In March, the CEO of TikTok will testify before Congress

Do You Know What I Know About Russian War and Why I’m Interested in Using Facebook, Google, Twitter, and TikTok?

Forbes’ article says that TikTok and ByteDance didn’t answer questions about whether the internal audit team had ever targeted US politicians, activists, public figures, or journalists, and compared the alleged plan to Uber’s “greyball” program that targeted specific users, in some cases serving regulators a misleading version of the app.

The move to ban the app has only grown more powerful, following news that employees of ByteDance have access to the data of US users over the last few years.

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. The conflict is entering an ominous phase of drone warfare. Russia is beginning to launch attacks using Iranian “suicide drones” in an effort to cause much greater damage that is hard to defend against. With Russian president Vladimir Putin escalating his rhetoric about the potential for a nuclear strike, and NATO officials watching closely for any signs of movement, we examine what indicators are available to the global community in assessing whether Russia is actually preparing to use nuclear weapons.

It has been reported that the platform isn’t getting the development resources it needs anymore and customers should seriously consider moving to cloud email hosting. And new research examines how Wikipedia’s custodians ferret out state-sponsored disinformation campaigns in the crowdsourced encyclopedia’s entries.

If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.

What Happened after Microsoft Comes Out of the Lyman-Alpha Cloud? Tikitok-Bitterance Americas Data Security Roundup”

But wait, there’s more! We highlight the news that didn’t stick out to us. Click on the headline to view the full story. And stay safe out there.

Microsoft said a mistake exposed the data of some prospective customers. Researchers from the threat intelligence firm disclosed the leak on September 24 and the company swiftly closed it. The exposed information spanned as far as the summer of 2017 and August of this year according to the report. More than 65,000 organizations from over 100 countries were linked to the data. The exposed details included names, phone numbers, email addresses, and files that were sent from potential customers to Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.


Security Labels for Internet-connected Devices: The United States as a Security Energy Star for the Internet of Things (Second Edition)

There are no easy answers to improve the longstanding security dumpster fire created by cheap, undefended internet of things devices in homes and businesses around the world. Adding security labels to internet- connected video cameras, printers, toothbrushes, and more has been done in Germany and Singapore after years of problems. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. This week, the United States took a small step towards this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration held a summit with companies and industry organizations to discuss standards for labels. The National Security Council believes that a program to secure devices would give consumers peace of mind that the technology they are buying is safe.

Sources told The Washington Post this week that sensitive information related to Iran‘s nuclear program and the United States’ own intelligence operations in China were included in documents seized by the FBI this summer at former President Trump‘s Mar-a-Lago estate in Florida. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. The Post wrote that people helping US intelligence efforts could be at risk. The information could also potentially motivate retaliation by other countries against the US.

A candidate from the United States won the election to run the International Telecommunications Union, an important international standards body tasked with cross-border communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.

Studies show that the legal climate in the US for abortion access is fostering a culture in which people are encouraged to keep a close eye on one another. Soccer stadiums around the world are being monitored more and more. The eight stadiums in use during the 2022 World Cup in Qatar, for example, will be packed with more than 15,000 cameras to monitor spectators and to conduct biometric scanning.

Rust, the Tech Revolution, and the State of the Art: How To Identify the Vulnerabilities The Future Is Now

Rust has made inroads in the tech industry, offering a hope that a large swath of common vulnerabilities could be mitigated. We have a list of the most important vulnerabilities that you can patch right now.

Liz Truss is having a rough time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. The Russian operatives were able to intercept messages between Truss and other people in other countries. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. Labor Party officials are calling for an immediate investigation into their Conservative opponents. “There are important national security issues raised by this attack and which will be taken seriously by our intelligence and security agencies,” Labour Party shadow home secretary Yvette Cooper said last weekend. There are serious security questions that must be thoroughly investigated in regards to why and how the information was leaked.


How Jack Dorsey’s Cash App is helping fuel sex traffickers: A White House summit condemns “ransomware”

Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes report, the Cash App is helping fuel sex traffickers in the US and other countries. The investigation was based on police records, claims by former employees of Cash App, and hundreds of court filings. The company, which is owned by block inc., insists it does not tolerate illegal activity on the Cash App and has staff devoted to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”

The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. A White House summit was being held to try to fight the rise of a type of malicious software, known as “ransomware,” that can be used to hold a target’s files for a specified amount of time. Himamauli Das, acting director of the Treasury Department’s Financial Crimes Enforcement Network, said in a statement that “ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security. The $1.2 billion in payments is painful enough, but they don’t take into account costs and other consequences that come with a ransomware attack outside of the payment itself.

South Dakota Gov. Noem, Texas Gov. Abbott, Alabama Gov. Kay Ivey, and others have all banned TikTok.

The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.

