media companies from operating in the United States—explicitly specified herein as ByteDance and TikTok. Based on how the legislation is more broadly written, the call for a ban could theoretically expand in the future to cover other foreign social media platforms deemed to be a risk to U.S. national security (the bill’s determination process for this status is discussed below). Calling for this action means rehashing, once more, one of the Trump administration’s most infamous, and failed, tech policy actions: attempting to ban TikTok in the United States.

The bill states that 30 days after the bill is enacted, the president will use their powers under the International Emergency Economic Powers Act (IEEPA) to “the extent necessary to block and prohibit all transactions in all property and interests of property of a social media company” as laid out in the bill. IEEPA, as explained by law professor Bobby Chesney, essentially allows the president to impose sanctions and embargoes on foreign entities when the president deems there is a “national emergency” with U.S. interests at stake. Trump invoked this authority in August 2020 when he issued executive orders to ban TikTok and WeChat in the United States. (Multiple courts subsequently overturned these actions, and the Biden administration withdrew the orders in July 2021.)

In this case, the bill would exempt the president from 50 U.S.C. § 1701 and § 1702(b) of the IEEPA, meaning that the president would not have to declare a national emergency before invoking IEEPA (which is required under § 1701)—and would not be constrained by the prohibitions (under § 1702(b)) on regulating the import or export of information or informational materials, among others. The former exemption is not surprising, because the bill’s very premise is that certain social media platforms pose risks to national security through their U.S. operations. The latter exemption is more notable. IEEPA is written explicitly to have limitations. By not constraining the president by 50 U.S.C. § 1702(b), the bill would circumvent IEEPA’s clear limitation on the president regulating or prohibiting, directly or indirectly, the importation or exportation “whether commercial or otherwise, regardless of format or medium of transmission, of any information or informational materials.” Social media platforms could arguably fall under this definition, which makes circumventing the limitation all the more significant and potentially concerning. If Congress does pass this bill, that would indicate a legislative belief that TikTok’s security risks make it necessary to bypass the IEEPA constraint.

According to the bill, for a social media company to qualify for this blocking and prohibition, it must satisfy at least one of the following (paraphrased) criteria:

The company is domiciled, headquartered, or has its principal place of business in or is organized under the laws of a “country of concern.”
A country and/or entity of concern directly or indirectly owns, “controls with the ability to decide important matters,” or holds 10 percent or more of the company’s voting shares or stocks.
The company uses software or algorithms that are controlled, or whose export is controlled, by a country or entity of concern.
A country or entity of concern can substantially, directly or indirectly influence the company to (a) share data on U.S. citizens or (b) modify its content moderation practices.
The bill explicitly states that ByteDance and TikTok are “deemed companies” that satisfy these criteria.

Defining Undue National Security Risks (Though Not in Those Words)

On top of designating ByteDance and TikTok as deemed companies, the bill defines a “country of concern” and an “entity of concern” in a way that could enable additional, future applications of this IEEPA social media platform ban. Notably, the bill is not just looking to compel executive action against ByteDance and TikTok. It would also establish a set of definitions and criteria against which other foreign social media companies could be compared in the future. As U.S. policy around foreign technology companies, products, and services evolves, these contributions to the risk assessment landscape illuminate policymaker thinking on identifying and mitigating risks. The bill would also effectively set a precedent by which the president bans a foreign social media platform on national security grounds, using IEEPA but without some of its constraints.

To define a “country of concern,” the bill points to the term “foreign adversary” in the Secure and Trusted Communications Networks Act of 2019. According to that 2019 legislation, a foreign adversary is defined as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” In this respect, the bill explicitly names the People’s Republic of China (including the special administrative regions of Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. These countries are also frequently named as foreign adversaries in U.S. policy documents and legislative proposals around risks to national security.

In turn, the definition for “entity of concern” covers a wide range of scenarios. This definition includes the armed forces, the leading political party, or a governmental body at any level in a “country of concern.” It also includes:

(D) an individual who is a national of a country of concern and is domiciled and living in a country of concern, and who is subject to substantial influence, directly or indirectly, from a country of concern; or

(E) a private business or a state-owned enterprise domiciled in a country of concern or owned or controlled by a private business or state-owned enterprise domiciled in a country of concern.

