Comment on a Report by TikTok on Forbes & a U.S. Location Monitoring Advised by ByteDance
TikTok is strongly pushing back against a Forbes report alleging that its parent company wanted to use the video app to “monitor the personal location of some specific American citizens.” In a series of tweets, TikTok accused Forbes of leaving off a vital part of its statement, which says that “TikTok does not collect precise GPS location information from US users,” despite the article’s claims that its parent company ByteDance considered obtaining “location data from U.S. users’ devices.”
The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” Forbes says its report was based on materials it reviewed but did not include details about who was potentially going to be tracked or why ByteDance was planning on tracking them, claiming that doing so may put its sources at risk.
As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. As the conflict grows, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. NATO officials are watching for any signs that Russia is preparing to use nuclear weapons in the event of a strike by Russia, and we look at what indicators are available to the global community.
The vice societies that feed the web: how middle-of-the-pack groups exploit vulnerabilities in exchange server cloud email hosting and Wikipedia custodians ferret out malware
Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. And new research examines how Wikipedia’s custodians ferret out state-sponsored disinformation campaigns in the crowdsourced encyclopedia’s entries.
If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. There is a guide to setting up passkeys on the internet, and if you are looking to do anything for your security, we have it.
And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. To read the full story, click on the headlines. Stay safe out there.
The United States’ Digital Security Security Roundup: Why Internet of Things is Safe and How to Protect Its Users and Their Embedded Devices
Microsoft said this week that a mistake exposed the data of potential customers of its cloud services. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. The information was exposed earlier in the year and up to August of this year, according to a report. The researchers linked the data to more than 65,000 organizations from 111 countries. Microsoft said that the exposed details included names, company names, phone numbers, email addresses, and files sent between potential customers and one of its authorized partners. Cloud misconfigurations are a security risk that has resulted in countless exposure.
There are no easy answers to improve the longstanding security dumpster fire created by cheap, undefended internet of things devices in homes and businesses around the world. But after years of problems, countries like Singapore and Germany have found that adding security labels to internet-connected video cameras, printers, toothbrushes, and more. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. This week, the United States took a step in this direction. The White House wants to make sure that people know how to protect themselves from the internet of things. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.
Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/
U.S. Intelligence and the Internet: Essential Vulnerabilities for Cyber Security, Human Resources, and Community Surveillance
The FBI seized documents at the Mar-a-Lago estate in Florida this summer that contained information about Iran’s nuclear program and United States intelligence operations in China, The Washington Post reported this week. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could possibly encourage countries to retaliate against the US.
Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. We took a look at the susceptibility of the internet infrastructure to various physical and electronic attacks.
Researchers see evidence that the US’s new legal climate for abortion access is promoting a culture of community surveillance, a hallmark of authoritarian states in which neighbors and friends are encouraged to report possible wrongdoing. Soccer stadiums around the world are starting to be watched by authorities more and more. More than 15,000 cameras will be packed into the eight stadiums that will be used for the World Cup in Qatar.
The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.
Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
The Rise of Cash Apps: What Happens When Your Personal Cell Phone is Hacked, and How Do You Lose Your Power? Liz Dorsey’s Case Revisited
Liz is having a hard time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. Russian operatives were able to intercept messages between Truss and officials in other countries. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. While the breach remains unconfirmed, Labor Party officials are calling for an “urgent investigation” into their Conservative opponents. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”
Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. Based on police records, “hundreds of court filings,” and claims by former Cash App employees, the investigation found rampant use of the Cash App in sex trafficking and other crimes. The company, which is owned by Dorsey-led Block Inc., maintains that it “does not tolerate illegal activity on Cash App” and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”
The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. The report landed just a day before a summit in the White House to combat the rise of what is known as ransomware, which is a type of malicious software that can be used to hold a person for a period of time. Himamauli Das, acting director of the Treasury Department’s Financial Crimes Enforcement Network, said in a statement that “ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.
The Indian View of the TikTok App and Social Media: Prospects for the Security of Mobile Social Media in the U.S.
“We do know there’s Chinese ownership of the company that owns TikTok. In a Sunday interview with George Stephanopoulos, Senate Majority Leader Charles Schumer said that some members of the Commerce Committee are looking into it. “We’ll see where they come out.”
The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.
Government restrictions on apps or online services are rare in the US. India’s approach could be instructive for US lawmakers, because the country banned TikTok in June 2020 in the world’s biggest crackdown on the service.
The posturing is at a crucial moment in the years-long negotiations between TikTok and the US government on a potential deal that would address national security concerns and allow the app’s continued use in the US.
Any security concerns that have been raised at both the federal and state levels will be addressed by the agreement under review. The plans have been developed under the oversight of the country’s top national security agencies to ensure that our platform in the United States is secure.
