On Feb. 15, TikTok will be banned from Baltimore City devices, becoming the latest in a growing line of state and local governments to prohibit the social media platform.
Gov. Larry Hogan, in early December, issued an emergency directive banning the video-sharing app from state government devices. South Dakota, South Carolina and Nebraska had all previously banned TikTok as well.
Around the time of Maryland’s ban, FBI director Christopher Wray testified during a House Homeland Security Committee that the federal agency has ‘national security concerns’ about TikTok’s U.S. operations. He warned the platform could be used by the Chinese government to control American devices and influence their users.
“The user data from our mobile devices can be used in all kinds of ways,” said Anton T. Dahbura, Ph.D., executive director of the Johns Hopkins University Information Security Institute. “It is important for the general public to pay attention to what the government agencies are saying and what cybersecurity experts are saying because there is more there than meets the eye.”
Something as innocuous as the location of data users can be used in all kinds of ways to determine where people work, who they associate with and what kinds of confidential information they could have access to through their daily lives. “Those tidbits of information alone are extremely valuable for a foreign actor,” he said.
Christine Dunbar, founder and CEO of ROC Implementation & Management Group, notes government agencies are concerned about the app for several reasons including not wanting misinformation to spread.
“One of the things that all of us who operate in this particular industry have to deal with and recognize is that the threats that we faced yesterday are different from the threats that we face today,” she said. “The threat actors are constantly evolving their techniques so it is up to us in the cybersecurity industry (to stop them). We are constantly evolving to deal with what is being presented before us. We are always looking out for ways to combat emerging threats.”
Dahbura notes if people insist on using the platform on their personal devices, they should turn off the ability for the app to track their location and activate any other privacy safe guards that their device provides. “The Chinese have large numbers of people thinking day and night how to make use of these seemingly innocent bread crumbs that we leave behind and people need to just be aware of that and not think that their use of the platform is harmless,” he said.
When using a social media platform, Dunbar said people need to think through how much of their personal information do they want to share in the public domain. Threat actors want to use a person’s information to commit crimes so people need to think about what they are sharing.
With government agencies banning TikTok, should businesses and other organizations do the same? The experts believe the decision should be on a case by case basis.
Dunbar notes business owners and organization leaders need to look at their cybersecurity practices, examine the risks and understand their customer and/or user base.
“I think that each organization needs to conduct an assessment and determine if they need to issue similar policies,” Dahbura said. “I think that is up to the organization. …It is a difficult situation. Ultimately there are technical and policy solutions but we are definitely not there yet and people need to learn to take these things seriously. It is not a joking matter.”