Tiktok Socialmedia Adobe 1.jpg

The UK’s ban on installing and using the social media app TikTok on government devices brings our policy in line with that of other jurisdictions, including the US and EU member states.

The ban, announced yesterday in the House of Commons by Principality of Lancaster, Oliver Dowden, covers ministry and non-ministerial devices and is a precaution not taken in response to specific incidents or threats.

It’s the latest step in a long-running feud between the West and China over data privacy issues that, in addition to TikTok, also includes IP surveillance camera maker Hikvision and the most prominent network and telecoms giant. Attracted Huawei and others. Banned from UK core telecommunications infrastructure in 2020.

All of these cases stem from concerns shared by the UK, US and other Western countries.Broadly speaking, these concerns are the result of the Chinese government May be able to extract sensitive data from these companies for spying purposes.

Given that China has a long history of industrial espionage and state-sponsored cyber operations are widely perceived as a particularly dangerous threat, these concerns are not entirely unwarranted, and are not entirely unwarranted as to how Beijing might secure the UK government’s personal data. It’s not hard to imagine how it could be abused for authorities if it falls into their hands. In light of this, his Vice President of Technical Account Management Chris Vaughan said: taniumsaid it was no surprise that Westminster would follow in the footsteps of Brussels and Washington, D.C.

“Chinese intelligence tactics are typically focused on long-term goals and reinforced by the continuous collection of data,” he said. “A huge collection of user data now includes commercial and purchase information, combined with biometrics and activity tracking to feed China’s state sector with detailed intelligence.

“This data can also be leveraged to deliver targeted, timely, and often personalized psychological operations to individuals or groups of citizens. election cycles and political events.”

Vaughan believes the UK’s TikTok ban hints at a broader question of how much Chinese influence will be accepted into the nation’s infrastructure and daily life (a similar issue has previously been addressed by Huawei ).

“The restrictions on the use of Chinese surveillance technology have raised concerns in the West in recent months,” he said. “There are also numerous reports of China’s efforts to sway politicians through lobbying and donations, as well as attempts to sway the public through social media and the spread of disinformation.”

“Historically, Russia has been the most prominent user of information manipulation, as evidenced by activities related to the 2016 US election and the Brexit referendum. They use it to benefit their own country.However, the Chinese Communist Party [Chinese Communist Party] In addition to concerns about the use of technologies such as TikTok, will begin to focus more on managing information and influence to achieve strategic goals.

“All instances of these activities need to be addressed head-on by Western political leaders who should take a strong stand against it at the government level, rather than placing the blame on individual institutions.”

double standard

In her response to Dowden’s statement yesterday, Labor Deputy Leader Angela Rayner accused the government of lagging behind and making a sudden U-turn, and for some in the cybersecurity community, the decision included: There is clearly something suspicious about it.

Matthew Hodgson, co-founder and CEO of a secure communications service provider elementin one important respect, the ban is downright hypocritical.

Hodgson said, “The UK government has banned authorities from using TikTok on their phones while pushing legislation that would allow the UK government to access all UK communications. Double standards. is the cry of

“On the surface, it appears that China is taking data security seriously by preventing it from having a backdoor into UK data, but currently only government officials. , is pushing an online safety bill that would create a very similar backdoor to all communication platforms used by British citizens.

“I mean, it’s not OK for China to access government communications, but is it OK to provide China with a route to access citizens’ communications via the weaknesses of the Online Safety Bill? Privacy must be protected from malicious actors and nation states of all shapes and sizes,” he said.

TikTok speaks up

Unsurprisingly, Westminster’s views are not shared with TikTok, which continues to stress that it has never been asked to hand over data by the Chinese government, and will never do so if asked. I argue that it doesn’t.

In a statement following Dowden’s announcement on March 16, a TikTok spokesperson said: We believe these bans are based on a fundamental misunderstanding and are driven by broader geopolitics that TikTok and its millions of users in the UK are not involved with.

“We are committed to continuing to work with governments to address concerns, but should be judged on the facts and treated on a par with our competitors. has begun implementing its comprehensive plan, which includes storing UK user data in European data centers and tightening data access controls.