From a national security risk perspective, some of this appears reasonable. Of course, if an entity in question is literally part of the armed forces of a country of concern to U.S. national security, it creates or heightens the risk that said entity will use its access to or control over a technology platform to assist with its own country’s national security objectives. Many recent U.S. sanctions and other restrictions, for example, have targeted Russian and Chinese companies because of the ties they have to the Russian and Chinese militaries. If those militaries themselves had control over or substantial access to a social media platform, it would raise a number of important security questions. The same clear risk is present with entities that are part of a foreign political party or a foreign government, and this is especially true if that entity is a security agency.

The reference to individuals subject to “substantial influence, directly or indirectly, from a country of concern” likewise appears reasonable on its face. There are certainly foreign countries where law enforcement agencies or intelligence services are known to place intense, coercive pressure on individuals at technology companies to compel them to hand over information, to cooperate with the state on an ongoing basis, or even to send a message to company leadership. For example, in the fall of 2021, the Russian government demanded that Apple and Google delete opposition leader Alexey Navalny’s voting app from their app stores, ahead of nationwide Russian elections. When the companies refused, the Kremlin sent masked thugs to sit around the Google Moscow office with guns, the Russian parliament called in company representatives and gave them lists of local employees who would be hauled off to jail, and the Federal Security Service, Russia’s domestic security agency and the KGB’s successor, went to the home of the top Google executive in Russia and then chased her to a second location. Sure enough, both companies reversed course and complied with Moscow’s demand.

A definition that includes “substantial influence” speaks to real, high-risk intelligence and law enforcement activities in countries like Russia and China. Nonetheless, the proposal begs the question of how broadly this definition should be applied. There are many different scenarios in which it is arguably possible that a foreign government could exert substantial influence over someone at a foreign tech company. But possible does not equal probable, and part of a risk assessment is working to identify scenarios in which a harmful outcome is more likely. There are millions of people working in China’s technology sector, for example—which means that a policymaker assessing the risk of substantial Chinese government influence over a person or company must think through how to distinguish between higher-risk and lower-risk scenarios. It is not clear in the bill whether the legislation’s authors have such a framework in mind. Taken literally, though, the bill’s definition here suggests that the mere possibility of a foreign government’s substantial influence over a foreign person or social media company—when the company operates in the United States at a certain scale—is enough to compel a U.S. national security action.

Additionally, the last part of this definition, referring to private businesses in countries of concern, speaks to a broader policy question that U.S. policymakers must attempt to answer. State-owned enterprises are one risk category. They are controlled by a foreign government, and the government is clearly and actively involved in managing the enterprise. This direct state ownership also suggests the company would be more cooperative with that state’s law enforcement and intelligence agencies than an enterprise with no state affiliation, even if that private enterprise had limited room to push back. However, the inclusion of private businesses in this list begs the question of whether some policymakers—such as Rubio and Gallagher—perceive that a private technology company in China can exist in the global market at all without creating undue national security risks. I do not have the answer to this question. And it seems many policymakers don’t, either. The relationship between economic security and national security policy is a point of frequent debate, as is the relationship between technological protection and economic security. Yet the new bill puts front and center the importance of policymakers articulating some kind of position on this question: Is a private technology company’s existence in China sufficient to create an undue national security risk?

Other definitions in the bill put some constraints on its scope. For example, a “social media company” as defined in the bill is scoped to companies that have more than 1 million monthly active users “for a majority of months during the preceding 12 months.” The fact remains, though, that by this bill’s definition, any private business that is “domiciled in a country of concern” (or owned by another private business that is) would be considered an “entity of concern.” WeChat, the subject of the Trump administration’s second executive order on a foreign platform, is not explicitly listed in the bill alongside TikTok and ByteDance. While the company by some reports has millions of active U.S. users, it is not entirely clear whether WeChat could fall under the bill’s definition of a social media company.

