We’re sure you’ve heard the news: recently, Buzzfeed reported that TikTok is able to share the personal information of U.S users to the Chinese government. Soon after, a representative for the app confirmed that this is true for Australian users, too. The media, governments and tech types had a very concerned response to the revelation… So, forgive us for asking the obvious but isn’t it the norm to assume all social media and tech companies have access to our data as soon as we sign up? Why is it any different (read: more serious) if TikTok does this too?
If you had the same question – we got you. Here’s a breakdown of what’s happened, why experts are alarmed, and whether or not you personally need to worry about how TikTok is using your data.
What are the TikTok privacy revelations?
According to the Buzzfeed report, China-based employees of ByteDance have repeatedly accessed non-public data about U.S. TikTok users. This is despite sworn testimony from a TikTok executive in an October 2021 Senate hearing which stated only a “world-renowned, US-based security team” decides who gets access to this data.
According to leaked audio from more than 80 internal TikTok meetings, engineers in China had been able to access U.S. user data between September 2021 and January 2022 without the U.S government’s knowledge.
Basically, China promised that it wouldn’t look at private user data – but it totally did anyway.
In response, TikTok spokesperson Maureen Shanahan responded with a brief statement: “We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.” ByteDance did not provide additional comments.
“Everything is seen in China.”
— BuzzFeed News (@BuzzFeedNews) June 18, 2022
US TikTok users’ data has been repeatedly accessed from China, leaked audio from internal meetings reveal https://t.co/jwNZdVz2MQ
Are these concerns different to any other app?
At this point, we basically expect that not only do apps have access to our personal data, but they can use it basically however they want. For example, Meta has continuously come under fire for lack of transparency when it comes to data storage and usage issues. But according to the experts, TikTok is going even further than expected – and that’s what making everyone nervous.
Cybersecurity expert Luke Elin explains that the type of data TikTok attempts to access on your phone is a particular concern. “What alarmed me about that particular report was that TikTok’s behavior changes when people try to scrutinize it,” said Elin. He said TikTok takes “unusual steps” to see what apps are installed on a person’s device.
If you download a game on your computer, in most cases it would be unusual and unnecessary for the game to check if you’ve also got an antivirus programme running or have Adobe – it doesn’t need that data to function. However, when it comes to TikTok some experts suggest the app is changing how it operates, based on what other apps it can detect on your phone. That’s sus. “They’re trying to make the job more difficult for cybersecurity researchers to scrutinize what’s going on,” Elin says. “So it might normally be trying to send data from the person’s phone to a data center. If it thinks that I’m scrutinizing its behaviour, that seems to stop.”
The crux of the matter is this: TikTok is asking too much permission for an app that simply plays videos. “It seems absurd that it wants to know your location all the time, and precisely. It wants to know the contacts in your phone, precisely. It wants to be able to see the unique identifiers of your phone, precisely. In the context of a security app or a banking app this might be appropriate. But for an app that really is an entertainment, video-based app… That’s unusual,” Elin says.
The China of it all
There’s an elephant in the room with us too, though. Elin rightly points out that these problems with overreaching permissions is not symptomatic of the clock app itself. “It would be unfair to label TikTok as the only bad app out there collecting data. But the reason why there’s a lot of alarm about TikTok is the foreign ownership.”
As we’ve written about elsewhere, the U.S. and Australia’s relationships with the Chinese government are tense and suspicious. The U.S. seems to no longer perceive China as a potential partner but as a strategic enemy, so the focus on Chinese-owned ByteDance/TikTok over the other (mostly U.S.-owned) digital platforms makes sense.
The concern is mostly two-fold:
- That data was shared in secret, despite promises that would not happen, and;
- That we do not know what the data is being collected or used for.
Elena Collinson, co-author of The Australia-China Relationship: What Australians Think, points out that concerns over the lack of transparency are valid because of how China has used personal data in the past. “The unknown of what precisely TikTok’s vast stores of data could be used for by China’s intelligence apparatus provokes particular anxiety – as it has been active in efforts to repress Uyghurs abroad, monitor and report on the Chinese diaspora, cultivate targets and undermine political opponents.”
As a Chinese-owned company, ByteDance falls under China’s far-reaching national security legislation. “Article 7 of China’s National Intelligence Law stipulates that organisations and citizens in China can be compelled to support national intelligence work, and maintain the secrecy of any such work they become a part of,” Collinson says.
Kinda think any time TikTok re China government access to user data comes up we should also mention the times Australia, UK, US governments etc accessed the data. https://t.co/Vv1lvWxXkU pic.twitter.com/1ZYYlnaMOS
— Josh Taylor (@joshgnosis) July 14, 2022
Don’t all governments collect data, though?
Let’s not kid ourselves though: all governments, including the Australian government, engage in extensive data collection on its own citizens and those in other countries.
One major difference is the use intention – private companies want our data to maximise their revenue and profits; governments want to do things like decide how to allocate resources, model public health responses, protect citizens from fraud… At least, that’s what they are transparent about. The other major difference: “One is voluntary, and the other is not. I don’t have to use TikTok, I don’t have to use Facebook or YouTube, or choose to if I want to,” Elin says.
Both governments and private companies face similar issues when it comes to protecting the data they collect – and that’s another reason to be concerned. Recently, the Shanghai Police Department had the biggest data breach in Chinese history. “I’m not saying the Chinese government is bad, but their ability to protect this data is no better or worse than their own police department. All governments have this issue. And all governments are starting to realize the importance and the value of information and their data and protecting it.”
So, should you be worried about your TikTok account?
Again, experts are concerned because TikTok has been caught sharing data it promised not to, for reasons that are currently unclear.
TikTok had already been banned from Australian Defence Force devices due to security concerns in 2020, and while Scott Morrison said a total ban was not necessary at the time, he stressed “people should know that the line connects right back to China”. On an individual level, it’s totally up to you whether you are comfortable with your personal data being shared with the Chinese government – just as with any app, it’s your call. But you should probably assume that it’s collecting more data than you think.
The Australian government has to make the same decision, but at the broader population level. Banning the app would significantly damage the already rocky relationship these governments have with China. “We’re at this inflection point,” Samm Sacks, an expert in China and cybersecurity at the think tank New America told The Atlantic. “Can we maintain the openness that has been one of our greatest strengths but protect ourselves with technology in everything? Right now the rules are being written in real time.”
Comments are closed.