The organization says it is inaccurate to describe it as China-owned because its European presence is incorporated and regulated in the UK and Ireland, and its parent company Bytedance is incorporated outside of China. thinking about. If requested, the data will be handed over to Beijing.

The company recently announced Project Cloveris a dedicated and secure European “enclave” for storing user data in the United Kingdom and the European Economic Area (EEA). Upon completion of this project, UK user data currently stored in data centers in Singapore and the US will be moved into European jurisdiction.

We also designate third-party cybersecurity firms to audit their controls and protections, monitor data flows, and verify compliance with relevant laws. We believe this exceeds what other technology platforms are currently doing.

Venari Security Chief Technology Officer Simon Mullis agrees that the TikTok ban is partly politically motivated. “The concern is rooted in the ability to ensure the data protection chain of trust from start to finish and all steps in between,” he said. “At TikTok, this has proven very difficult for various technical and political reasons.

“In all fairness, the ban is as much a result of the technical design of the application as it is political,” Mullis said. “Is TikTok’s design and architecture so different from other widely used social media applications that it raises major security concerns? The answer is ‘probably not.'”

Long time no see

But Jamie Moles is Senior Technical Manager. extra hopswhat we know about how TikTok works and, most importantly, what we know about the data TikTok requests and needs access to run on your device Given that, it’s a wonder why the British government has been fooled for so long.

“I am a security professional and I downloaded and used TikTok when it came out, like many others, including people working in the UK government,” he said. “But here’s the difference: As soon as it became clear that this app could collect anything from your phone, including contacts, GPS data, and credentials from other apps, we removed it.

“Having this app on your phone is like giving the Chinese government the keys to our economy.”

arctic wolf Chief Information Security Officer (CISO) Adam Marrè said: The problem is that we don’t know what this data is being used for or if foreign governments have access to it.

“With the rise of data brokers making a living selling user information, the platform could serve as a vessel for malicious actors to use. It can be used to target people via, influence via propaganda, control or access devices, etc. Nothing is truly “free” and we all need to pay attention let me remind you that ”

Faaki Saadi, UK and Ireland Sales Director SOTIMore, said: Especially for those who trust sensitive corporate information.

“The banning of TikTok from UK government devices should serve as a wake-up call to other organizations. Do you have full visibility into the apps your employees are using on company devices? Maybe now is the time to consider it, it doesn’t have to be a hassle, we have a solution that can wipe out unwanted apps in an instant.”

social media security

Both Marrè and Faadi talk about broader issues related to social media in general. Other social media platforms such as Facebook and Instagram owner Meta have repeatedly shown that they are very disrespectful when it comes to user data and security policies. Twitter, under the control of the fickle Elon Musk, is heading in a similar direction.

And Robert Huber, Chief Security Officer, Tenablesaid focusing solely on TikTok meant that there was a risk of missing the forest for the trees. Known unpatched vulnerabilities are the most likely cause of data breaches,” he said.

“It is important that security leaders understand their organization’s unique risk profile, discover where vulnerabilities exist, and prioritize remediation efforts to eradicate the most potentially harmful ones first. That’s it.”

Should we all ban TikTok?

Ismael Valenzuela, Vice President of Threat Research and Intelligence, said: blackberries, we are already seeing CISOs considering banning the use of TikTok on company devices. there is. In such an environment, companies conduct legal reviews of their product security testing and privacy policy positions, at least for use on corporate devices or high-value users.

“Organizations with regularly updated threat models based on contextual intelligence, mature asset management practices, and integrated management endpoint solutions are well suited to manage this risk across the enterprise. No doubt about it,” Valenzuela said.

“It emphasizes the importance of managing risk across the organization and the need to assess and thereby control the impact of the introduction of new products and technologies on the overall security of the organization. including casual chats and use of social media apps.

“We believe that only a limited number of CISOs are aware of TikTok’s privacy policy statement,” he continued. “Supply chain attacks are a major concern today, but privacy risks must also be a top priority for CISOs in high-risk organizations. An individual’s personal data can be extremely valuable in the hands of financially motivated attackers or nation states.”

Ultimately, the question of whether security leaders should ban or limit the use of TikTok on company-owned devices is a question only security leaders can answer. But given the growing number of government bans being proposed or enacted, at least a thorough risk assessment is needed, coupled with a broader audit of companies’ social media activities.