Cyber security experts say the US government’s TikTok measures are ‘totally political’
Australian cyber security experts say the United States’ recent decision to ban TikTok on government-issued devices was likely politically motivated.
The White House on Monday gave US federal agencies a 30-day deadline to wipe TikTok from all government devices, due to security concerns over the app’s links to China.
The move puts its federal agencies in line with bans already in place in the White House and the departments of Defence, Homeland Security and State.
Similar measures have also been taken in Canada and the European Union in recent days, with many now questioning whether the Australian government will follow suit.
Treasurer Jim Chalmers said on Wednesday that advice from Australia’s national security agencies “hasn’t changed yet”.
Some cyber security experts argue that the Albanese government should follow suit, while others say the US government’s move was likely political, with insufficient evidence to warrant wider action in Australia.
Price to pay
A cyber security report published in 2022 by Australian company Internet 2.0 says the app carried out “excessive data harvesting”.
It analysed TikTok’s source code on iOS and Android, and found that the app was collecting data about a user’s location, calendar, contacts and device mapping, as well as device information on Android.
Nigel Phair, cyber security professor at Monash University, said data collection depends on what kinds of access and permission users give the app.
But there’s no such thing as “free” when it comes to social media, and there’s always a price for users to pay.
And in most cases, that price is their data.
“The reality is, users are targeted by advertising across all digital apps, all digital platforms that are free,” he said.
“We need to have this conversation that free is not free.”
‘Path of commercialisation’
In 2020, TikTok’s parent company ByteDance decided to move its global headquarters to Singapore – and Professor Phair said this is where the bulk of the data is stored, not China.
“We’ve done a technical analysis and TikTok have confirmed this. We’ve done it with looking at the app – the IP addresses are either Singapore or the US,” he said.
“And that’s where the data is housed.”
In most cases, social media platforms collect this data to use for marketing purposes, to sell targeted advertising to users.
But once data is being sold on, there’s no way of knowing in whose hands users’ data is ending up, said Dr Farhad Farokhi, a senior lecturer in electrical and electronic engineering at the University of Melbourne.
“After your data is being sold or being given to the parent company, who knows what’s happening to it?” he said.
“That’s the difficulty of the digital age. Because your data might be going through a path of commercialisation, doesn’t mean that it’s not going to end up in the government somewhere.”
An over-reaction?
News that the Biden administration would be further restricting TikTok on official devices sparked an instant reaction from China.
A spokesperson for China’s foreign ministry accused the US of over-reacting.
“The US government should respect the principles of market economy and fair competition, stop suppressing the companies and provide an open, fair and non-discriminatory environment for foreign companies in the US,” spokeswoman Mao Ning told reporters on Tuesday.
“How unsure of itself can the world’s top superpower like the US be to fear young people’s favourite app like that?”
Global innovation chair in cyber security at the University of Newcastle, Professor Vijay Varadharajan, argued that the US government’s decision was “a reasonable one”.
“Probably at this stage, this is a reasonable one to do. I think given the current geopolitical situation, I think this is reasonable, yes,” he said.
A sensitive topic
When asked if a similar ban for official government devices in Australia was warranted, Dr Farokhi said it was legitimate, but only in “some cases”.
He said a TikTok ban in sensitive areas, like the Department of Defence, would make sense.
“Dealing with so many sensitive documents or being in sensitive locations or interacting with sensitive individuals, it does make sense to try to restrict the access of any app … and try to restrict and keep the information local,” Dr Farokhi said.
But he questioned whether this would be necessary for lower-level public servants, with two Australian federal government departments implementing TikTok bans just last month.
“I don’t know how much of a difference would it make to lower-level public servants in the Department of Health, some department of social security, having particular kinds of phone or not,” he said.
“I don’t know if it would make a big difference or not, but it does seem as if the implications are more the privacy of the individuals and the people who are around them, rather than social or national security.”
Professor Varadharajan said social media “transactions” like posts or messages helped to build profiles of users.
Although people might not be “people of interest” at the time their messages are sent, they could very well become of interest in the future.
“The question is always whether you’re above the threshold, whether somebody will be interested in your data now, or in the future potentially,” he said.
Data including messages, contacts, personality tests, photographs, videos and calendar appointments paint a comprehensive picture about people, he said, which could be used to predict a person’s movements, or even their decisions.
‘No evidence’
When US President Joe Biden entered the Oval Office, he put an end to Donald Trump’s long push for a nationwide ban on TikTok.
At the time of dropping the ban, Mr Biden said the US government should use an “evidence-based approach” to assess whether the app posed a serious security risk.
It’s unclear if any new evidence has appeared.
Professor Phair said there simply wasn’t enough information to justify a TikTok ban for Australia’s government devices.
“We’ve got no evidence that the Chinese government is collecting personal data from people,” he said.
Professor Phair said there had been a fair bit of “fear mongering” about TikTok, but with very little peer-reviewed evidence to back it up.
Although he expected that Australia’s security agencies are assessing whether a ban is necessary, he said he’d like the findings to be made public.
“So that they can say to people: ‘We’re making this this decision, this public policy decision, based on this evidence’. I think that’s what people want to see.”
Australia next?
Professor Phair said the US government’s ban was “totally political”, with a “lot of politics and anti-Chinese sentiment” likely tied up in the decision.
Dr Farokhi said the technical aspects around these sorts of decisions can sometimes be “so vague”, leading to those in power to make a decision that was “politically relevant”.
Although it’s unknown whether Australia will follow suit, if we do, it could be politically motivated – given our military alliance with the US.
“There might be restrictions from the US side,” Dr Farokhi said, “in terms of the kind of software and applications that we can use when interacting with them, with the US.”