TikTok has generated a great deal of controversy and re-ignited the debate over social media and privacy in corporate America and across the nation. As employers consider whether the app should be deleted from employees’ phones, it’s unclear as to whether the concern is in response to TikTok’s massive popularity, over-reach associated with collection of user data, finding of bugs that allowed attackers to access personal data or its historical connection with the Chinese government. The app is currently under national security review by the Committee on Foreign Investment in the United States (CFIUS) after being accused of censoring videos to satisfy the Chinese government.
TikTok, owned by the Chinese company ByteDance, acquired Music.ly in 2017 and has garnered tremendous popularity during the pandemic and also filled a void once occupied by Music.ly, and before that, by Vine. The current controversy has been fueled by the U.S. administration’s stance toward social media platforms (especially Facebook and Twitter) as well as their stance on Chinese-based technology companies like Huawei.
The attempts by Russia to use social media data as a means to target vulnerable populations and weaponize platforms to spread dis-information has also placed a renewed focus on how nation-states might use social channels to manipulate U.S. elections. Does TikTok’s association with ByteDance imply that the Chinese government might force TikTok to hand over U.S. user data?
The administration’s stance of threatening to strongly regulate or shut down social media due to censorship of false or misleading claims is counterintuitive to their continued use of these platforms for their gain. Both political parties use platforms like Facebook to micro-target communities for political ads and crowdfund for campaign pledges, while President TrumpDonald TrumpKinzinger welcomes baby boy Tennessee lawmaker presents self-defense bill in 'honor' of Kyle Rittenhouse Five things to know about the New York AG's pursuit of Trump MORE frequently uses Twitter to disseminate his agenda, policies, and opinions. With 84 million followers spreading his message for information dissemination or sarcastic dissent, it could be seen as his favorite and perhaps most impactful media pulpit.
The recent Twitter hack where popular profiles were compromised in a Bitcoin campaign (especially Joe BidenJoe BidenBiden says he didn't 'overpromise' Finland PM pledges 'extremely tough' sanctions should Russia invade Ukraine Russia: Nothing less than NATO expansion ban is acceptable MORE and Barack ObamaBarack Hussein ObamaDemocrats make final plea for voting rights ahead of filibuster showdown Biden nominates Jane Hartley as ambassador to UK To boost economy and midterm outlook, Democrats must pass clean energy bill MORE’s accounts) has drawn attention to vulnerabilities and manipulation of these platforms. Hackers working with insiders with access to administrative level controls showed how a coordinated attack could mislead others into providing funds or data. This has resulted in a refocus on the role of social media, regulation of the platforms, third party relationships, and data use agreements.
But does TikTok collect more data than other similar apps? Does it utilize, store, or share in a riskier manner, potentially exposing user data more than similar apps like Instagram, Snapchat, or dating apps like OkCupid, Bumble, or Tinder? Researchers found that the app does not appear to grab any more information than Facebook.
The privacy issue associated with TikTok, outside of the alleged connection with the Chinese government, is the same for many consumer-facing apps reliant on advertising dollars as their sole source of revenue. More users result in more content, which drives utilization and interaction — creating a tremendous amount of data as a source of targeted ads. So essentially, these apps are in the business of trying to collect as much information as possible. One of the issues privacy officers have with online apps is that users don’t usually understand the risk associated with using mobile apps. Different apps have different security policies, collect different data, and share with different third parties. Consequently, users leave a trail of “digital breadcrumbs” that malicious actors can use to steal an identity, sell personal data on the dark web or create a spear phish campaign to get access to a corporate network.
Combine this with the often-confusing legal language in these policies, and multiply that over the myriad of apps that any individual might have on their phone, and you’re bound to see why there is little understanding of how individuals might be exposed and at risk.
Besides user data, the main purpose of TikTok is the creation and sharing of videos. If employees are creating these at work, they might reveal information about their location, nature of operations, security provisions, etc. Most of the time this is done inadvertently, but because of location tracing, high-resolution video, and the tie to identity, users might provide sensitive information. Rather insignificant data from different users could be pieced together to provide sensitive information in aggregate. For example, the fitness app Strava gave away the location of secret Army bases.
TikTok is just another app in the string of social media platform reform that needs to occur to ensure a clear understanding of privacy control, transparency around data collection, sharing and use, education associated with the risk of oversharing and the link between users’ rights and responsibilities and national security. The main issue policymakers have with TikTok is its alleged connection to the Chinese government. Other countries like India have already banned the app, citing privacy concerns that it posed a threat to India’s sovereignty and security.
If there are limitations associated with its use in the United States, I believe TikTok will be the victim of a political and culture war rather than a stance on the misuse of data associated with operations.
Ari Lightman is a distinguished service professor, Digital Media, and Marketing at Carnegie Mellon University's Heinz College of Information Systems and Public Policy.