Clock ticks down for Tiktok as UK reportedly prepares to ban app on government devices
Amid reports the UK is set to recommend a ban on Tiktok from government devices, City A.M. looks at how the app went from viral dance videos to data security threat.
Every Sunday, whatever the weather, groups of teenagers gather on a raised platform outside City A.M. HQ to film themselves dancing against the glittering backdrop of the city. A little distracting, but innocuous enough you would think.
Much like a second pandemic, the Chinese-owned mobile video app took over the world as the coronavirus outbreak and the boredom of lockdowns took hold.
More than two billion people worldwide had downloaded the app by 2020, Wikipedia claims. And in 2021, according to Cloudflare, it was bigger than Google.
But, much like the drifting of a spy balloon above South Carolina, what goes up must, in most cases, come down.
What are the security concerns about Tiktok?
Concerns about the app’s parent company Bytedance and its data security credentials have been growing for months, and in recent weeks appear to have reached fever pitch.
Tiktok says employees in China are able to access user data – including from within Europe – to assess the algorithm’s performance.
Fears have escalated due to the state’s national security laws which may compel Chinese citizens to co-operate with intelligence agencies – even up to the point of handing over data.
“Our reliance on technology creates vulnerability and data is clearly open to abuse,” foreign affairs select committee chairwoman Alicia Kearns told City A.M.
“We need to ask ourselves the question: are we comfortable entrusting our data to a company that functions as an indirect arm of the Chinese Communist Party?”
The company itself even admitted last year that Bytedance workers accessed app data to spy on reporters’ whereabouts, including from Buzzfeed and the Financial Times. The employees involved have reportedly since been fired.
In response, Tiktok has launched a charm offensive, briefing much of Westminster last week on Project Clover – beefing up security measures and making it harder to ID individual users.
New data centres in Dublin and Norway will store data at a cost of £1.1bn a year, while transfers outside of the continent will be assessed by a third-party IT firm.
Tiktok says it takes national security concerns very seriously and holds global data in the US and Singapore – and has never been asked to provide user data to the Chinese government.
What might the UK government do?
But will it be enough? EU officials are now banned from having the app on their work phones and devices, and staff at the European parliament face similar restrictions.
Congress is even deliberating legislation to bring in a full-on ban of the platform, with the US response widely thought to be setting the tone for global levels of trust in Tiktok.
That said, the UK has so far taken a notably more laissez-faire approach.
While parliament has shut down its Tiktok account – after a successful campaign by now science minister Nusrat Ghani – the government is yet to issue any similar edicts over the use of the app.
Science, innovation and technology secretary Michelle Donelan said last month there was “no evidence” a ban was needed. “That would be a very, very forthright move,” she said.
However, reports have emerged in the Sunday Times that the government is set to recommend a ban on the Tiktok app on all state-issued electronic devices following an assessment by the National Cyber Security Centre.
It comes as Hikvision surveillance cameras are removed from government departments after security fears around the Chinese-state owned firm emerged last year.
A government spokesperson declined to comment on the reports when asked by City A.M.
“All departments have robust processes in place to ensure government IT devices are secure, including managing risks from third party applications,” they said.
Tiktok has said moves to ban the app are disappointing and based on misinformation, and that the company is open and available to address any security concerns.
What have security experts said?
But experts have suggested security fears are far from baseless.
Chris Cash, China Research Group director, said issues of technology and authoritarianism were “front and centre” in light of national security concerns sparked by the recent media frenzy over reports of Chinese spy balloons being shot down in the US.
“Tiktok is ubiquitous,” he said. “Everyone knows what it is. I think people are right to be worried about this. People need to be a lot more wary of what their data is being used for.”
“Tiktok will never be able to shake the fact that their parent company is back in China.”
Tiktok says that Bytedance is not Chinese-owned and is a private global company.
Christopher Budd, cyber expert at Sophos, said: “It comes down to concerns about where data is being stored and who has access to it.
“Nothing has changed with Tiktok in three or four years. It’s pretty much the same app that it was. What’s going on is governments are returning to their risk assessments and reevaluating them.”
In response, Tiktok highlighted measures including Project Clover it had taken to improve data governance.
What have political figures said?
Kearns said “more than enough red flags” had been raised so far – and that government “shouldn’t wait until red lines are crossed”.
“We’re currently sleep walking into a far more dangerous world,” she told City A.M.
“A world where autocratic states, that do not have the same respect for human rights and liberal principles that we have, have easy access to a wealth of information on each and every one of us.
“Even just the potential of data abuse and cyber attacks by hostile states should prompt action from the UK government.”
Meanwhile Evie Aspinall, researcher at the British Foreign Policy Group (BFPG), offered insight into why Sunak had retained a “pragmatic” approach to the issue thus far.
“In the eyes of the government, the balance of evidence on the threat posed by Tiktok is not yet conclusive enough to risk an escalation of tensions with China, nor to justify removing access to a key political engagement tool ahead of an election,” she said.
Aspinall stressed that the UK would likely have its hand forced into taking further action on the social media platform, should any geopolitical escalation take place.
“Any marked escalation in tensions with the West by China, such as China invading Taiwan or sending arms to Russia, would likely necessitate a comprehensive reassessment of the threat posed by China and in turn the threat posed by Tiktok,” she said.
“As we saw with regulation of Huawei, the views of our allies will also drive our decision and increased pressure from the United States may force the UK to take action.”
What has Tiktok said?
A Tiktok spokesperson said: “Tiktok is enjoyed by millions of people across the UK safely and securely.
“Our parent company is incorporated outside of China and is majority owned by global institutional investors. Tiktok’s user data is stored in the US and Singapore, not China.
“The Chinese government cannot compel another sovereign nation to provide data stored in that nation’s territory.
“Our recently announced Project Clover will see us set a new standard altogether when it comes to data security, including new data centres in Europe and employing a third-party to provide independent oversight of our strict data controls and protections.”