Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime
DOJ Official Spells Out Concerns About TikTok, WeChat
Assistant Attorney General Says China Could Use Data Gathered for Intelligence PurposesSee latest update on new executive order from President Donald Trump regarding TikTok.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
China could collect the personal data on Americans through the social media apps TikTok and WeChat for intelligence-gathering purposes, a senior Justice Department official says in explaining why the White House wants to ban these apps.
Earlier this month, President Donald Trump signed two executive orders that would effectively ban the two apps from the U.S. and not allow citizens or businesses to work with their parent companies unless they’re sold to an American firm.
Concerns about China using these apps for espionage is one of the main drivers for the president's actions, says John Demers, assistant attorney general for national security, in a recent interview with the Center for Strategic and International Studies.
The TikTok and WeChat apps raise national security concerns because millions of Americans are voluntarily handing over their data to the apps’ Chinese owners, Demers says.
Data Mining
"What's interesting about TikTok is you have one of the first instances in which individuals are signing up and providing the app with their sensitive personal data," Demers says. That data can include users' phone and social-network contacts, GPS position and details such as age and phone number, along with any user-generated content posted, such as photos and videos. The app can store payment information as well, according to a Wall Street Journal report.
"And then there's the data that the app collects about you while it's on your phone. And like a lot of other apps, that app is collecting geolocation data. If you enable it, it's connecting to your contact list and it is following your use of the phone and other apps on the phone. Once they’re interested in somebody… they can mine those existing data sources to find out what that person’s financial life is like, what their health life is like, what their married life is like," Demers says.
China could use this type of data to identify an individual who’s of interest and use it to gather even more sensitive information, Demers says.
In June 2017, China passed the National Intelligence Law that can compel domestic and foreign companies operating in that country to cooperate with Beijing's intelligence-gathering activities, Murray Scot Tanner, principal policy analyst for Alion Science and Technology, explained in a Lawfare article. China-based TikTok and WeChat both must comply with this law, experts say.
Trump's executive order notes that TikTok, a mobile social media app that enables users to create brief, shareable videos, has reportedly been downloaded over 175 million times in the U.S. and over 1 billion times globally. WeChat, a messaging, social media and electronic payment application, reportedly has over 1 billion users worldwide.
Earlier Actions Against TikTok
Before Trump issued his executive order, parts of the federal government had banned employees downloading TikTok on their government-owned mobile devices. For example, in January, the U.S. Army joined the Navy in banning the social media app (see: Trump Signs Executive Orders Banning TikTok, WeChat).
Trump's executive order concerning TikTok notes the U.S. Department of Homeland Security and the Transportation Security Administration have also banned the app.
Other Issues
Some members of Congress are raising new concerns about TikTok.
On Thursday, Republican senators Jerry Moran of Kansas and John Thune of South Dakota sent a letter to the Federal Trade Commission asking the agency to investigate how the app collects data, according to The Hill.
The Wall Street Journal reported this week that TikTok collected user data through MAC addresses in violation of the rules regarding Google's Android mobile operating system. A company spokesperson told the Journal its newer version does not collect MAC addresses from users.