https://www.schneier.com/blog/archives/2023/02/banning-tiktok.html
Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all the effective ones would destroy the free Internet as we know it:
There's no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government. They collect extreme levels of information about users. But they're not alone: Many apps you use do the same, including Facebook and Instagram, along with seemingly innocuous apps that have no need for the data. Your data is bought and sold by data brokers you've never heard of who have few scruples about where the data ends up. They have digital dossiers on most people in the United States.
If we want to address the real problem, we need to enact serious privacy laws, not security theater, to stop our data from being collected, analyzed, and sold—by anyone. Such laws would protect us in the long term, and not just from the app of the week. They would also prevent data breaches and ransomware attacks from spilling our data out into the digital underworld, including hacker message boards and chat servers, hostile state actors, and outside hacker groups. And, most importantly, they would be compatible with our bedrock values of free speech and commerce, which Congress's current strategies are not.
The essay goes on to list reasons why a TikTok ban by Congress would be ineffective, pointing out:
Right now, there's nothing to stop Americans' data from ending up overseas. We've seen plenty of instances—from Zoom to Clubhouse to others—where data about Americans collected by US companies ends up in China, not by accident but because of how those companies managed their data. And the Chinese government regularly steals data from US organizations for its own use: Equifax, Marriott Hotels, and the Office of Personnel Management are examples.
If we want to get serious about protecting national security, we have to get serious about data privacy. Today, data surveillance is the business model of the Internet. Our personal lives have turned into data; it's not possible to block it at our national borders. Our data has no nationality, no cost to copy, and, currently, little legal protection. Like water, it finds every crack and flows to every low place. TikTok won't be the last app or service from abroad that becomes popular, and it is distressingly ordinary in terms of how much it spies on us. Personal privacy is now a matter of national security. That needs to be part of any debate about banning TikTok.
Previously:
- Decades-old Law Forms Biggest Obstacle to Nationwide TikTok Ban, Lawmaker Says
- TikTok Would be Banned From US "for Good" Under Bipartisan Bill
- South Dakota Bans Government Employees From Using TikTok
Related Stories
South Dakota Bans Government Employees From Using TikTok. The Countless Other Apps And Services That Hoover Up And Sell Sensitive Data Are Fine, Though
South Dakota Governor Kristi Noem put on a bit of a performance this week by announcing that the state would be banning government employees from installing TikTok on their phones. The effort, according to the Governor, is supposed to counter the national security risk of TikTok sharing consumer data with the Chinese government:
"South Dakota will have no part in the intelligence gathering operations of nations who hate us," said Governor Kristi Noem. "The Chinese Communist Party uses information that it gathers on TikTok to manipulate the American people, and they gather data off the devices that access the platform."
Of course, this being the post-truth era, the fact that there's no actual evidence that China has even been able to exploit TikTok to manipulate Americans at any meaningful scale is just... not mentioned.
Lawmakers liken TikTok's widening influence in the US to "digital fentanyl":
In September, President Joe Biden announced that TikTok would remain accessible in the US once a deal could be worked out to assuage national security concerns. At that time, Biden said it would take months for his administration to weigh all the potential risks involved in inking the deal. Among detractors of the brewing deal, Senator Marco Rubio (R-Fla.) and Congressman Mike Gallagher (R-Wis.) emerged, alleging in a Washington Post op-ed that any deal that Biden arranged with the Chinese-owned social media platform "would dangerously compromise national security."
Now, Marco and Gallagher have teamed up with Congressman Raja Krishnamoorthi (D-Ill.) to introduce new bipartisan legislation in the Senate and House of Representatives, formally calling for a ban on TikTok. It's the only way, lawmakers feel, that TikTok can truly be stopped from collecting sensitive data on Americans for the Chinese Communist Party (CCP) and censoring content to influence elections, sow discord, or potentially even "indoctrinate" users.
