Investigation of the TikTok Cyber-Spam Investigation by the ByteDance Investigation of a US Customer Relationship with a Violation of the Privacy Principle
TikTok is being accused of posing a national security risk. US officials have worried that the Chinese government could pressure TikTok or its parent company, ByteDance, into handing over the personal information of its US users, which could then be used for Chinese intelligence operations or the spreading of Chinese-backed disinformation.
The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” Forbes says its report was based on materials it reviewed but did not include details about who was potentially going to be tracked or why ByteDance was planning on tracking them, claiming that doing so may put its sources at risk.
As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. The conflict is going into a phase of drone warfare. Russia has begun using Iranian “suicide drones” to destroy things that are hard to defend against. With NATO watching closely for any signs of movement, we look at what indicators are available to the global community to assess whether or not Russian is preparing to use nuclear weapons.
Why you should ditch your passwords and set up a password key: A guide to ditching passwords on Android, Google Chrome, and the vice society
Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. New research shows howWikipedia’s custodians ferret out state-sponsored misinformation campaigns in the entries.
Middle-of- the-pack groups such as the Vice Society maximize profits and minimize their exposure by investing a small amount of technical innovation, according to researchers this week. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.
There is more to come. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headline to read the full story. And stay safe out there.
The American Cloud Data Security Roundup: Security Labeling Plans for IoT Devices in Light of Microsoft’s IoT Misconfiguration”
Microsoft said this week that a misconfiguration exposed some of its prospective customers’ data. The company quickly closed the exposure after researchers at the threat intelligence firm revealed the leak to Microsoft. According to the report, the exposed information spanned as far as June of last year, and August of this year. The researchers linked the data to more than 68,000 organizations. The files sent between potential customers and one of Microsoft’s authorized partners included company names, email addresses, phone numbers, and more. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.
There are no easy solutions to improve the longstanding security dumpster fire created by the internet of things in homes and businesses around the world. After several years of problems, Singapore and Germany have found that security labels are added to internet-enabled video cameras, printers, and more. The gold seal gives manufacturers an incentive to improve their practices and consumers a better understanding of the protections built into different devices. This week, the United States took a step in this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.
A Roundup of Cyber-Possibilities in the U.S., China, and other Emerging Threats from the ITU/CFT Collaboration
The Washington Post reported this week that some of the information seized by the FBI, which pertained to Iran’s nuclear program, as well as the US’s own intelligence operations in China, were found in documents at the Mar-a-Lago estate. It is said that unauthorized disclosures of sensitive information in the documents pose multiple risks. People aiding US intelligence efforts could potentially be at risk, according to the Post. Other countries may retaliate against the US if they are aware of the information.
The election to run the International Telecommunications Union, an important international standards body tasked with cross-border communications, was won by an American candidate last month. We looked at the fragility of the internet infrastructure as well as the vulnerability of important cables.
The US has a new legal climate for abortion that is promoting a culture of community surveillance, a hallmark of authoritarian states, according to researchers. The soccer stadiums in the world are being monitored more than ever. During the World Cup in 2022, there will be eight stadiums and more than 15000 cameras used to monitor spectators and conduct biometric scanning.
The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.
Liz is having a hard time defending herself against a phone hacking attack on her: Investigation of the Cash App, a fueling scam in the US and elsewhere
Liz is having a hard time. The Mail on Sunday reported that agents for Russia had hacked her cell phone when she was foreign minister. The Russian operatives were able to eavesdrop on Truss and other officials in other countries. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. The Labor Party is calling for an immediate investigation into their Conservative opponents. There are significant national security issues raised by an attack like this, which will be taken very seriously by our intelligence and security agencies,” she said last weekend. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”
Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. The investigation found rampant use of the Cash app in sex trafficking and other crimes, according to police records and claims by former Cash App employees. The company was owned by Block Inc., and is dedicated to working with law enforcement. Forbes says that Block hasn’t provided any tips, despite the fact that rival payment platforms give tips to the National Center for missing and Exploited Children.
