TIK-TOK AND DATA SECURITY CONCERNS IN THE US

TIK-TOK AND DATA SECURITY CONCERNS IN THE US

The partially-approved partnership deal between Walmart, Oracle, and ByteDance, TikTok’s owner is seen to be a win for the U.S. government as the launch of TikTok Global will generate more than 25,000 new jobs in the country. However, many politicians in the U.S. believe that the deal will not assuage data security concerns if ByteDance will own the majority of the company as the Chinese government can still force it to hand over users’ data. As for the degree of the security threat posed by TikTok and Facebook, the two apps seem to be on equal footing based on the assessment from various technology and security professionals. Some experts believe that Facebook could pose a bigger threat due to its massive number of apps and services that collect user data. However, some experts mentioned that TikTok’s Chinese origin could make it more vulnerable to data breaches given that the security policies of its home country is still catching up with the developed regions. The rest of the findings were presented in the section below.

Background of the Deal

TIK-TOK AND DATA SECURITY CONCERNS IN THE US

Winners

Impact on the U.S. government

  • As per the statements from Oracle and Walmart, the launch of TikTok Global will generate more than 25,000 new jobs in the U.S. The new company can also contribute around $5 billion in tax revenue.
  • ByteDane mentioned that the $5 billion is just an estimate of the usual taxes such as corporate income tax and other types of taxes that the firm will pay in the “coming years.”
  • According to President Trump, the revenue from TikTok Global can also be used to finance the problematic “1776 Commission.” The commission targets to transform the U.S. history curriculum to be able to incorporate more “patriotic views.”
  • Oracle and Walmart also mentioned that an AI-powered online video curriculum is in the works to be able to impart knowledge to kids.
  • With an impending IPO within the next 12 months, it is expected that American stakes in the firm will increase over time.

Impact on Oracle

TIK-TOK AND DATA SECURITY CONCERNS IN THE US

Impact on Walmart

  • As part of its deal with Oracle and ByteDance, Walmart will take 7.5% of ByteDance.
  • The deal is considered as a windfall for Walmart as the company now has the opportunity to monetize from TikTok’s enormous user base. This is reflective of what’s happening in China with regard to the marriage of e-commerce and QVC within a platform.
  • With TikTok’s 100 million users, Walmart can now have access to this massive data goldmine that can enable the company to improve its targeting method for its inventory investments. Improved inventory management processes can help retailers like Walmart gain more business value. The retailer can determine key trends by analyzing TikTok’s audience preferences and act based on these observations even before its competitors.
  • Once TikTok Global goes public, Walmart can also profit from its share in the company.

Impact on ByteDance

  • As part of the deal with Oracle and Walmart, ByteDance announced that it will keep its 80% ownership until TikTok Global goes public. Once this is finalized, Oracle, Walmart, and the U.S. investors might be required to shell out a high post-IPO amount to purchase all the shares of ByteDance.
  • As an independent firm, TikTok Global’s worth could reach $60 billion. In contrast, ByteDance was worth $110 billion after the conclusion of its most recent funding round.
  • With this partnership, ByteDance can keep TikTok running in the U.S.

Losers

Impact on the Overall Data Security Issue in the U.S.

  • The data of TikTok users are all stored in servers that are located outside of China. However, some critics in the U.S. voiced out their opinions that the Chinese government can still compel the company to obtain the data from its servers abroad.
  • Also, even if Oracle’s U.S. data storage servers are relatively well-protected, political entities in the U.S. felt that the partnership could be more focused on just appearing to do something instead of a real joint effort to prevent the intrusion of the Chinese government.

Impact on the Chinese Government

  • As the Chinese government recently placed restrictions that prevent the export of AI services, pushing through with the partnership could force them to close ByteDance’s core business in China.
  • The Chinese government also protested against the Trump government’s endeavor to influence the sale of TikTok’s U.S. operations as this might become a precedent for other foreign-owned companies.
  • The Chinese government also said that they need to be consulted further before the partnership or another deal can be truly finalized.
  • Nevertheless, the partnership with the U.S. companies could potentially provide a backdoor for the Chinese government to collect and analyze user data.

