Here we go again! Another highly popular app that is owned and influenced by a foreign entity is amassing billions of users – and taking their personal data. Earlier this year I wrote an article on the skyrocketing use of FaceApp and the concerns over the user data being owned by the Russian company behind the app. Today, we have another app to worry about.
The latest app stirring up controversy about foreign access to personal data is TikTok, which is quickly becoming a viral hit for adults and teens alike. For those of you who have not heard of TikTok, you might remember it by its former name, Musical.ly. Musical.ly was acquired by a Beijing based media company named ByteDance. The app was originally created by Chinese business partners Alex Zhu and Luyu Yang back in 2014. After it was acquired by ByteDance in 2017, the name was changed to TikTok. The app is used to create music videos and/or watch other music videos created by others. Where 15 minutes of fame used to be the goal, TikTok enables you to create short videos which give you 15 seconds of fame. My, how our attention span has changed! So, what’s the big deal? As a cleared user and/or parent to a child that uses TikTok, it is important to be aware of where you or your child’s user data is being stored, and how it’s being accessed.
Why the Warning?
As of June 2019, TikTok has amassed over 1 billion users worldwide, with an average user age in the 16-24 range. For five straight quarters TikTok was the most downloaded app in Apple’s App Store. In the last week, the U.S. Government has launched a national security review of TikTok owner ByteDance’s $1 billion dollar acquisition of Musical.ly. The odd thing about this inquiry is that the transaction took place over 2 years ago, and the government is just now launching an inquiry. Senate Minority Leader Chuck Schumer and Senator Tom Cotton sent a letter to the acting Director of National Security (DNI) Joseph Maguire, formally requesting a probe. A month earlier, Senator Marco Rubio pressed the Committee on Foreign Investment in the United States (CFIUS) to look into the transaction. CFIUS requires foreign investors to gain clearance on acquisitions of U.S. based entities. ByteDance did not seek to gain clearance from CFIUS, raising congressional eyebrows on both sides of the aisle. Senator Rubio is quoted as saying, “Any platform owned by a company in China which collects massive amounts of data on Americans is a potential serious threat to our country.”
With the recent issues in China over Hong Kong protestors, lawmakers are concerned that TikTok is censoring user data across the globe, and not just within the borders of China. Facebook CEO Mark Zuckerberg has levied concerns that TikTok is censoring U.S. user’s data. However, take that with a grain of salt, simply because Facebook is in direct competition for users with TikTok, and Facebook has had congressional issues. Beyond the censorship issues and the user data concerns, there is one main reason why I believe congress is so invested in probing ByteDance, it all points to the Office of Personnel Management (OPM) hack.
Remember the OPM Hack?
OPM is the human resources department for the federal government. Hirings, firings, benefits background investigations (until this October) and personnel records are maintained by OPM. On April 15, 2015, an OPM employee on the cybersecurity team stumbled on an SSL encryption flaw that was pointing all OPM data to a URL that wasn’t owned by the government. It turns out that a fatal malware file was embedded on all systems and running as a malware product that the agency didn’t use. This malware file gave hackers access to all of OPM’s servers. Over 18 million archived SF-86 background investigation forms were compromised, along with over 4 million personnel records. And who was behind the OPM hack? China. It then becomes clear why congress is doing it’s due diligence by pressuring CFIUS to review the Musical.ly acquisition. As a cleared individual, this should serve as a red flag for you and anyone in your family who is actively using the app. I don’t believe that the OPM hack was the last of China’s – or any foreign entities – efforts to gain sensitive user data on U.S. citizens.
Should I Stop Using the App?
If you hold a government clearance, YES! Unless you are aspiring to become a viral music video director and plan to leave your job with the U.S. Government, just delete it now…. stop reading and do it now, I’ll wait….. If you are a kid between the ages of 16-24 and reading this article on this website it means that you are interested in working for the government or a government contractor and would like to obtain a government clearance. This advice applies to you, too. Delete TikTok now – the risk isn’t worth the reward of 15 seconds of fame or a few seconds of entertainment. Find something better to do with your time – study for a certification, watch TV, read a book, take a walk – do anything instead of wasting time and putting your privacy at risk by playing with TikTok.