The US Treasury Department says US financial institutions have been facilitating over one billion dollars in payments for the last two years. The White House hosted an international summit to fight the rise of Ransomware which allows attackers to hold files for ransom until the victims pays. The acting director of the Treasury Department’s Financial Crimes Enforcement Network said in a statement that it remains a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.
New U.S. Rules on Social Media Using TikTok: A Reply to the Correspondence between the Senate and the House of Representatives
Republican governors, including South Dakota Gov. Noem, Texas Gov. Greg Abbott and Alabama Gov. Kay Ivey, have begun prohibiting the use of TikTok on government devices.
China, Russia, Iran, North Korea and Cuba are considered to be foreign adversaries under the proposed legislation, which would block all transactions in the United States by social media companies with more than one million monthly users.
Unless you’re a federal government employee that uses a work phone to check out the TikTok app. The White House, the Pentagon, Department of Homeland Security, and the State Department already ban staff from using their government-issued devices for TikTok. More than a dozen states have passed similar TikTok bans for devices issued by state governments.
TikTok and CFIUS have yet to strike a deal to keep the app operational in the US. According to The Wall Street Journal last month, talks between the two parties had stopped, postponing any expected deal.
Oberwetter said the agreement will meaningfully address any security concerns raised at the federal and state level. These plans have been created under the oversight of our country’s top national security agencies, and we will brief lawmakers on them.
U.S. Sensitive Device Controlled by TikTok: The Rise of Cybersecurity in the Era of the Cold War
This article first appeared in theReliable Sources newsletter. Sign up for the daily digest chronicling the evolving media landscape here.
But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray made headlines when he told lawmakers that the app could be used to control users’ devices.
The Senate-passed bill would provide exceptions for “law enforcement activities, national security interests and activities, and security researchers.”
TikTok is the most popular app among active users in the U.S. and has been for a while, but concerns over data security have kept it off the App Store.
The White House hosted a teleconference for TikTok creators after Russia invaded Ukraine. Jen Psaki, then the White House press secretary, and members of the National Security Council staff briefed the creators, who together had tens of millions of followers, on the latest news from the conflict and the White House’s goals and priorities. The meeting followed a similar effort the previous summer, in which the White House recruited dozens of TikTokers to help encourage young people to get vaccinated against Covid.
National security experts say that China-based businesses usually have to give unfettered access to the authoritarian regime if information is ever sought.
The ban on federal government devices is an incremental restriction and has not changed much because the efforts lacked the political will or courts were able to stop them.
What Do We Know About The Social Media App TikTok and How Does It Impact the United States? A Discussion with McAuley and Patil
“I think some concern about TikTok is warranted,” said Julian McAuley, a professor of computer science at the University of California San Diego, who noted that the main difference between TikTok and other social media apps is that TikTok is much more driven by user-specific recommendations.
“While ByteDance claims that it maintains its operations in the United States separately, there is no easy way to determine the extent to which that claim is true,” said Sameer Patil, a professor at the University of Utah who studies user privacy online.
Social media companies harvest all kinds of data about users, but it’s usually overblown to what extent the companies know about individual users.
The committee could set a wider TikTok ban in motion, or it can force the app to be sold to an American company, something the Chinese government will likely forcefully oppose, as it did when such a sale was floated during the Trump years.
Another possible resolution is that the committee is satisfied with the steps TikTok has taken to ensure there is a firewall between U.S. user data and ByteDance employees in Beijing and the Chinese government.
Behind closed doors, CFIUS deliberations happen. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.
Canada announced it would also be banning the app on government devices beginning as soon as Tuesday, and the European Commission last week issued its own prohibition on the app on official devices, citing cybersecurity concerns.
This is in part because Byte Dance is required by Chinese law to assist the government, which could include sharing user data from anywhere in the world.