[...] The bill—officially known as the ''Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and Algorithmic Learning by the Chinese Communist Party Act'' or the ''ANTI-SOCIAL CCP Act"—is designed to block and prohibit all transactions by social media companies controlled or influenced by "countries of concern." The legislation specifically names TikTok and owner ByteDance as existing national security threats. But if passed, its provisions would also extend to any social media platform controlled by other US foreign adversaries, including Russia, Iran, North Korea, Cuba, and Venezuela.
TikTok's CEO agrees to testify before Congress for the first time in March:
As Congress prepares to vote on a nationwide TikTok ban next month, it looks like that ban may already be doomed to fail. The biggest hurdle likely won't be mustering enough votes, but drafting a ban that doesn't conflict with measures passed in the 1980s to protect the flow of ideas from hostile foreign nations during the Cold War.
These decades-old measures, known as the Berman amendments, were previously invoked by TikTok creators suing to block Donald Trump's attempted TikTok ban in 2020. Now, a spokesperson for Representative Michael McCaul (R-Tex.), the incoming chairman of the House Foreign Affairs Committee, told Ars that these measures are believed to be the biggest obstacle for lawmakers keen on blocking the app from operating in the United States.
Yesterday, The Wall Street Journal reported that lawmakers' dilemma in enacting a ban would be finding a way to block TikTok without "shutting down global exchanges of content—or inviting retaliation against US platforms and media." Some lawmakers think that's achievable by creating a narrow carve-out for TikTok in new legislation, but others, like McCaul, think a more permanent solution to protect national security interests long-term would require crafting more durable and thoughtful legislation that would allow for bans of TikTok and all apps beholden to hostile foreign countries.
Australia will ban tiktok on government devices despite claims by chinese officials that the application is safe to use.
Is any application on a mobile device really safe to use? What personal data do they collect? Where do they send it? Why don't mobile devices come with the firewall enabled?
Australia's top spy agency has added to growing concerns about a popular social media app, and its collection of users' personal data. State governments across the nation are issuing TikTok bans on official work devices as concerns about data safety increase worldwide.
The app's Australian general manager Lee Hunter recently told The Project that users should feel "safe" on TikTok, and claimed China had no way of accessing data – despite the site's parent company operating out of China.
However, national intelligence organisation Australian Signals Directorate (ASD) recently released advice about the app, warning the general public not to use it on a device that can access other information.
"Do not use it on a phone that can access any official information, for example, any workplace communication (email clients, MS Teams)," the ASD warned in advice shared by the Tasmanian government.
Previously:
The 'Insanely Broad' RESTRICT Act Could Ban VPNs in the USA
Banning TikTok
TikTok Would be Banned From US "for Good" Under Bipartisan Bill
President Trump Threatens TikTok Ban, Microsoft Considers Buying TikTok's U.S. Operations[Updated 2]
(Score: 1, Troll) by DadaDoofy on Thursday March 02, @11:55AM (2 children)
It seems Tik Tok has been chosen for a ban by the appeal that has to both sides of the political spectrum. Those on the right don't like China and those on the left don't like free speech, so I guess the hope is they will come together to enact a ban. Whatever Tik Tok is peddling, it should be up to individuals to decide what content they consume.
(Score: 4, Informative) by Anonymous Coward on Thursday March 02, @05:28PM
Democrats are not "left". There is no "left" in American politics.
(Score: 2) by DeathMonkey on Thursday March 02, @10:06PM
Trump policy proposal turned into a bill sponsored by two Republicans...
If you are willing to ban speech because reasons then you don't really like free speech, do you?
(Score: 3, Insightful) by bart9h on Thursday March 02, @12:36PM (6 children)
Schneier delivers, as usual.
(Score: 4, Insightful) by JoeMerchant on Thursday March 02, @02:22PM (5 children)
Will enacting privacy laws really change the data trade, or just drive it from the grey market it already is further into the black?
I mean, I'm in favor of strong legal privacy protections, but I'm also even more in favor of Google style transparency such as: "You have location tracking turned on, here is an automatic monthly reminder e-mail with links to look at all of your location history and controls to opt out temporarily or permanently from this tracking, along with links to our (could be better) privacy policy regarding what we will and say we will not do with this data."
