Long-simmering rhetoric about U.S. lawmakers’ response to China-based TikTok is heating up. Scores of U.S. states have taken measures to restrict the app’s use by government employees. A Senate bill passed last month would ban the social media app from operating in the U.S. entirely. One Republican lawmaker has floated the idea of Bytedance selling TikTok to a U.S. company as a means of avoiding an outright ban.
Polarizing conversations elicit supporters of two extremes: TikTok is merely a platform for sharing, engaging, even educational, viral content, where its creators can earn money, connect, and interact. Or, it’s a thinly-veiled vehicle the Chinese government uses to peddle influence and mine data from foreign users.
A strand running through the murky middle of these polar stances holds that, while it probably does harvest all sorts of data from its users, it's not that different from U.S.-based social media apps.
The hit video-sharing platform, owned by the Shanghai-based firm Bytedance, has risen to become the most downloaded app in the world. In 2022, it became only the fifth app ever to cross the 3.5 billion download threshold, famously garnering more traffic even than Google.
Readers may remember when former President Donald Trump attempted to ban the app in the U.S. before his successor opted for a more conciliatory approach. The Biden administration has used the app to further its objectives and engaged in negotiations about privacy concerns with Bytedance. But calls to ban the app for fear of its power are growing louder – and more bipartisan.
Haven’t we seen this movie before?
Remember FaceApp? The app that used artificial intelligence to “age” its users reached peak popularity in 2019 when it shot to the top of Apple and Google’s app stores.
Soon, journalists and privacy advocates began raising concerns about the app’s Russian origins and the vague legal language of its privacy policy. Before long, the FBI was calling it a “potential counterintelligence threat.” According to the agency, the Russian government was legally allowed to snoop on all communications or Russian servers on Russian networks without involving ISPs.
Presumably, this meant that the likenesses and other data belonging to the app’s (self-reported) 500+ million users could be harvested by the Russian government for whatever purpose it deemed expedient.
TikTok’s runaway popularity has caused similar concerns, albeit on a much larger scale. A 2022 report suggested that Chinese engineers have access to data belonging to U.S. users – something the company repeatedly denied.
TikTok had made strides to win back public trust. The company teamed up with Texas-based software giant Oracle to better safeguard U.S. user data (or did it?). It disputed its “high-risk” designation made by the U.S. House of Representatives' Chief Administrative Officer (CAO) due to excessive permissions and lack of data gathering transparency.
Those efforts came crashing down in late December when Forbes revealed that TikTok admitted to spying on several of its journalists covering the social media company. This contributed to the Senate’s passing of what would be the government’s harshest pushback against TikTok to date – a ban from operating in the U.S. It’s unclear whether the House will hold a vote on the bill.
Equal opportunity influence ops?
Apps like FaceApp and TikTok raise broader questions about the faith we put in privacy regulations for software developed in authoritarian or authoritarian-leaning countries. Can they ever be trusted not to use consumer software products for spying (like location tracking, in the case of the Forbes journalists)? What about hardware or even infrastructure?
In terms of data gathering, are U.S.-based apps all that different? How about in terms of content manipulation and influence-wielding?
As the researcher Marcus Hutchins suggests, these concerns may be overblown or misplaced when focused on the abuse of users’ data. We live in an era of relentless data breaches, and much of our personal information already proliferates across the dark web.
Maybe, instead of well-documented and comparatively well-regulated data privacy rules, we should be more concerned about the influence these platforms wield. If that’s the case, TikTok may not be all that different from U.S.-run campaigns.
Last summer, researchers from Stanford and the social media analytics firm Graphika released a report detailing how Twitter and Facebook (parent company Meta) removed several overlapping accounts, believing them to be a part of a coordinated, pro-U.S. influence campaign.
According to the report, social media activity was focused on Iran, Afghanistan, and Arabic-speaking Middle Eastern countries, in some cases publishing apps from U.S. and government-affiliated sites like Voice of America and Radio Free Europe.
"We believe this activity represents the most extensive case of covert pro-Western influence operations on social media to be reviewed and analyzed by open-source researchers to date," the researchers wrote.
Twitter alone said it scrubbed its site of nearly 300,000 tweets from almost 150 accounts.
Influence, not information, is the real weapon
Leaving aside questions about data and privacy, how might influence tactics be used if relationships between the U.S. and China were to sour further, over Taiwan or the South China Sea, for example? Many experts, like former Crowdstrike CTO Dmitri Alperovitch, believe this scenario is possible and likely. It's easy to see how any number of geopolitical developments – whether currently on our collective radar or not – could cause information to be abused to further national aims.
It’s unlikely these influences would cut both ways equally. A core function of China’s Great Firewall is “preserving China's ideologies from unwanted foreign influences.” Even China’s domestic version of TikTok, Douyin, serves up educational content and features a time limit for users under 14. America’s comparatively open society has no similar filter. The character of the content created by Western influencers is decidedly different.
The Senate's bill would also ban apps originating from Russia, Iran, North Korea, Cuba, and Venezuela – our version of a cyber border wall. Such a move seems misguided. After all, when Russia chose to conduct one of its most concerted efforts to influence U.S. internal affairs in 2016, its weapons of choice were our own social media giants.
While we may be resigned to having our stolen data bought and sold on the dark web, having our thinking manipulated by third parties, foreign or domestic, is worth resisting.
What to read next
‘Cyber isolationism’ is making CXOs’ jobs more complicated – and more critical
Looking back at the biggest cybersecurity storylines from 2022 [podcast