The first version of this article appeared in theReliable Sources newsletter. The evolving media landscape is chronicled in the daily digest.
The Rise of TikTok in the US: The Case for a No-See-Mean-No-Go Theorem
But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users’ devices.
The Senate passed a bill that would allow exceptions for certain activities.
According to the announcement in 2021, TikTok had reached one billion monthly users. In the U.S., twothirds of teens say they use it.
The White House held a call for TikTok creators two weeks after Russia invaded Ukraine. Jen Psaki, then the White House press secretary, and members of the National Security Council staff briefed the creators, who together had tens of millions of followers, on the latest news from the conflict and the White House’s goals and priorities. The previous summer, the White House recruited dozens of TikTokers to encourage young people to get vaccine against Covid.
The company insists it won’t be used for criminal purposes, but national security experts say that China based businesses have to give unfettered access to the authoritarian regime if information is ever sought.
The ban on federal government devices is not a big deal, since the efforts lacked political will or were stopped by courts.
Yet the panic about TikTok is overblown. While some data concerns exist—though none more extreme than those over any US-based social media platforms—policies and discourse around TikTok in politics amount to a modern-day Red Scare. American politicians seem to want to point the finger at China for not having enough data security, as they continue to allow Big Tech lobbyists to quash any attempts at federal social media regulation. Without a federal ban on TikTok throughout the US, it is impossible to re-release the app into the public eye. And when it comes to educating good media citizens in college classrooms, these TikTok bans will do more harm than good.
Investigating the U.S. Byte Dance, a popular Chinese video app that hides its users’ location information, and is not controlled by China
There is no easy way to determine if ByteDance maintains its operations in the U.S., even though it claims to do so.
“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.
The Committee on Foreign Investment in the U.S., a federal panel that reviews foreign capital in the country, began looking at TikTok during the Trump administration.
The committee is satisfied with the steps that TikTok has taken to protect their users’ data from the Chinese government.
CFIUS deliberations are famously secretive and happen behind closed doors. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.
The app was banned on government devices in Canada as soon as Tuesday, while the EU banned it on official devices because of security concerns.
Byte Dance is required by Chinese law in order for it to assist the government which could involve sharing user data from anywhere in the world.
When it came to its own citizens, China has banned everything from the internet to this newspaper. America wins when it can show the world it is an open and democratic country. The decision to ban TikTok on the grounds of being a threat to our security will be seen differently by other nations than by the PRC. It is not certain that the federal government can prevent access to a significant communications platform or restrict online content in order to prevent the spread of false information. There is a question of whether American fans of TikTok will allow it to be taken away from them.
“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. The weather app is owned by China and many other apps are, too, but they are not owned by China.
The national security concerns surrounding the wildly popular Chinese-owned video app TikTok are solved by banning it in the United States. But such a ban might ultimately put our national security at greater risk. It would sidestep the broader problem of our nation not addressing concerns about the huge amount of personal data collected in our digital lives when that data could be used by foreign adversaries.
If the Chinese intelligence sector wanted to get information on particular state employees in the United States, it would probably not have to go through TikTok.
“It’s always easy – and this happens across the world – to say that a foreign government is a threat, and ‘I’m protecting you from that foreign government,’ he says. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”
What Do I Need to Know About a Tech-Empowered State-Dependent Communication Measure? A Critical Analysis of the Congressman’s Obstacles
Both Chander and Calo are skeptical that an outright TikTok ban would gain much political momentum, and both argue that even if it were to move forward, banning a communication platform would raise First Amendment concerns. But Calo believes the conversation could push policy in a positive direction for Americans.
“I think we are in a place where we have to think about the consequences of having so much commercial intelligence gathering taking place of US citizens and residents,” he said. We should do something to address it, but not in a way that is ad hoc posturing, and by passing comprehensive privacy rules or laws which the Federal Trade Commission seems very interested in doing.”
But it isn’t just lobbying that has made some of these bills difficult to pass. It is more difficult to impose sweeping regulations on an entire industry than it is to bring about a bill governing how the US government handles its technology.
The stark difference between the two illustrates how simple narratives, well-funded lobbying and genuinely thorny policy questions can make or break a bill. It suggests that Big Tech companies have retained their dominance in the market and their large roles in the lives of US households.
China may be able to use its laws to pressure TikTok or ByteDance to give over US user data that could be used for intelligence or other purposes.
“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.
Tech Monopoles, Wall Crossing, and the Challenges of Doing Online Business: The AICOA and Bytesdance Regulatory Challenges
In 2019, ByteDance had 17 lobbyists and spent $270,000 on lobbying, according to public records gathered by the transparency group OpenSecrets. The company spent more than five million dollars on lobbying by the end of last year.