When it comes to its own citizens, China has prohibited everything from Google to Twitter to this newspaper. Rather than viewing that asymmetry as unfair, we should recognize its symbolic value: America wins when it can show the world that it’s an open and democratic country. The People’s Republic of China banned TikTok to protect itself and other countries wouldn’t see it the same way. It is not certain if the federal government can simply prohibit access to a large communications platform or if it can control online content to make sure that it cannot be used to spread misinformation. And then there’s the political question of whether TikTok’s estimated 100 million American fans will allow it to be taken away from them.
“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. That’s true of the weather app and lots of other apps on your phone, even if they’re owned by China.
Ryan Calo is a professor of law and information science at the University of Washington. He says that, while data privacy in the United States still needs much improvement, the proposed legislation is more about geopolitical tensions and less about TikTok specifically.
If the Chinese intelligence sector wanted to gather information about specific state employees in the US, it wouldn’t have to go through TikTok.
“It’s always easy – and this happens across the world – to say that a foreign government is a threat, and ‘I’m protecting you from that foreign government,’ he says. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”
Can the U.S. Intellectual Property Seep Through a Public Information Platform? A View from the Silicon Valley: Insights from Silicon Valley, Twitter, and Facebook
Both Chander and Calo are skeptical that an outright TikTok ban would gain much political momentum, and both argue that even if it were to move forward, banning a communication platform would raise First Amendment concerns. But Calo believes the conversation could push policy in a positive direction for Americans.
He said that he thinks that we’re in a position to think about the consequences of having so much commercial activity taking place in our country. “And we should do something to address it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something that, for example, the Federal Trade Commission seems very interested in doing.”
Tech giants have repeatedly deployed their CEOs to Capitol Hill, who in some cases have made arguments citing the threat of Chinese competition. They have relied on advertising campaigns and trade associations to make their case against some of the bigger legislative threats to their business.
The stark difference between the two illustrates how simple narratives, well-funded lobbying and genuinely thorny policy questions can make or break a bill. It shows how a few Big Tech companies are still in control of the market, and their importance in the lives of many US households.
China-based employees of TikTok will never have access to American accounts if the company’s server reorganization is any indication.
“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.
What do tech platforms really have to do? Congressional bipartisan disagreements in the wake of AICOA and ByteDance, Amazon, Meta, and Meta
In 2019, ByteDance had 17 lobbyists and spent $270,000 on lobbying, according to public records gathered by the transparency group OpenSecrets. The company spent almost $5 million on lobbying last year, more than doubled from the year before.
The internet industry lobby group Meta spent up to $20 million last year. Then it was Amazon at $19 million and then almost $10 million. Almost 10 times as much lobbying was done by the parent of TikTok as it was by the combined group.
One of those bills, the American Innovation and Choice Online Act (AICOA), would erect new barriers between tech platforms’ various lines of business, preventing Amazon, for example, from being able to compete with third-party sellers on its own marketplace. The legislation was the product of a House antitrust investigation into the tech industry that concluded in 2020, that most of the biggest tech companies were monopolies.
For a brief moment this month lawmakers were poised to pass a bill that would force sites to pay news organizations a bigger share of their ad revenues. The bill fell apart after Meta warned that it could have to pull news content from its platforms if the bill passed.
Silicon Valley’s biggest players have skillfully defended their turf in Washington in the past, when they tried to be taken down a peg.
The decisions about the rules the government might impose on tech platforms have called into question how those rules may affect different parts of the economy from small businesses to individual users.
In some cases, as with proposals to revise the tech industry’s decades-old content moderation liability shield, Section 230 of the Communications Decency Act, legislation may raise First Amendment issues as well as partisan divisions. Democrats have said Section 230 should be changed because it gives social media companies a pass to leave some hate speech and offensive content unaddressed, while Republicans have called for changes to the law so that platforms can be pressured to remove less content.
The cross-cutting politics and the technical challenges of regulating an entire sector of technology, not to mention the potential consequences for the economy of screwing it up, have combined to make it genuinely difficult for lawmakers to reach an accord.
