The United Kingdom has followed the United States in enacting a TikTok ban that applies to government devices, citing national security concerns. The ban is part of a broader review of potential social media app threats that is being conducted by the National Cyber Security Centre.
The government said that there is currently limited use of TikTok by staff, and limited need for it is anticipated, but the ban includes a small set of exceptions similar to those provided for by US law. Exemptions must be applied for with the Cabinet Office Ministers and are granted on a case-by-case basis.
Wave of government TikTok bans continues
Similar TikTok bans have recently been introduced by the federal governments of the US, Canada and European Union, as well as quite a few individual US states. In all cases the primary concern is national security, as leaks from inside TikTok continue to raise the possibility that Chinese engineers have more access to foreign user data than governments are comfortable with.
The move was not embraced by the entirety of the government, however, as Labour deputy leader Angela Rayner stated that the TikTok ban was too little too late and represented a “sticking plaster” solution. Members of the party noted that the ban on government devices does not extend to the personal devices owned by government staff, which could very well end up connecting to government networks. The idea of a nationwide TikTok ban is gaining steam in both the UK and US, as the Biden administration has reportedly told the company in recent days that it must find a US-based buyer or be removed from app stores in the country.
As it has in response to all the prior bans from government devices, TikTok maintains that the Chinese government does not have access to any foreign user data and that it is working to address UK, US and EU security concerns.
Chris Vaughan, Vice President of Technical Account Management at Tanium, notes that China’s intelligence-gathering operations are known to be long, slow, and subtle; its state-backed hacking teams are often only discovered after having been present in systems for years, and the absence of evidence in this case is not necessarily an evidence of absence: “Chinese intelligence tactics are usually focused on longer-term objectives and are fueled by the sustained collection of data. The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence into Chinese state departments. This data can also be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. These tactics could potentially be used during election cycle46.322s and politically charged events in the coming years. This latest TikTok ban is part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life. We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted. There have also been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation.”
“There are indications that the CCP will start to focus more on information and influence operations to achieve its strategic goals which adds to the concerns about the use of technology such as TikTok. Any instances of these activities need to be met head on by western political leaders who should take a strong stance against it at the government level, rather than leaving the responsibility to individual organizations,” noted Vaughan.
TikTok bans on government devices become common, but debate about propaganda possibilities continues
The National Cyber Security Centre is preparing a pre-approved list of third party apps that are authorized for government devices, and the TikTok ban is likely to be far from the last as its security review continues. However, TikTok is the first to receive what the agency refers to as a “precautionary ban.”
Chris Handscomb (EMEA Solutions Engineer at Centripetal) notes that, at least to some degree, the TikTok ban issue is a case of technology racing far ahead in a very short period of time and both general awareness and government response taking a more natural amount of time to catch up: “Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, and internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger. However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail. It is therefore imperative that companies and government agencies prioritize their security measures, safeguarding their employees and enterprises from potential threats.”
TikTok is increasingly being swept from government devices across the world, due not so much to the app’s actions as the possibility of any data stored in China being accessed by the government. The Netherlands may be the next to adopt a TikTok ban of this nature, as in January officials issued a recommendation to public service sector workers to remove the app from their devices.
But even as it rapidly becomes unwelcome on government devices outside of China, it remains freely available to the general public in nearly all of these countries. It had previously seemed that most governments were drawing the line at a complete TikTok ban, but the prospect is now looming again with the Biden administration reverting to a Trump-era position and ordering ByteDance to either sell its operations to an American company or face the prospect of the app being removed from the Google Play and Apple stores. There is some precedent for this; the gay dating app Grindr was originally owned by a China-based company, and in 2019 was pressured by a US national security committee into selling to West Hollywood-based San Vicente Acquisition. The proposed sale of a number of apps to Chinese companies, such as Moneygram, have also been blocked under similar concerns.
In the meantime, TikTok appears to be continuing with ambitious plans to shift user data entirely to local servers in the US and EU and to allow third-party oversight (by Oracle in the case of the US) of how data is handled and transferred. The sticking point for the company has been a series of internal leaks, originating in 2022, that demonstrate it is not necessarily living up to its promises. Chinese engineers appear to retain more (and easier) access to foreign user data than they are supposed to, and the app has additionally had issues with employees tracking journalists thought to be in contact with internal whistleblowers.
Chris Hauk, consumer privacy champion at Pixel Privacy, believes that more TikTok bans are inevitable, no matter what the company does to silo data and shift management to specific localities: “We’ll likely continue to see governments crack down on TikTok use by government officials, employees, and the military. The US is putting similar restrictions in place, while Canada, Belgium, and the European Commission already bar the app from being installed on government phones. I’d like to see the ban on social apps expand to other apps, including Facebook, Twitter, and others. While there isn’t currently any concern over foreign governments having access to data from these services, users have a tendency to “over share,” meaning government info could be inadvertently shared on these networks.”
