The UK government has announced plans to ban ministers and civil servants from using TikTok on work devices.
It follows concern regarding the data privacy practices of the Chinese-owned app, with the European Parliament making a similar ruling last week.
The problems stem from TikTok’s ties to the Chinese government and the ways that people’s personal data could be used for nefarious purposes.
Its critics claim that the platform hands information to China’s Ministry of State Security in order to track the locations of foreign government employees, build dossiers for blackmail and conduct corporate espionage.
Such rumours have been circulating for years, with the US government attempting to ban the app on those grounds in 2020. Although they might have seem far-fetched at the time, mounting evidence suggests otherwise.
Although the UK government has not yet made an official comment on the matter, the NCSC (National Cyber Security Centre) has conducted a thorough investigation and Cabinet Office Minister Oliver Dowden is expected to make a statement to MPs later today.
Are these rumours founded?
TikTok has repeatedly denied allegations that it abuses users’ personal information, saying that bans are based on “misplaced fears and seemingly driven by wider geopolitics”.
It added it would be “disappointed by such a move” in the UK, while in response to the EU ban said that it is “readily available to meet with officials to set the record straight about our ownership structure and our commitment to privacy and data security.
“We share a common goal with governments that are concerned about user privacy, but these bans are misguided and do nothing to further privacy or security.”
However, it’s not just China’s main political rivals in the West that have banned the app. Canada, Belgium and India have all taken similar action.
The decision appears to stem from a Chinese intelligence law that requires organisations to help the Communist Party when requested. Even if TikTok itself is committed to data privacy, this policy overrides its core principles, such as accountability and transparency.
Meanwhile, this requirement is fundamentally at odds with the protections outlined in the GDPR (General Data Protection Regulation), which protects EU and UK residents’ data regardless of the location of the data controller.
What effect will this have?
You might be wondering why any of this matters. The proposed UK ban will apply only to work devices of ministers and ministerial employees – and why on earth would they need TikTok on a work device?
The app is used for short-form videos and is most commonly associated with recreational activities such as singing, dancing, lip-synching and comedy sketches. A quarter of its users are under 20 years old, and half are under 30.
It’s hardly an essential app for government officials and civil servants, and it has no business being on a work device.
However, like Twitter and other social media apps before it, TikTok is increasingly evolving beyond its initial niche audiences and into a broader entertainment platform. An Ofcom study published last year found that TikTok is the fastest-growing news source for UK adults.
“Teenagers today are increasingly unlikely to pick up a newspaper or tune into TV News, instead preferring to keep up-to-date by scrolling through their social feeds,” said Yih-Choung Teh, Ofcom’s group director for strategy and research.
“And while youngsters find news on social media to be less reliable, they rate these services more highly for serving up a range of opinions on the day’s topical stories.”
Among those range of opinions might well be Chinese-sponsored propaganda. Last year, the US political journal The Hill described TikTok as “China’s Trojan Horse”, with the app being used to spread disinformation while censoring content that was critical of the government.
Elsewhere, there have been confirmed reports that TikTok’s parent company, ByteDance, used the app in a bid to track several Western journalists and discover their sources.
So shouldn’t we all delete TikTok?
The data privacy concerns that the likes of the NCSC, US government and EU found with TikTok are by no means exclusive to the government sector. Anyone who uses the app will face these risks, whether they are doing so on a government device or any work device, which suggests that we need a blanket ban.
Indeed, in the European Parliament’s announcement that it was prohibiting TikTok from corporate devices, it “strongly recommended” that staff remove the app from their personal devices too.
It’s a sentiment shared by the chair of Britain’s foreign affairs committee, Alicia Kearns, who said that “we are being naïve” about the threat posed by TikTok.
“It is not worth having that vulnerability on your phone,” she told Sky News in an interview last month. “It is the ultimate data source for anyone with hostile efforts.”
Asked whether she thought people who use the app should delete it, she said: “Without question.”
TikTok has written to Kearns on a number of occasions to dispute her claims, but pressure appears to be mounting on the social media app.
The UK’s ban is a relatively minor step compared to the bigger picture; it’s the fifth government to implement such a measure, while the European Parliament has issued sanctions across the bloc. Meanwhile, the White House recently introduced the proposed US RESTRICT Act, which will ban technology and platforms such as TikTok if they are found to pose a national security threat.
The legislation has clearly alarmed TikTok, which lost no time in launching Project Clover last week, a security programme designed to create what it calls “a secure enclave for European TikTok user data”. Project Texas, meanwhile, aims to do the same for the US.
According to TikTok, Project Clover “will introduce a number of new measures to strengthen existing protections and further align our overall approach to data governance with the principle of European data sovereignty”.
This process, it says, “will be overseen and checked by a third-party European security company who will audit our data controls and protections, monitor data flows, provide independent verification and report any incident”.
The post TikTok Banned on UK Government Devices appeared first on IT Governance UK Blog.