Alabama governor Kay Ivey banned the TikTok app on Monday because she didn’t believe it would help protect the privacy of Alabamians. “That’s why I have banned the use of the TikTok app on our state devices and network.”

One reason the discussions have lagged is a split in the White House. Some senior national security officials are pushing for an agreement that forces TikTok to fully separate from its Beijing parent company ByteDance. Yet others say the new safeguards TikTok is implementing are enough to ameliorate most concerns about Chinese influence.

“We will continue to brief members of Congress on the plans that have been developed under the oversight of our country’s top national security agencies—plans that we are well underway in implementing—to further secure our platform in the United States,” McQuaide added.

How Does the TikTok App Change Pop Culture? The Story of Twitter, Facebook, Google, YouTube, Snapchat, and Other Popular Apps

A version of this article first appeared in the “Reliable Sources” newsletter. Sign up for the daily digest chronicling the evolving media landscape here.

But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users’ devices.

There are exceptions for “law enforcement activities, national security interests and activities, and security researchers.”

TikTok is used by more than 100 million monthly active users in the US alone, making it an important part of the internet culture, but security concerns have made the app difficult to use.

The administration appears to have two different approaches to TikTok, its embrace of the app as an important conduit for the public, and it’s fear of the app as a potential tool of foreign influence. Seemingly overnight, TikTok has managed to remake American culture both low and high, from media and music to memes and celebrity, in its own image. TikTok turned Olivia Rodrigo into a household name and propelled the author Colleen Hoover to the top of the best-seller list, with more copies sold this year than the Bible. There is a new dialect of algospeak called “seggs,” which is being spread across pop culture. Corporations and brands have re-routed billions of dollars of advertising to the platform in order to reach more people, which has the power to turn even a decades-old product into a must-have item. Last year, TikTok had more site visits than Google, and more watch minutes in the United States than YouTube. Facebook took almost nine years to reach one billion users; TikTok did it in five.

The Data Security of TikTok: Are We Overblown? Drifting Through Walls and Mirrors with Facebook, Twitter, and Twitter

National security experts say that if information is ever sought, businesses in China usually have to give unfettered access to the authoritarian regime.

Most drastic measures have not advanced since the efforts lacked political will or courts interceded to stop them.

Yet the panic about TikTok is overblown. Policies and discourse about TikTok in politics are nothing more than a modern-day Red Scare, though there are some data concerns. American politicians seem keen to point fingers at China for a lack of data security without holding a mirror up to themselves, as they keep allowing Big Tech lobbyists to quash any meaningful attempts at federal social media regulation. Without a federal ban on TikTok throughout the United States (which remains staunchly unlikely), it is impossible to put the app back in the proverbial Pandora’s box. It is better to teach good media citizens in college classrooms than it is to ban TikTok.

There is no easy way to determine the extent to which ByteDance maintains operations in the US, said Sameer Patil, a professor of privacy online at the University of Utah.

“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.

TikTok, Oberwetter said, has faith in the CFIUS process, which is centered on making sure the video app does not become manipulated by the influence of the Chinese government.

It is possible the committee is satisfied with the actions TikTok has taken to prevent Chinese government spies from hacking into user data.

CFIUS deliberations are famously secretive and happen behind closed doors. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.

A National Security Measure to Protect China from The ByteDance App: A U.S. Policy Against the Beijing-Controlled TikTok App

Nebraska has had a ban in place since 2020, which covers all state devices. So has the Florida Department of Financial Services. Louisiana and West Virginia each announced partial bans.

In fact, China’s 2017 National Intelligence Law requires Chinese companies to furnish any customer information relevant to China’s national security. TikTok collects a lot of user information, compared to other popular social media apps. ByteDance has never turned over this information to the Chinese government. ByteDance admitted that it had fired some employees for snooping on Americans and journalists in a December episode that showed the possibility of future government interference.

“There is a better way to spend time with a company than by pointless negotiations,” he said. “It is time to ban Beijing-controlled TikTok for good.”

“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. “But that’s also the case of the weather app and many other applications that are not owned by China and are still in your phone.”

A ban of TikTok throughout the United States, if it could actually be enacted, would immediately solve our national security concerns about the wildly popular Chinese-owned video app. A ban might put our national security at greater risk. It would sidestep a bigger problem, as our nation hasn’t addressed concerns over the huge amount of personal data collected in our digital lives, especially when that data could be used by foreign adversaries.

“If Chinese intelligence wanted to get information on some state employees in the United States, it wouldn’t have to go through TikTok.”

“It’s always easy – and this happens across the world – to say that a foreign government is a threat, and ‘I’m protecting you from that foreign government,’ he says. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”

Do Big Tech Companies Know US Citizens Have a Phone? The Case of TikTok, the Wall Street Journal, and the U.S. Senate

Brooke Oberwetter, a spokeswoman for TikTok, said to The Wall Street Journal that the move was a political signal rather than a practical solution for security concerns, and claimed that the ban would have minimal impact because very few House-managed phones have TikTok installed.