What I would really like would be a physical switch on my cell-phone which prevents all transmission, only allows incoming data and call notifications, but I believe that current cellular technology is just about entirely incapable of supporting such an operating mode.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 3, Insightful) by hendrikboom on Thursday March 02, @07:57PM (4 children)
You might be able to do this on a true GNU/Linux-based phone (and not Android) by configuring a firewall. There are a very few of these on the market.
(Score: 2) by RS3 on Thursday March 02, @08:18PM
That's an extremely strong reason to buy a Linux phone (or maybe LineageOS (maybe??))
I don't use my phone like 99% of people do. I occasionally check one low-priority email address, but no other informational / privacy / passwords / personal data ever on a phone.
And, the phone is usually in "airplane mode" if I'm not using it.
(Score: 4, Interesting) by JoeMerchant on Thursday March 02, @08:42PM (2 children)
I wanted Jolla to succeed. Actually, I wanted Qt/Nokia to succeed but after that dumpster fire Jolla was a potential worthy successor.
I have a theory based on observations such as: In 2006 I coded a Qt app which would play back .mp4 video stop and start under software control, I took (a ripped copy of) Monsters Incorporated, would show a 5-10 second clip, then put a math or multiple choice or missing letter or whatever puzzle on the bottom of the screen, when the correct answer was input the video would play another 5-10 seconds and then pause again with another question. Sometimes the questions would correlate with what was happening on the screen. That video taught my non-verbal profoundly autistic six year old to type on a standard keyboard in less than 2 hours, maybe it didn't teach him but it certainly got him to demonstrate he could do it when the best school had managed to get him to demonstrate was use of a touch screen with their lame Starfall software. So, that software I wrote worked on iOS in 2006,7 and maybe 8, then it mysteriously wouldn't work anymore on the next iOS update.
Similarly, I wrote an .mp3 auto-dj application on Qt5/Ubuntu 18.04 in early 2020. It worked fine there, and in Raspbian, when I wrote it, but by Ubuntu 20.04 the way I was using the API broke - I managed to trace it down to a codec problem, the new default .mp3 codec in 22.04 was incompatible with the direct data reading I was doing (so I can start in the middle of big .mp3 files, cross-fade from one song to the next, etc.)
Those are just my experiences, but I'm fairly certain that attempting to work in the world of audio/video software, particularly software that _might_ be used to play content which the industry is still trying to claw revenue out of, is being intentionally manipulated in to a whack-a-mole game of: "oh, did you make an app? Isn't that cute, let me break it for you as often as possible so you have to employ a big team of developers to keep it working even on one platform." I see it happening with music player apps written by others in the app stores too. And in the Android and iOS app store environment, it isn't just entertainment oriented apps, it's freakin' everything. Sure, little developers can come up with cool ideas, but you've got to be a big player to keep up with the changes - this way the big players can reap ideas from the little guys, but the little guys never get anywhere without becoming a big potential lawsuit target.
The point of this rant? A true Linux phone? One that you can write an app for and that app will continue working for the next 20 years? Yeah, I'm pretty sure the "powers that be" are doing everything possible to kneecap those efforts and protect their "walled gardens" where they can pick out the little weeds and nurture relationships with the bigger producers of mutual income.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by hendrikboom on Saturday March 04, @12:32AM (1 child)
The phone, once it works, will continue to work until the spectrum gets allocated to an incompatible protocol.
(Score: 3, Touché) by JoeMerchant on Saturday March 04, @01:15PM
Or the phone is no longer manufactured and the non replaceable battery dies.
Or the service providers no longer support it for their various reasons (lack of security updates?)
What still works after 30 years? My handheld HAM radios and repeaters.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 3, Insightful) by MonkeypoxBugChaser on Thursday March 02, @01:31PM (2 children)
TikTok is a foreign country's surveillance and propaganda tool. This much was obvious at it's inception.
