The bans of TikTok on government devices is spreading, but some have admitted that they don’t even know what the threat is.
The performative moves by Canadian officials is continuing. While the first move was by multiple privacy commissioners to initiate a probe, it seems that multiple levels of the Canadian government aren’t waiting around for an assessment of the situation. Earlier, we reported that the Canadian government banned TikTok on all government issued devices. While there might have been a good reason to ban the app on government issued devices, security and privacy wasn’t it.
Ever since, the media has been running around in a panic and wringing their hands that TikTok was somehow this overwhelming threat to Canadian national security that will abuse your personal information in ways no one else will. Yet, these charges that TikTok is somehow a unique threat to the Canadian public has, so far, not been backed up by evidence. For instance, a security audit of the app or the website hasn’t really happened by those saying that the app is a unique threat to Canadian’s. Instead, it is all seemingly based on the presumption of guilt because the parent company, ByteDance, resides in China.
The government, for it’s part, admitted that they can’t force average, everyday citizens, to delete the app from their cell phone or never visit the website. The government did, however, urge Canadians to make an informed decision on whether or not they should keep using TikTok or not. It’s all well and good to ask Canadians to make an informed decision, but the problem is, the Canadian government never explained why TikTok was a threat to Canadian’s. All they told the public was that TikTok was, vaguely, a “security” and “privacy” concerns. Obviously, just saying “privacy” and “security” tells the public nothing.
This has left the public to speculate what the heck the government is even talking about. This has boiled down to two main theories, but neither really held up.
The first theory is that China is somehow using TikTok to manipulate elections. This appears to be confusing a separate debate where China has been accused of attempting to interfere in the election in 10 specific ridings. While there are calls for a public inquiry, there is currently a House of Commons committee study. The parts of the hearing we saw, witnesses discussed possible ways China could have tried to influence the election. For one, there hasn’t, so far, been evidence that the influence was enough to sway the election. For another, the apps that were cited were Weibo and WeChat.
So, why is TikTok targeted? Who knows? What’s more, this further shows that other apps and platforms could just as easily, if not, more easily, be used by China. What exactly are we solving by specifically urging Canadian’s to stop using the platform and app?
The second theory circulating is that TikTok handles personal information and, because their parent company resides in China, that automatically means that China has access to all user information. This theory never really panned out given that using personal information for targeted advertising has been a long established business practice by and overwhelming vast majority of platforms that exist today. So, if TikTok has been engaged in this activity, it’s not actually a unique threat. After all, Facebook could be compelled to produce information they have on users to US government agencies. This is nothing new.
If there was a concern that people’s personal information and security are at risk by platforms in general, then the Canadian government can very easily push Bill C-27 (Canada’s privacy reform bill). Sadly, after more than half a decade, the Canadian government has dragged its feet on this issue. If the Canadian government truly cared about people’s personal information and security, this will would actually be a top priority and not linger and collect dust like it has.
Privacy reform can address a whole pile of problems going on with personal information in Canada today. If personal information is handled, how can a service use that personal information? What encryption protocols should be established? What’s the minimum security standards for carrying personal information? Where should that personal information be stored? Who can access that personal information? How about if there is a national security risk and individual information is requested by the government? How can that information be shared across borders? What happens in the event of a hack or a leak? What fines can be handed out for those who break Canadian privacy laws?
All of this can very easily be addressed in reforming Canadian privacy reform. What’s more, the Canadian government wouldn’t be in such a huge mess today had they actually cared about personal information and privacy. Instead, the Canadian government has demonstrated that they don’t care about personal information, privacy, and security of average everyday Canadian’s. This was proven by how little forward momentum Bill C-27 has been given. It’s also a big reason why I call moves to ban TikTok for privacy and security reasons “performative”. Canada continues to be ill-equipped on the file of personal privacy and the first step should be to change that. To this day, it continues to forgo this.
At any rate, the lack of an actual explanation by the Canadian government as to why they feel that TikTok is a unique security and privacy risk has been a major problem in all of this. Apparently, other provinces have decided to jump on the bandwagon and ban TikTok from government devices citing similar vague “privacy” and “security” reasons. From CP24:
Nova Scotia and Saskatchewan became the latest provinces Wednesday to join a growing number of Canadian jurisdictions banning the use of TikTok on government-owned devices pending the results of a threat assessment by the federal government.
The Nova Scotia government issued a statement saying TikTok’s data collection methods provide substantial access to data on mobile devices, making users “vulnerable to surveillance.”
Service Nova Scotia Minister Colton LeBlanc said there is no need for the app to be on government-issued devices.