Distinguishing Between Distinct Security Risks

As I have written previously for Lawfare, a persistent problem with the Trump administration’s TikTok executive order and other, subsequent proposals around foreign apps is the blurring together of distinct security risks. With TikTok, for instance, one can imagine several different risks that impact the security landscape, including the risk of data collection on U.S. government employees, the risk of data collection on non-government-employed U.S. individuals, the risk of TikTok censoring information in China at Beijing’s behest, the risk of TikTok censoring information beyond China at Beijing’s behest, and the risk of disinformation spreading on TikTok. In this bill, the top-line statement describes several risks associated with foreign social media companies: The governments that influence those companies surveilling Americans, learning sensitive data about Americans, and spreading influence campaigns, propaganda, and censorship.

The ANTI-SOCIAL CCP Act does a somewhat better job in articulating risks than the Trump executive order. In the bill’s top-line statement, it lists risks, but they are clustered together and not clearly defined. For example, the supposed difference between a social platform “surveilling Americans” and a social platform “learning sensitive data about Americans” is unspecified. Perhaps the distinction is driven by the term “learning”—in one interpretation, suggesting that the former is gathering raw data, and the latter is using algorithms to derive sensitive information about people—but that is not clear. The top-line statement also clusters together “spreading influence campaigns, propaganda, and censorship,” which similarly should be broken out.

The bill improves on this later, when describing the aforementioned four criteria for a company to be of concern. The bill clearly breaks out (a) the risk of a company sharing or being compelled to share data with a government or entity of concern and (b) the risk of a company having its content moderation practices substantially influenced by a government or entity of concern.

This is important, because failing to clearly distinguish between alleged security risks is a problem for several reasons. First, the risks are different. A foreign government requiring a company to hand over data on particular foreign users is different from that government using the platform to algorithmically push pro-regime content—which is also different from that government requiring the platform to take down regime-critical speech, and so on. Articulating a security reasoning requires distinguishing between these different risks. The more the U.S. government conducts reviews of foreign investment, technology, data, and other issues, the more important articulating a security reasoning becomes to allow public scrutiny of decisions, to convey to companies a belief in greater accountability, and to help minimize the risk that decisions are made politically without substantive national security justifications.

Second, failing to properly distinguish between the risks suggests a failure to conduct a rigorous risk assessment. This is not necessarily to say there is no risk associated with TikTok’s widespread use in the United States, for example, but to say that risk is a matter of likelihood (how likely a scenario is to happen, contingent on factors like an actor’s opportunity, capability, and intent) and severity (how bad it would be if said scenario happened). The likelihood of a foreign government requiring a foreign platform to hand over large data sets could be different from the likelihood of that government requiring that platform to continuously censor content. Breaking out the risks allows for a more granular analysis. It also enables analysts to create, if applicable, a priority order of risk. Perhaps one risk is far more likely than the others, and the response should thus be designed around addressing that outsized risk. In this way, the bill does a better job than Trump’s TikTok order in clearly separating out, in the list of its four prohibition criteria, the risk of government-compelled data access and the risk of government-compelled content manipulation.

Perhaps most importantly, part of distinguishing between risks in policy is linking specific mitigation actions to specific risks at hand, and this is one place where the bill could be greatly improved. If the proposed policy solutions are not calibrated to the risks, they may not achieve the desired results. Take the example of a complete ban on TikTok in the United States (temporarily setting aside speech and other concerns). That action would not impact every possible security risk in the same way. There is no other major, Chinese-based social media platform in the U.S. with TikTok’s reach. If a ban was instituted, that would certainly change the risk landscape vis-a-vis content censorship, because American citizens would not be able to use TikTok in the United States. Similarly, it would arguably change the risk landscape vis-a-vis TikTok algorithmically promoting Chinese government-favorable content.

However, that same action (a ban) would not meaningfully change the data risk landscape. TikTok does collect volumes of data on its users (much like every other social media platform), but the United States’s incredibly weak data privacy and security regulations mean a vast amount of information on Americans—from political preferences and demographic information to real-time GPS data and data on military personnel—is widely available for purchase on the open market. The Chinese government has many vectors through which it can gather data on Americans, including data brokers, software development kits, real-time bidding networks for online ads, and more—not to mention scraping and hacking data, too. Put simply, banning TikTok won’t protect Americans’ sensitive data. Just because a policy action could work for one risk or set of risks does not mean it works for them all.