He reckons that the consequences of having so many commercial surveillance taking place of US citizens are right in the United States. “And we should do something to address it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something that, for example, the Federal Trade Commission seems very interested in doing.”

Tech giants have frequently sent their executives to Capitol Hill, who have made arguments citing the threat of Chinese competition. They rely upon trade associations and advertising campaigns to make the case for their business against some of the legislative threats they face.

The stark difference between the two shows how simple narratives, well-funded lobbying and genuinely tricky policy questions can make or break a bill. It also hints at how a select few Big Tech companies continue to maintain their dominance in the market and their centrality in the lives of countless US households.

A TikTok official said under its new server reorganization as part of Project Texas, China-based employees would never have this kind of access to American accounts.

“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.

The Rise of Tech Platforms: The AICOA Dispatch and the Challenges of Replying to Wall Street Walls and Opposing to Parliament

In 2019, ByteDance had 17 lobbyists and spent $270,000 on lobbying, according to public records gathered by the transparency group OpenSecrets. By the end of last year, its lobbyist count had more than doubled and the company had spent nearly $5.2 million on lobbying.

The internet industry spent more than 20 million dollars on lobbying last year. Amazon was at $19 million and then Google was close to $10 million. Combined, that’s roughly $49 million in lobbying — almost 10 times what was spent by TikTok’s parent, which nevertheless clocked in at number four on the list.

One of those bills, the American Innovation and Choice Online Act (AICOA), would erect new barriers between tech platforms’ various lines of business, preventing Amazon, for example, from being able to compete with third-party sellers on its own marketplace. That legislation was a product of a 16-month House antitrust investigation into the tech industry that concluded, in 2020, that many of the biggest tech companies were effectively monopolies.

For a brief moment this month, lawmakers seemed poised to pass a bill that could force Meta, Google and other platforms to pay news organizations a larger share of ad revenues. The legislation went nowhere after Meta warned that it could need to remove news content from its platforms if the bill passed.

Silicon Valley’s biggest players have maneuvered masterfully in Washington, defending their turf from lawmakers who want to knock them down.

By contrast, decisions about the rules government might impose on tech platforms have called into question how those regulations may affect different parts of the economy, from small businesses to individual users to the future of the internet itself.

In some cases, as with proposals to revise the tech industry’s decades-old content moderation liability shield, Section 230 of the Communications Decency Act, legislation may raise First Amendment issues as well as partisan divisions. Democrats have said Section 230 should be changed because it gives social media companies a pass to leave some hate speech and offensive content unaddressed, while Republicans have called for changes to the law so that platforms can be pressured to remove less content.

Complying with the technical challenges of regulating an entire sector of technology combined with the cross-cutting politics of the time have made it difficult for lawmakers to reach an accord.

State and Local Laws Induced by Twitter Social Media Research in the 21st Century: Why Universities Can’t Trust a Social Media App

“It’s really important to establishing a Republican brand. It is a central principle of what unified Republicans today is taking a strong stance toward China and standing up to them.

Social media research and teaching have become staples in academia and higher education curriculums. The app has fundamentally changed the way modern communication is done.

From an educational standpoint, how are media and communications professors supposed to train students to be savvy content creators and consumers if we can’t teach a pillar of the modern media landscape? While students can certainly still access TikTok within the privacy of their own homes, professors can no longer put TikToks into PowerPoint slides or show TikTok links via classroom web browser. Brands, companies, and novel forms of storytelling all rely on TikTok, and professors will no longer be able to train their students in best practices for these purposes. Students can see the things they are learning in real time if they use TikTok.

The world keeps turning, as the states that implemented their bans leave their citizens in a fast-paced media world. Additionally, media and communications students in the states will be at a disadvantage in applying for jobs, showcasing communicative and technical mastery, and brand and storytelling skills, as their peers from other states will be able to receive education and training.

Professors need to do research as well. Social media scholars in these states quite literally cannot do what they have been hired to do and be experts in if these bans persist. While university compliance offices have said the bans may only be on campus Wi-Fi and mobile data is still allowed, who will foot that bill for one to pay for a more expensive data plan on their phone? The answer is no one. While at home, professors can still work, but they must be on campus regularly to prove they are actually working. This means any social media professor attempting to research TikTok on campus will have to rely on video streaming via mobile data, which can be quite expensive, either through having to individually pay for unlimited data, or accidentally going over one’s limits.

The CEO of TikTok, which is a popular video app in the US, is expected to appear before Congress in March to answer questions about user safety and security.