The Alberta and Quebec governments, as well as the city of Calgary, have also prohibited TikTok on government-issued devices. Officials in Ontario and Newfoundland and Labrador confirmed they are looking at taking similar action.
The United States announced Monday that all government agencies have 30 days to delete TikTok from federal devices and systems, and several other countries have followed suit, including India, Taiwan, Pakistan, Afghanistan, as well as the European Union.
Nowhere in the article is there an explanation as to what the unique risk actually is. Just that China has a law demanding access to data, therefore it’s bad. It’s an extremely presumptive accusation to say the least. Is there an explanation about how the actual data is transferred to China? Of course not. Instead, it’s just a vague citation of a law, therefore, end of debate. In fact, we’ve observed some broadcast media reports saying that some who are banning the app are admitting that they have no evidence that TikTok has done anything wrong. Instead, it’s just a case of “follow the leader”.
Of course, the last of that excerpt notes that the US is moving on legislative efforts to ban TikTok. So, we turn to observers in the US who have called the move part of a massive moral panic. From TechDirt:
The Biden administration has given all federal agencies 30 days to ensure staffers do not have TikTok on any federal devices. All agency vendors are to adhere to the same rules within 90 days. It’s the latest evolution in a growing planetary moral panic that’s gotten well out ahead of its skis, resulting in often-performative solutions that don’t fix the actual problem.
The Biden administration memo comes at the same time as EU announced it would be banning all diplomats from having TikTok on their professional devices, with the UK being pressured to follow suit. Those responses come in the wake of numerous performative announcements that the app has been banned by numerous states and state-funded colleges.
Banning a Chinese-owned app from government employee devices isn’t a bad idea. The problem remains, as we’ve noted countless times, that this isn’t actually fixing the underlying issue. Namely, our repeated failures on consumer protection, our failure to meaningful regulate the unaccountable data broker market, and our corruption-fueled failure to pass even basic privacy legislation for the internet era.
To hear the TikTok hyperbolics tell it, they’re taking meaningful steps to protect consumer privacy and national security:
“The Biden-Harris Administration has invested heavily in defending our nation’s digital infrastructure and curbing foreign adversaries’ access to Americans’ data,” Chris DeRusha, federal chief information security officer, said. “This guidance is part of the Administration’s ongoing commitment to securing our digital infrastructure and protecting the American people’s security and privacy.”
This may surprise some folks, but you’re not actually protecting the American people’s security and privacy by hyperventilating about a single app.
Yes, TikTok plays fast and loose with consumer data. So does nearly every other foreign and domestic app and service on your phone, from apps that track and monetize your every waking movement in granular detail, to apps and services that casually traffic in your mental health specifics. And that’s before you get to the telecom industry, which has pioneered irresponsible collection and monetization of user info.
All of this data is fed into a massive and intentionally confusing data broker market that regulators have been generally disinterested in seriously policing, lest U.S. companies (gasp) lose money. We don’t want to pass a modern internet privacy law, or be tough on data brokers, app makers, OEMs, or telecoms, because rampant surveillance and data monetization is simply too lucrative.
It’s a little terrifying just how close the debate in Canada mirror’s the US. Probably the only thing the US has going for it is that, amidst their patchwork of laws, it’s possible that a regulator can issue fines against a company that misused people’s personal information. It’s difficult, but it is possible. In Canada, that option simply doesn’t exist. Instead, Canada has a system of sending strongly worded letters and telling companies “don’t do that again.” This is not to say the US system is bad, but it’s still better than the deplorable system Canada has on this front.
Meanwhile, back in Canada, it’s becoming suspicious that the Canadian government doesn’t actually have knowledge of a specific threat. It’s clear that the Canadian government wants to discourage the use of the app. The thing is, if the government wants to discourage the use of the app, you’d think that the government would tell the public what that threat is. This is, well, pretty basic stuff. Yet, the Canadian government refuses to tell Canadian what threats are uniquely posed by TikTok. Every bit of speculation I’ve heard on these moves are not issues unique to TikTok so far.
If anything, this appears to be attempting to cover up the failures by the Canadian government to finally get off their butts and reform privacy laws. TikTok isn’t the first thing to hit the airwaves that screamed that Canada needs privacy form and needs it yesterday. Examples include the Newfoundland hack of 2021 and the Desjardins data breach of 2019. Canada’s approach to personal privacy has been an abject failure and an international embarrassment for years. Hyperventilating over the TikTok app shows, yet again, that Canada is ill-prepared to handle anything related to personal information and privacy.
Drew Wilson on Twitter: @icecube85 and Facebook.