Nowhere in the bill does it allow for particular actions to be taken in response to particular risks. The bill proposes what is effectively a template, static response—a complete ban—to a foreign platform in the United States where the platform and its use meet the listed security criteria. This raises the question of whether a one-size-fits-all approach to distinct content moderation, data privacy, and other risks is most appropriate and most sustainable over the long term. One could imagine, for example, a different policy framework that has a spectrum of possible responses to foreign platform security risks, such as a ban in some cases where risk mitigation measures are deemed to be wholly insufficient—and in others, some kind of middle ground that imposes a set of unique content or security requirements on a company.

Conclusion

The Biden administration, to its credit, had begun to move away from the Trump administration’s dysfunctional and legally overturned approach to TikTok. On June 9, 2021, Biden signed Executive Order 14034, entitled Protecting Americans’ Sensitive Data From Foreign Adversaries. The order revoked Executive Orders 13942 (the so-called TikTok ban) and 13943 (the so-called WeChat ban). It also revoked Executive Order 13971, which Trump signed on Jan. 5, 2021, just before leaving office to prohibit U.S. persons from engaging in transactions with Chinese companies Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office, citing concerns they could “permit China to track the locations of Federal employees and contractors” and “build dossiers of personal information” by gathering data that Beijing could access. Importantly, the June 2021 Biden executive order stated explicitly that “the Federal Government should evaluate these threats through rigorous, evidence-based analysis and should address any unacceptable or undue risks consistent with overall national security, foreign policy, and economic objectives, including the preservation and demonstration of America’s core values and fundamental freedoms.”

Simultaneously, CFIUS and other security review bodies appear to be conducting more and more reviews as there are concerns raised as well about national security creep in cross-border investment reviews. CFIUS’s reported conversations with TikTok are another example of how the interagency committee might consider mitigation agreements that allow a particular company to describe how it has addressed security risks, rather than outright forcing companies to undo transactions. Concerns about national security creep are valid and especially important to ask in a democracy. In tandem, the individuals involved in those reviews should have a great interest in transparency, accountability, and targeted risk assessment. After all, a risk framework that says the risk to the United States is the same for every single company in a given country (such as China), for example, does not help to identify the most urgent cases for review—or the places where action is not needed and could unnecessarily consume limited security review resources.

This is why this bill is so significant. Not only does it propose to reattempt the Trump administration’s ban on TikTok, while concerningly skipping around limitations on IEEPA, but it also lays out a set of definitions and criteria that could be applied to other foreign social media platforms in the future. Security concerns about foreign technology companies are clearly not going away, which means it is all the more imperative for legislators and their staff to design substantive, nuanced risk assessment frameworks that help distinguish between real security risks and situations where risks are conflated and responses are not properly tailored.

So in other words, no you don’t have any examples of the feds banning apps. Lol

https://www.google.com/amp/s/www.nytimes.com/2021/01/05/technology/china-app-ban.amp.html

8 apps were banned. I believe Biden came in changed the rules of ban. Also, not sure on the status of each one.

But, yes the us govt has banned apps.

You linked a pay site we can’t read unless we subscribe and give up personal data.

Just Clicking,, I won't have worry about Tik Tok,, I'm not on it or instagram or twitter.. Have no need for that stuff.

I can see how Tik Tok can be addictive.. same with Twitter. But they just don't interest me.

A neat trick that has been around a while:

Go to Google and paste in the title of the article. Click link. Read article.

A lot of sites won't throw the pay wall up if you come directly from Google like that. If they do you can then try it in incognito mode. If that doesn't work then they are just being stupid.

FYI Using a VPN to browse those sites is the safest way but you should know that. Anyways I stay locked down on my devices. DT is about the only social media I use. Meta sites grab so much metadata I just stay away. One of these days murica and the rest of the world will realize they grew out of the infancy of social media and actually use it for love of each other rather than hate for each other.

You are welcome. Glad to help.