Those of us who enjoy the pleasure of being in a trusted position as evidenced by having been granted a national security clearance must be attentive to counterintelligence threats. Our daily life brings us to various social networks (Twitter, Facebook, LinkedIn and more). Regular counterintelligence briefings counsel us, repeatedly, to be circumspect when sharing information online. The admonishment to avoid TMI (too much information) syndrome is impressed upon us, yet we do. We do this sometimes knowingly, but oftentimes out of ignorance.
Do you have FaceApp or TikTok on your devices?
FaceApp – Russia
FaceApp is a software application which manipulates a user’s self-submitted photo. The FaceApp “aging experiment” was all the rage earlier in the year. Did you participate and submit a photo of yourself and the FaceApp aged it ten years and then you shared the comparison with friends and family?
When you did that, did you know that FaceApp was developed and is maintained by a firm located in Russia?
Did you read the terms of service? The terms of service permitted the app to access your device’s analytics, cookies, log file info, device identifiers, metadata, and any user data associated with the app’s usage. The app claims the photo you sent went to the app’s servers and had an advertised lifespan of 48 hours.
In a recent letter from the FBI to Senator Charles Schumer, the FBI highlights the capabilities of the Russian Federal Security Service (FSB), specifically their ability to acquire any and all content from internet service providers without having to engage the service providers directly, as they have direct connection.
The FBI considers FaceApp and any other similar product developed in Russia to be a counterintelligence threat.
That is to say, while the app’s servers may have removed your photo within 48 hours, the FSB had the ability to extract the photo to their own servers. FaceApp served as the vehicle to provide the Russian FSB a mugshot for future reference.
TikTok – China
Are you creating short 10-60 second videos using the ubiquitous video application TikTok and sharing it with your friends and family? TikTok was developed and maintained by a Chinese company.
A class action lawsuit alleges that downloading the TikTok app puts your device and content at risk. The suit notes that users locations, ages, private messages, phone numbers, contacts, genders, browsing history, cell-phone numbers and IP addresses are all allegedly sent to Chinese servers.
The current TikTok user agreement does not mention the information being availed to China, however, prior terms of service explicitly noted that the “data could be sent to China.” The lawsuit alleges that the practice continues.
Specifically, in the case of the complaint filed by the primary victim in the class action suit, the user downloaded, yet did not set up an account. Yet the application created an account using her phone number, and began analyzing videos which were present on her phone, which included a facial scan.
Thus, your content may be adding yet additional information to the already robust intelligence targeting dossiers being compiled by the Chinese intelligence entities.
think it’s fun? read the fine print
In both instances the applications themselves look innocuous, even downright fun. Know that your device and the contents of that device are being availed in a manner in which you may not have anticipated. As long as your eyes are wide open, you have put the counterintelligence threat posed within your personal context, carry on.