Creating a Republican Brand in the Age of Social Media: The Case of TikTok and its Implications for Government Employees and Students
It is important to establish a Republican brand. The professor of political science at the University of California, San Diego says that the Republican Party is unified by their stance against China.
Studies on social media have become part of higher education curriculums. The app has fundamentally changed modern communication with its aesthetic practices, practices and information-sharing.
From an educational standpoint, how are media and communications professors supposed to train students to be savvy content creators and consumers if we can’t teach a pillar of the modern media landscape? While it’s still possible for students to access TikTok within their own homes, professors can no longer show them links to the site in class or put them into slides. The ability of professors to teach students best practices for these uses will now be lost, due to the use of TikTok. Students can see things they are learning about in real time when they use TikTok, making it easier to locate parts of the world.
The world keeps turning when these states implement their bans, leaving the citizens in a fast-paced media world. In order for the students in the states to be prepared for applying for jobs, their peers from other states should be able to provide them with the education and training they need.
Professors also must do research. If these bans persist, social media scholars hired to do their jobs can’t do what they were hired to do. While university compliance offices have said the bans may only be on campus Wi-Fi and mobile data is still allowed, who will foot that bill for one to pay for a more expensive data plan on their phone? No one can answer the question. Faculty who are employees are expected to be on campus regularly to show they are working, so they are also an option while working at home. If you want to study TikTok on campus, you will have to rely on video streaming via mobile data, which can be very expensive, unless you accidentally go over your limits, or are willing to pay for unlimited data.
TikTok CEO Shou Zi Chew will testify before Congress in March, amid nationwide efforts to ban the social media app among government employees and schools due to concerns about privacy and its effect on young people’s mental health.
Earlier this month, Sen. Mark Warner (D-VA), chair of the Senate Intelligence Committee, was reportedly considering offering a bill to ban a broader “category of applications” that could be applied to other apps that pose security risks, according to Axios.
The app, owned by ByteDance, Inc., has been under fire since the Trump administration, when the former president signed an executive order to enforce a nationwide ban of the app, but ByteDance sued and it never went through.
Sen. Michael Bennet (D-CO) demanded that Apple and Google “immediately” remove TikTok from their app stores in a letter addressed to the companies’ chief executives, Tim Cook and Sundar Pichai, Thursday.
In an interview at the New York Times DealBook summit in 2007, the CEO of TikTok, said that the company was going to move all data from Virginia and Singapore to the US-based database server subsidiary called TikTok US.
“I suspect that as government takes the significant step of telling all federal employees that they can no longer use TikTok on their work phones many Canadians from business to private individuals will reflect on the security of their own data and perhaps make choices,” Trudeau said.
Bringing Back the U.S. to the Consultative Council on China: High-Dimensional Innovation and Digital Security Challenges
Unlike Google, Apple has a lot to lose regarding its relationship with both the US and China. Cook is a great leader thanks to his ability to work with Chinese government and manufacturers.
Washington is expected to take action. “We will see limitations this year,” says Mira Ricardel, a former White House deputy national security adviser now at the Chertoff Group advising businesses on regulations. “There is a unanimity of view that will lead to doing something.” There is a picture here of what it might look like.
India has a blockade, called TikTok. A few small ISPs permit access, according to NetBlocks. The lead developer for the University of Michigan’s Censored Planet project says he can watch videos in India using an app downloaded in the US. Many Indian users have switched to rival services, including from Google and Facebook, because of the ban.
Cloud providers and internet infrastructure services would have been banned from doing business with the company, if Trump had issued an order banning app stores from distributing TikTok. The companies caught dodging the order could have been fined or sentenced to prison. “We wanted to start at the root, where it comes into the US, and extract it that way,” says Ivan Kanapathy, who was China director for Trump’s National Security Council and is now vice president at policy consultancy Beacon Global Strategies.