Meta was the biggest internet industry lobbying giant last year, spending upward of $20 million. Amazon was at $19 million, followed by the popular search engine at almost $10 million. That is nearly 10 times the lobbying done by TikTok’s parent, which was at number four on the list.
One of those bills, the American Innovation and Choice Online Act (AICOA), would erect new barriers between tech platforms’ various lines of business, preventing Amazon, for example, from being able to compete with third-party sellers on its own marketplace. That legislation was a product of a 16-month House antitrust investigation into the tech industry that concluded, in 2020, that many of the biggest tech companies were effectively monopolies.
For a brief moment this month, lawmakers seemed poised to pass a bill that could force Meta, Google and other platforms to pay news organizations a larger share of ad revenues. If the bill passed, Meta said it would have to remove news content from its platforms.
Silicon Valley’s biggest players have made their way in Washington to protect their turf from Capitol Hill.
By contrast, decisions about the rules government might impose on tech platforms have called into question how those regulations may affect different parts of the economy, from small businesses to individual users to the future of the internet itself.
The First Amendment may be brought up in some cases when legislation is proposed to revise the tech industry’s decades-old moderation liability shield. Section 230 allows social media companies a pass on addressing hate speech and offensive content that is not covered by law, which democrats say is why it should be changed.
Crosse-cutting politics and the technical challenges of regulating an entire sector of technology make it difficult for lawmakers to reach an accord, not to mention the potential consequences for the economy of messing it up.
How Should Social Media Professors in the United States Respond to a “Biased State” Anti-Telugua and “Hidden” Threats?
It’s important to build a Republican brand. A central tenet of what unites Republicans now is taking a strong stance [and] standing up to China,” says Thad Kousser, professor of political science at U.C. San Diego.
Social media research and teaching have become staples in academia and higher education curriculums. The app has fundamentally changed the nature of modern communication with its aesthetics, practices, storytelling, and information-sharing.
If we can’t teach a pillar of modern media in the classroom, how are students supposed to become savvy content creators and consumers? While students can certainly still access TikTok within the privacy of their own homes, professors can no longer put TikToks into PowerPoint slides or show TikTok links via classroom web browser. Brands, companies, and novel forms of storytelling all rely on TikTok, and professors will no longer be able to train their students in best practices for these purposes. Additionally, TikTok makes parts of the world more accessible, as students can see the things they are learning about in real time.
The world keeps turning as these states implement their bans, leaving their citizens disadvantaged in a fast-paced media world. Additionally, media and communications students in the states will be at a disadvantage in applying for jobs, showcasing communicative and technical mastery, and brand and storytelling skills, as their peers from other states will be able to receive education and training.
Professors also must do research. Social media scholars in these states quite literally cannot do what they have been hired to do and be experts in if these bans persist. While university compliance offices have said the bans may only be on campus, who will foot that bill for someone to use a more expensive data plan? The answer is no one. Professors are expected to be on campus often to show that they are working, even if they decide to work from home. This means any social media professor attempting to research TikTok on campus will have to rely on video streaming via mobile data, which can be quite expensive, either through having to individually pay for unlimited data, or accidentally going over one’s limits.
TikTok CEO Shou Zi Chew is expected to appear before Congress in March to face questions from lawmakers over US user safety and security on the popular video app, as first reported by The Wall Street Journal.
It was reported that the chair of the Senate Intelligence Committee, Sen. Mark Warner (D-VA), was considering offering a bill to restrict applications from being applied to other apps that pose security risks.
The app, owned by ByteDance, Inc., was under fire when the former president signed an executive order to enforce a nationwide ban, however, it never went through.
Sen. Michael Bennet (D-CO) demanded that Apple and Google “immediately” remove TikTok from their app stores in a letter addressed to the companies’ chief executives, Tim Cook and Sundar Pichai, Thursday.
At a media briefing on Tuesday at its Los Angeles office, top TikTok officials described a data security plan, dubbed “Project Texas” because it relies on Austin-based software company Oracle.
Brooke Oberwetter welcomed the opportunity to set the record straight. Oberwetter said TikTok plans to discuss its “comprehensive plans” to protect US user safety during the March 23rd hearing.
China’s charm offensive: How the tech giant is trying to convince the US and China to abide by the Censorship Agreement
Unlike Google, Apple has a lot to lose regarding its relationship with both the US and China. Much of Cook’s success at Apple can be attributed to his ability to maintain working relationships with the Chinese government and manufacturers.
Some observers expect Washington to take action. Mira Ricardel is a former deputy national security adviser in the White House and now works at the Chertoff Group. There is a certainty in one’s view that will lead to something. This is what it might look like.