Facebook and TikTok

  • Based on the result of the analysis done by experts on the source code and policies of TikTok, there is no difference in the way that the app captures users’ information as compared to the methods of Facebook and other well-known social platforms.
  • Compared to TikTok, Google and Facebook harvest more user information through these companies’ massive number of apps and services. However, these platform giants receive lesser notice from U.S. political entities who are concerned about privacy.
  • Even after Facebook’s Cambridge Analytica privacy breach, the campaign for the enactment of a federal data privacy law has lost momentum.
  • According to the Chief Privacy and Strategy Officer of the Jumbo privacy app, TikTok’s privacy policy has the same level of intrusiveness as Facebook and Instagram. The way that TikTok is making use of its “users’ personal information, online habits, likes, friends, contacts, and other data” for marketing purposes, and to deliver and personalize its services is very similar to the methods used by Facebook and Instagram.
  • According to the privacy officer, the primary distinction between TikTok and Facebook or Instagram is in the type of data that users are regularly uploading into the apps.
  • TikTok’s users record themselves on video doing various acts. These recordings are then stored by the app.
  • TikTok is also being used primarily by younger folks who are prone to throw caution to the wind when sharing their videos on the app.
  • As TikTok’s users are mostly underage, the company has been continuously facing increasing scrutiny on how it protects the privacy of its young users.
  • In February 2019, FTC handed out a $5.7 million fine to the company for not fully shielding the privacy of its younger audience. The commission also said that it will investigate complaints of violations of kids’ privacy on the app.
  • Another security researcher is also in the process of reverse-engineering the app to determine if there is something that stands out in terms of privacy violations.
  • Based on his initial findings, the app is not exhibiting suspicious activities and is not digging into unusual statistics.
  • However, some iOS developers mentioned that it has found a security loophole in TikTok that enables the app to read its user’s iPhone clipboards without permission. The developers said that clipboard contents can range from simple shopping lists to more critical information such as passwords or financial data.
  • The same study from the iOS team also revealed that other platforms such as LinkedIn and Reddit are also accessing iOS users’ clipboards. In response to this, the three companies already re-programmed their apps after Apple highlighted this problem.
  • According to a representative from TikTok, the clipboard-reading feature was originally developed to uncover bot-like behaviors. TikTok already removed this feature in response to Apple.
  • Another weakness in the TikTok app that the iOS developers unearthed involved some users’ uploaded content being hijacked and replaced. This loophole was due to the app’s use of insecure HTTP links to fetch videos from its servers. Other social media platforms have already transitioned to secure HTTPS some time ago to ensure that users’ data will be secured.
  • Given this basic security shortcoming, the iOS developers said that it will be hard to trust TikTok with user data. Furthermore, the company manifested its lack of concern for the security of its users’ data.
  • TikTok responded to this by reiterating that the privacy of its users is one of its main concerns. The company also mentioned that it already transitioned to secure HTTPS connections in several geographies. It is currently in the process of moving the rest of the regions to this secure protocol.
  • The developers also noted that the app’s Chinese origin could have been a factor in its slow bid to be at par with the security standards of top apps. Given that there are various levels of data privacy and security regulations between China and other territories, it might take some time for the country to catch-up when it comes to putting effective security measures in place.
  • The iOS developers further observed that some of the security concerns on the app are valid.
  • In general, whether its deliberate or simply an outcome of market dynamics, the lack of security measures of social media apps can potentially result in massive breaches as social media apps capture an enormous quantity of user information. Furthermore, they are usually the main targets of bad elements who are looking for data to steal.
  • According to the privacy officer, companies who are not proactively making their data collection process more secure is considered a threat. They are also breaking data privacy laws such as the EU GDPR even if the loophole was intentionally left open to serve as a backdoor or if these are the product of lax security protocols.
  • According to TikTok’s global security head, the company has engaged the services of various third-party and in-house security teams to regularly evaluate its app to uncover any security loopholes.
  • According to mobile security experts, the data collection processes of TikTok are not specifically unique for a company that is engaged in advertising. TikTok’s data handling processes were also found to be identical to those used by its competitors in the U.S.
  • Another iOS security researcher from a Firewall app company also mentioned that TikTok seems to capture only standard analytics data sets that other apps in the U.S are also collecting. Some of these data points include the “user’s device model, screen resolution, operating system, and timezone.” The security researcher even mentioned that the app seems to be “pretty tame” as opposed to other apps.
  • Meanwhile, a Northeastern University computer science professor and mobile networking researcher mentioned that the Android version of the app seems to be “in the same league” as the apps of other social media platforms. These apps collect comprehensive information on their users such as their exact location. However, the professor added that even if these practices are typical of these apps, TikTok cannot be fully absolved. Users should now be assessing if it is ok for them to let more companies collect massive amounts of information on them whenever they download and access these apps.
  • Similar to their findings on other apps, these experts also discovered some bugs in the TikTok app which were later removed.
  • According to a TikTok spokesperson, their “content and moderation policies” are being overseen by its U.S. based division and are not swayed by foreign entities. The company also updated its censorship rules, algorithms, and policies to address additional privacy findings.
  • The company has also established a transparency center where third-party experts can personally go through its content moderation processes.
  • Furthermore, with the approval of the partnership between Walmart, Oracle, and ByteDance to form the TikTok Global company, TikTok’s U.S. users’ data will now be housed in Oracle’s secure servers. Oracle’s executives are also guaranteeing the safety of the data that is stored in their servers.

Leave a Reply