The company recently launched a full-fledged charm offensive that included rapid-fire meetings in Washington with its CEO, new transparency tools on the app and a first-ever tour of its corporate campus in the Los Angeles area.
“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.
“But there’s also a lot of pent-up animosity toward social media broadly and its affect on children, U.S. democracy and misinformation, and it’s easier to take it out on Chinese-owned TikTok right now than it is, say, Facebook or Twitter,” Segal added.
Now, all U.S. user traffic is routed through Oracle’s servers, according to TikTok officials, who also spelled out how Oracle engineers will be able to inspect all of TikTok’s source code, including the powerful algorithm that determines how videos go viral. In addition, a third party monitor will inspect TikTok’s data and algorithm in case Oracle misses anything.
USDS is expected to hire 2,500 people who have undergone high-level background checks similar to those used by the U.S. government, TikTok officials said on Tuesday. None of those hired would be Chinese nationals.
Aggregate data can be analyzed by employees in Beijing of corporations in the U.S., who need to be granted special permission from the U.S. data security team.
Project Texas: An Interactive Public Relations Museum to Discuss the Security of TikTok’s Detection of a Violation of Oracle’s Code
Jim Lewis, a cyber-security expert at the Center for Strategic and International Studies, said that the plan does address some security concerns, but that is no guarantee it will be approved.
“The Oracle plan would work,” Lewis said. “This kind of thing is pretty standard. There is a reasonable solution that may not be enough for TikTok.
The company has previously said that it welcomes “the opportunity to set the record straight about TikTok, ByteDance, and the commitments we are making.”
Assuming the deal passes muster, though, Segal agreed that it resolves the bulk of the data security concerns by allowing inspections of its algorithm and transferring U.S. user data to Oracle.
Many details about Project Texas have trickled out in the Wall Street Journal, the New York Times and Reuters, but Tuesday’s gathering marked one of the first times the company has given an official briefing on the plan.
Journalists were led through the center by the officials, which felt like an interactive public relations museum.
People were put in the position of a TikTok content manager, which meant that they had to decide if a video violated TikTok’s rules.
The facilities will also feature server rooms where visitors who sign non-disclosure agreements can review TikTok’s entire source code, though journalists are not given an opportunity to do this.
Towards a Better Data Security Policy: Sen. TikTok, S.C. Senator Mike Rounds, and the Chairman of the Senate Intelligence Committee
The content moderation game brought up how difficult it is for the thousands of people who have to make trades every day on an endless flood of videos, but it was not the main point.
The TikTok spokesman hopes that Congress will take a more deliberative approach to issues by sharing details of their comprehensive plans with the full Committee.
“If you’re certainly willing to fly a balloon over your continental airspace—and have people see it with a naked eye—what would make you not weaponize data? The vice chair of the Senate Intelligence Committee says that he would like to see a use of an app on the phone of 60 million Americans to influence political debate in this country.
Republican senator Mike Rounds says they are trying to gather as much data as they can about all parts of the country, and that even the most minuscule items can give them more data. “There’s a huge amount of data out there, which will never be touched, never be used, but it’s the small pieces that add up. They are working on it. They are patient. But they are collecting data and seeing us as a threat.
“None of the suggested … efforts were particularly relevant to my concerns,” senator Michael Bennet, a Democrat of Colorado, told congressional reporters after hosting Chew in his office last week.
Canada bans Chinese-owned TikTok and calls for a public inquiry in the light of the recent U.S. election results
TORONTO — Canada announced Monday it is banning TikTok from all government-issued mobile devices, reflecting widening worries from Western officials over the Chinese-owned video sharing app.
Last week, Canada’s federal privacy watchdog and its provincial counterparts in British Columbia, Alberta and Quebec announced an investigation to delve into whether the app complies with Canadian privacy legislation.
Recent media reports raised concerns about potential Chinese interference in the upcoming Canadian elections and prompted opposition parties to call for a public inquiry.