Your first reaction to my headline was….what? Sensationalist? Exaggeration? Clickbait (sorry, nothing to click on here)? Read on and decide the implications for yourself. In my post yesterday, Creeping Conformity, Batman! I mentioned TikTok among the new social media lexicon. I have gathered information on the TikTok-type phenomenon, from the American Enterprise Institute, LawfareBlog.com and the Washington Post. Did you, like me, simply assume that these new “smartphone” apps were mostly U.S. created, and rather innocuous, even though a silly waste of time? Silly, yes, innocuous, maybe not!
TikTok is a subsidiary of a Chinese parent company ByteDance. How is it that an app for sharing comedic (sometimes juvenile) videos, skits, and (bad) karaoke has attracted the attention of the Committee on Foreign Investment in the United States (CFIUS), the guardian of national security regarding acquisitions of US companies? TikTok, which was launched in 2017, is wildly popular with teenagers around the world as a zany escape — it has been downloaded 1.5 billion times globally and 122 million times in the US. The app is owned by a Chinese company, ByteDance, founded in 2012. In 2018 CFIUS vetoed the bid of China’s Ant Financial to acquire MoneyGram out of fear that the Chinese government would gain access to US citizens’ financial records. Similarly, CFIUS forced Beijing Kunlun Tech to sell Grindr out of fear that data from the gay dating app could be used to blackmail or extort information from US citizens and government officials.
TikTok, which is assembling a high-powered lobbying team in Washington, strongly denies that its “moderation” policy ferrets out negative contributions concerning China. BUT…..China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say. Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management (OPM), which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said. “They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human recruitment.”
China on Friday dismissed the allegation of hacking as “irresponsible and unscientific.” Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace. “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,” he told a regular news briefing. Notice, they didn’t deny hacking, rather played on our innate sense of fairness to play the victim of our suspicions. Hey, it works for our politicians, why not for a (possibly) hostile foreign power? OPM disclosed that the latest hack of one of its systems exposed personal data of up to 4 million current and former employees — the largest hack of federal employee data in recent years.
Robert Williams of Yale Law School, who has written extensively on these matters, has best summed up the CFIUS TikTok challenge: “As the CFIUS inquiry into TikTok illustrates, US officials are confronting their own distinct set of tensions between economic openness and data control. In navigating this terrain, CFIUS should be one element of a broader strategy that seeks to ensure national security considerations relating to data protection are as targeted and narrowly construed as possible.” “Targeted and narrowly construed” is indeed the right goal for CFIUS in the TikTok investigation, though it is not clear that US regulators will thread the needle with regard to the competing imperatives of data privacy, data location, and national security.
Globally, ByteDance and TikTok are targeting their growth in East and South Asia, particularly large countries such as India and Indonesia. India is a rapidly developing success story, as TikTok downloads over the past two years have exceeded 400 million users in the country (four times as many as in the US). Unemployed teenagers form a major cohort of users, as they have few outlets for entertainment and tend to avoid English language outlets such as Facebook and Instagram. Since they enjoy little privacy in their lives, they do not worry about security. Read that sentence again. What are the implications for us? ByteDance has pledged to invest $1 billion in India over the next few years “through expansion and the construction of a data center.” As a number of outside observers have recently noted, TikTok’s success in emerging markets such as India and Indonesia will determine its future even if it encounters major obstacles in the US. Of even greater potential competitive significance in the future, ByteDance, in alliance with TikTok, is about to launch a music streaming app, going head-to-head with services like Spotify and Apple Music.
It is getting more difficult to trace the origins of all these apps. Who would have guessed that TikTok, Grindr and who knows how many others are born of foreign ambitions? Since I’m not a stockholder of any social media companies, I don’t have a personal stake in the commercial applications. What worries me is, what kinds of personal information on our kids are foreign governments collecting through their app sign up processes? Is social media conformity really innocuous?