How the hell do you think you'll get it banned now? It has users and they can just download it from anywhere. China will make it extra available out of spite.
The suggestion of privacy laws probably won't work either. TikTok isn't beholden to US law, only the shell company is. Domestic data thieves will also water down any real legislation.
(Score: 3, Touché) by RS3 on Thursday March 02, @08:27PM
The whole thing has caused me to lose even more faith in humanity. I don't understand how one thing becomes so freaking popular ("viral"). But then when it's so obviously spyware? Even mainstream news called them out on it, yet people keep using it. Why don't people care about being tracked and spied on? Are the very few of us who care so very different? Obviously we are, and I wonder if we should be in charge, but the obvious problem is: the masses don't care, so why would they put us in charge- we just want to take away their dangerous toys.
I just find it very strange- the some things people will overreact to, but then are 100% complacent about many super important / safety things (like driving intoxicated, not wearing seatbelts, texting / engrossed in a phone or GPS or touchscreen dashboard).
(Score: 3, Informative) by bobthecimmerian on Thursday March 02, @11:57PM
Instead of getting the data from TikTok, the Chinese government can buy it from any of the dozens of advertising data aggregators that bought it from Facebook, Amazon, and Google. TikTok is a symptom, not the disease.
(Score: 5, Insightful) by GlennC on Thursday March 02, @02:06PM (2 children)
Nothing that Bruce or I or anyone else can say will change anyone's minds.
None of the Powers That Be will allow the kind of privacy or security necessary to prevent our personal data from being slurped up, catalogued, monetized and eventually used against us.
This is the beginning of the end of an era. It was fun while it lasted.
I invite any evidence to the contrary.
Sorry folks...the world is bigger and more varied than you want it to be. Deal with it.
(Score: 4, Informative) by Sjolfr on Thursday March 02, @03:42PM
I think that banning software is a bad precedent in general. Times change, though, and software is more and more often being weaponized. So software really should be seen just like any other commodity that gets traded internationally. If we put sanctions on a country it should include their software; just like not allowing spy/weather balloons in our airspace.
Personally I geoblock the IP ranges of the countries that I don't want to do business with. It's not perfect, but it's a good start. Perhaps ISPs could offer that service to individual customers to enable or disable.
Well, stop using the technology that they gather info from that can not be secured from them. Not practical I know, but it is an answer. The fact that we can choose to not engage is encouraging; hopefully we will never be required to have a phone (tracking device) on our person. While it is an end of an era I don't think it's just the end. It's the beginning of a new era where we have the chance to point ourselves in a better direction. All of these concerns are in the news quite often. ID theft and so on is on everyone's minds. Maybe we should take the opportunity to get more and more people on the side of data privacy across the board.
There are loads of encryption tools that one can leverage but most people don't want to go through that hassle. Private companies are releasing apps/tools to achieve more and more privacy. Apple started the ball rolling with phone/tablet privacy. DuckDuckGo picked up the baton and so have other 'security' driven companies. I really wish phone companies like Librem were a real option for most people, just not yet. Still, the fact that we can transfer phone numbers to whatever SIM we want is a positive note. Some folks just have a google voice number and forgo a phone entirely. Lots of older folks simply have a land-line.
Proton, and few others, have email covered. Dropbox bought a smaller company in order to leverage their encryption at rest technology. Encryption tech, like pgp/gpg, is the same as it ever was. I really wish that, instead of banning particular software, our leaders would point everyone in the direction of secure technologies. There is no technical reason why we all can't have end-to-end encryption in all of our communications tech; phone calls, emails, web browsing, the list goes on. Yet, our government and service providers continue to expose us all because big business likes stealing our data and because big government likes spying on us.
Some large percentage of code out there includes opensource sofware. I know that some people think this is a problem but it really isn't. The challenge of keeping code secure is omnipresent regardless of what platform you use (but especially within the Microsoft ecosystem because, well, it's windows ... viruses and all). Opensource means that we can see what it is instead of trusting someone else to tell us 100% of the facts (which they never do). Opensource also means that it will easier to replace unsupported code or code that has issues. Whereas closed source code is oftentimes harder to get rid of.