India’s blockade is difficult to crack. NetBlocks says that there is some access by small internet service providers. The creator of the project from the University of Michigan says he was able to watch videos while visiting India using the app he had downloaded in the US. Indian users have switched to rival services such as Facebook and Google after the ban, causing turmoil for those who built businesses on the platform.
Trump’s order would have immediately prohibited app stores from distributing TikTok, and nearly two months later would have barred cloud providers and internet infrastructure services from doing business with the company. They could have been fined or sentenced to prison for skirting the order. Ivan Kanapathy was the China director for Trump’s National Security Council and is currently the vice president at policy consultancy beacon Global Strategies.
The company recently launched a full-fledged charm offensive that has included rapid-fire meetings in Washington with TikTok CEO Shou Zi Chew, new transparency tools on the app and a first-ever tour to members of the media of its corporate campus in the Los Angeles area.
“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.
“But there’s also a lot of pent-up animosity toward social media broadly and its affect on children, U.S. democracy and misinformation, and it’s easier to take it out on Chinese-owned TikTok right now than it is, say, Facebook or Twitter,” Segal added.
Tik Tok’s source code will be inspected byOracle engineers, as well as the powerful formula for determining how videos go viral, according to officials of the company. A third-party monitor will look into TikTok’s data in case Oracle misses anything.
USDS is expected to hire 2,500 people who have undergone high-level background checks similar to those used by the U.S. government, TikTok officials said on Tuesday. The hires would not be Chinese nationals.
Still, aggregate data, like what kind of content is trending on the app or in what regions certain kind of videos are popular, can be analyzed by corporate employees in Beijing who would need to be granted special permission from the U.S. data security team.
Project Texas: Why it would be nice to lose, or why it wouldn’t be useful: comment on TikTok’s “Emotional” Plan
Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies, doesn’t believe that the plan will be approved because it addresses many of the major security concerns.
Lewis said that the oracle plan would work. This kind of thing is fairly common. TikTok has become so emotional, however, that a reasonable solution may not be enough.”
The price of a sale would be prohibitive for many tech firms. TikTok is likely worth tens of billions of dollars. There are legal challenges that would likely arise if a forced sale was to happen. Segal said that the sale of TikTok could constitute a violation of China’s export control laws.
Segal said that it resolves the bulk of the data security concerns by allowing inspections of the algorithm, and by transferring the U.S. user data to Oracle.
Many details about Project Texas have been reported by various media, but Tuesday’s gathering marked the first time the company has given an official presentation on the plan.
The TikTok Centers: A Secretive App to Monitor the State of the Art, or Why We Are There Trying to Stop Worrying About Our Country
TikTok is planning on opening these centers in Washington, Dublin and Singapore and provide tours to journalists, lawmakers and civil society groups in order to give a glimpse at how the secretive app operates.
Then there was a game of sorts that put people in the position of a TikTok content moderator, where they decided if a video violated TikTok’s rules or not.
Visitors that sign non-disclosure agreements can review TikTok’s whole source code in a server room, but journalists are not given a chance to do this.
The content moderation game brought home the difficulties of moderation for thousands of people who get to watch tons of videos and then have to choose between them or not, but it’s mostly what it’s about.
“We hope that by sharing details of our comprehensive plans with the full Committee, Congress can take a more deliberative approach to the issues at hand,” the TikTok spokesperson added.
“If you’re certainly willing to fly a balloon over your continental airspace—and have people see it with a naked eye—what would make you not weaponize data? Or use an app that’s on the phone of 60 million Americans to drive narratives in society that try to influence political debate in this country?” says Senate Intelligence Committee vice chair Marco Rubio, a Republican from Florida.
The fact that they are trying to collect as much data as they possibly can about the whole of our country is something that Mike Rounds of South Dakota agrees with. The data is large and will never be touched, but the small pieces add up. They are working it. They are patient. They clearly see us as a threat, and they are collecting data.
The senator said that none of the suggested efforts were particularly relevant to his concerns.
Is TikTok a Privacy-Preserving App? Implications for Video Sharing in Canada and for Foreign Election Interference
TORONTO — Canada announced Monday it is banning TikTok from all government-issued mobile devices, reflecting widening worries from Western officials over the Chinese-owned video sharing app.
Last week, Canada’s federal privacy watchdog and its provincial counterparts in British Columbia, Alberta and Quebec announced an investigation to delve into whether the app complies with Canadian privacy legislation.
Recent media reports have also raised concerns about potential Chinese interference in recent Canadian elections, prompting opposition parties to call for a public inquiry into alleged foreign election interference.