White House Bans TikTok on Federal Devices
Federal agencies have 30 days to remove the popular Chinese social media app TikTok from federal government devices, according to a guidance memorandum issued by the White House.
The memo, written by Office of Management and Budget director Shalanda Young and first seen and reported on by Reuters, applies to all federal agencies as well as contractors employed by those agencies.
The document noted that exceptions must be granted by an agency head and must pertain to law enforcement activities, security research activities and national security interests and activities.
Previous TikTok bans enacted by state governments and within individual federal agencies have followed concerns that TikTok, owned by the Chinese company ByteDance, could be compelled to share user data with the Chinese government.
In December, Congress passed legislation prohibiting federal employees from using the app on government-owned devices and mandated the Biden administration issue agency directives within a 60-day period.
Congress is currently debating bills that would ban TikTok in the United States, which some consider would be ineffective “at best” or even result in the deployment of surveillance technology akin to what the Chinese government uses.
“This was certainly expected, and it’s actually a little surprising that it wasn’t specified when the ban on TikTok was originally announced,” said Mike Parkin, senior technical engineer at Vulcan Cyber. “While most individuals’ viewing habits aren’t especially interesting, having mass aggregated data can be very useful for deploying social media campaigns.”
From Parkin’s perspective, however, there are going to be multiple challenges when it comes to enforcing the ban.
“Users often find ways to sneak applications onto company-owned devices, even when there are policy enforcement tools installed,” he said. “Plus, the ban is unlikely to impact user-owned kit, which can be a concern in some government environments where it is allowed.”
Chris Vaughan, area vice president of technical account management for Tanium, said this latest step at the federal level indicates a comprehensive approach is needed.
“Chinese intelligence tactics are fueled by the sustained collection of user data such as commerce and purchasing information combined with biometrics and activity tracking. That feeds detailed intelligence for operations with longer-term objectives,” he said.
Vaughan explained that such data can deliver targeted, timely psychological insights that can be used for operations against individuals or groups of citizens.
“We have seen this during election cycles and politically charged events in recent years,” he said. “This move raises the question of the extent to which Chinese influence is acceptable when it comes to national infrastructure and everyday life.”
Andrew Barratt, vice president at Coalfire, pointed out that numerous agencies have voiced concerns about the amount of data that TikTok is gathering, as well as the potential for its use in misinformation campaigns in the long term.
“TikTok, like many other social media platforms, harvests tons of personal data, but the potential from an agency perspective is that this could then be used to target key personnel with various streams of information as well as track their behavior and content,” he said.
Barratt explained that social media apps are very pervasive and do harvest a lot of data from the devices on which they reside.
“The question is if the controlling entity uses them for potential state-sponsored espionage activity,” he said. “If you combine that with the fact that the entity owning TikTok is a joint venture with the Chinese government, it creates a risk that is typically unacceptable to federal agencies.”
Concerns have increased in the West in recent months, and the use of Chinese surveillance technology has been restricted, with the European Commission banning the use of TikTok on devices used by its employees and those contracted by the EU.
“We have also seen reports of Chinese initiatives to influence politicians through lobbying and donations, as well as through the spread of disinformation through social media,” Vaughan said.
He also pointed to Russia’s use of information operations during the 2016 U.S. presidential election and the UK’s Brexit referendum.
“China’s focus, meanwhile, has been on the theft of intellectual property, but there are indications they may look to information and influence operations to advance its strategic goals,” Vaughan said.
From his perspective, such instances must be met head-on by the U.S. and other western political leaders.
“This ban begins to reflect that realization,” he said.