(Score: 3, Informative) by RS3 on Thursday March 02, @08:29PM
They can't disallow it- they're doing it too.
(Score: 3, Interesting) by Snospar on Thursday March 02, @07:51PM (1 child)
The article is spot on, we need to stop thinking about this app or that company and instead consider the whole mess of shady "data brokers" who trade in our personal and private information even when we have absolutely no agreements with them that they can do so. I'd hoped that the GDPR would help us by enabling us to turn around to these companies and say "I do NOT give you permission to gather, store and sell my data" or "You MUST delete any information you have that relates to me". Unfortunately I only know about the websites I visit, or apps that I've installed, and behind them there are hundreds of companies dealing in my data that I have no links to. If you go to most popular websites and dig into their privacy policy there will probably be a section about "Third Party" providers and this can contain hundreds of names you've never heard of. If you think "hundreds" is an exaggeration try digging out the list from a charity website, I don't know why but they seem to have the longest lists around - presumably they are trying to reduce costs as much as possible by selling your data to all comers. If I don't know who these third parties are, how can I contact them to get my data removed? Trying to do this for hundreds of companies is beyond most people - and there will be a new list tomorrow.
Sadly in the background of this issue are the people who want to buy and use all this data: the advertisers and the security services. This is troubling because the advertisers are amongst the richest corporations on the planet. They have a lot of power and influence and they aren't about to give that all up. More worrying are that the security agencies who rely on this (easy to access) treasure trove of data are linked directly to the policy makers who we hope would be fighting on our side here.
(Score: 5, Insightful) by RS3 on Thursday March 02, @08:39PM
Ever read any "privacy agreements"? I started reading many of them several years ago. They always start out with "we value your privacy". (They meant to write "your data has value to us").
Then it goes on to say "we may share your data with our "trusted business partners"".
Wait a frelling minute. Who are said "trusted partners"??? What is their "privacy policy"??? Who will they then share my data with?
If it was up to me the law would be: you must first agree to any "sharing" of data on a case-by-case basis. No blanket agreements of any kind. Everyone would have the option to opt out altogether, or blacklist or whitelist whoever whatever we want.
Lets say we whitelist So-and-so company- if that company gets sold, the agreement is null and void, and the new owner needs to re-establish an agreement with us.
Of course, to prevent the onslaught of people trying to get permission to have your data, I and most people would opt out and block all sharing.
(Score: 1) by jman on Friday March 03, @01:03PM
"I'm just a simple computer head, but why don't ATT, Deutsche Telekom, Verizon, and all the other mobile providers add a firewall rule which simply limits data except for app update requests (a particularly formed packet anyone familiar with Wireshark could discern) from returning to the app's servers?"
Just keep everything local to the device, which would of course upset TikTok's business model; but, until US & the now-not-so-sleeping-dragon end their spat, I'd rather not share any demographic info with them.
(Actually, in my own case, that's not exactly true. I'd rather not share demographic info with anyone, which probably explains my lack of a Twithead account, or FootPlant, or all those other idiotic info-and-time-sucking platforms. If they want to monetize me, they should pay for my info. I don't need their stupid 'social' apps. I have a voice, and the ability to write letters - physical or 'e' - which can be used to communicate with others. And yes, I understand credit card companies, etc., also gather such info. But credit cards are useful, and while one would think the money they make off interest would be enough, they want to monetize even more, so there you have it. On the other hand, those allegedly "free" platforms, IMHO, are not.)
Should this ban occur on genpop, there's also a potential monetary issue at play. My honey's hair dresser does gardening TikTok videos on the side. She's got quite the following, and I believe she does make some amount of money off of them. Not that I appreciate spying in general, and certainly not any government spying on citizens of another country, but, in enforcing such a ban, our government would give itself a problem: How would such citizens be compensated for their certain loss of income as a result of the ban?