Warner, the chair of the Senate Intelligence Committee, was considering a bill that would ban applications that pose security risks, according to a report.

The app, owned by ByteDance, Inc., has been under fire since the Trump administration, when the former president signed an executive order to enforce a nationwide ban of the app, but ByteDance sued and it never went through.

In a letter addressed to the companies’ chief executives Thursday, Sen. Michael Bennet demanded that they remove TikTok from their app stores.

In a rare public interview at last year’s New York Times DealBook summit, TikTok CEO Shou Zi Chew described “Project Texas,” the company’s plan to move all data from Virginia and Singapore to US-based Oracle servers overseen by a new subsidiary known as TikTok US Data Security Inc.

Affirmative, Brooke Oberwetter welcomed the opportunity to set the record straight. TikTok plans to discuss its comprehensive plans to protect US user safety during the hearing, according to Oberwetter.

Getting Apple to the Front of the Puzzle: The Trump-Apple Charm Offensive in the Context of the Indian-China Discrimination

Apple has much to lose in regards to its relationship with both the US and China. Cook has been able to maintain working relationships with the Chinese government and manufacturers which contributed to his success at Apple.

Washington is expected to take action. Mira Ricardel, a former White House deputy national security adviser now at the Chertoff Group, said that there will be limitations this year. There is a collective view that will allow for something to be done. Here is what that something may look like.

India’s TikTok blockade is permeable. NetBlocks says that there is a few small ISPs that allow access. And Ram Sundara Raman, lead developer for the University of Michigan’s Censored Planet project, says he was able to watch videos during a visit to India using the app he had downloaded in the US. The ban has forced many Indian users to migrate to other services, including from Facebook and Google, making it difficult for businesses built on TikTok.

Trump’s order would have immediately prohibited app stores from distributing TikTok, and nearly two months later would have barred cloud providers and internet infrastructure services from doing business with the company. People or companies caught dodging the order could have faced fines or prison sentences. “We wanted to start at the root, where it comes into the US, and extract it that way,” says Ivan Kanapathy, who was China director for Trump’s National Security Council and is now vice president at policy consultancy Beacon Global Strategies.

The company recently launched a full-fledged charm offensive that has included rapid-fire meetings in Washington with TikTok CEO Shou Zi Chew, new transparency tools on the app and a first-ever tour to members of the media of its corporate campus in the Los Angeles area.

“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.

There is a lot of resentment toward social media and it’s easier to take it out on a Chinese-owned company than it is a US company.

According to officials of TikTok, the traffic from the US is routed through Oracle’s server and that engineers will be able to look at all of the TikTok’s source code. In addition, a third party monitor will inspect TikTok’s data and algorithm in case Oracle misses anything.

USDS is expected to hire 2,500 people who have undergone high-level background checks similar to those used by the U.S. government, TikTok officials said on Tuesday. None of those hired would be Chinese nationals.

Still, aggregate data, like what kind of content is trending on the app or in what regions certain kind of videos are popular, can be analyzed by corporate employees in Beijing who would need to be granted special permission from the U.S. data security team.

The Project Texas Security Plan: Opening the TikTok Center, Dublin, Singapore and Asymptotic Locations for Journalism and Civil Society

The plan addresses many of the major security concerns U.S. officials have, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies, but that is no guarantee it will be approved.

Lewis said that the Oracle plan would work. “This kind of thing is pretty standard. It’s become so emotional that a reasonable solution may not be enough.

The company welcomes the opportunity to show the truth about ByteDance and TikTok.

Assuming the deal passes muster, though, Segal agreed that it resolves the bulk of the data security concerns by allowing inspections of its algorithm and transferring U.S. user data to Oracle.

Many details about Project Texas have trickled out in the Wall Street Journal, the New York Times and Reuters, but Tuesday’s gathering marked one of the first times the company has given an official briefing on the plan.

In order to give a peek at how the secretive app operates, TikTok will be opening centers in Dublin and Singapore, as well as giving tours to journalists and civil society groups.

The people were put in the position of a TikTok content moderator, where they decided if a video violated the rules or not.

The facilities will also feature server rooms where visitors who sign non-disclosure agreements can review TikTok’s entire source code, though journalists are not given an opportunity to do this.

Video Trade-offs and Content Modulation in Congress: Actions for a More Deliberative and More Innovative Congress, with a Special Report from TikTok

Tech journalist Casey Newton of the newsletter Platformer said the content moderation game brought home just how tricky it is for the thousands of people who have to make trade-offs every day on an endless flood of videos, but it was largely beside the point.

By sharing details of our comprehensive plans with the full Committee, Congress can take a more deliberative approach to issues at hand, the TikTok spokesman said.

Previous post Everything to know about this year’s Super Bowl
Next post The M&Ms Super Bowl commercial was about how ads have changed over the years