Last week, U.S. Senator Chuck Schumer wrote to the U.S. Army to ask it to think twice before using TikTok for recruiting purposes. Schumer cited TikTok’s Chinese origin and laws that required Chinese companies to assist with Chinese intelligence operations. Schumer’s letter dropped just as the U.S. Army was exploring new ways to use social media for marketing and recruiting, and the U.S. government opened a national security review of the popular app. The main question is: Can TikTok be trusted to safeguard user data and not hand it over to the Chinese government?
In a short, one page letter obtained by Buzzfeed, Schumer acknowledged Tiktok’s popularity with teenagers. Schumer urged the U.S. Army to, “assess the potential national security risks posed by China-owned technology companies before choosing to utilise certain platforms.” The New York senator said he was worried about the use of TikTok, which he explicitly named, by Army personnel in both official and unofficial capacities.
TikTok needs little explanation. A social media app designed for smartphones, TikTok was originally designed as a karaoke app, but the ability to record and mix video, overlaying it with music, has created an explosion of short clips, typically fifteen seconds or less. According to the New York Times, the app has been downloaded 750 million times worldwide in just twelve months. By comparison, it took Facebook more than six years to reach that level of global market saturation.
TikTok is alarmingly weird. pic.twitter.com/RJTgGIJzSX
— drew olanoff (@yoda) November 20, 2019
The problem with TikTok is twofold. One, social media is a gold mine for intelligence agencies—and private individuals—willing to put in the time to not only find the dots but actually connect them. Tiktok, with 750 million downloads worldwide, is a sensor pointed at the entire world, collecting an endless stream of data. Most is worthless from an intelligence point of view, but some of it could be potentially useful—and come very cheap.
Imagine an intelligence agency wants to mine social media for information about another country’s submarine fleet. The agency would locate and then monitor the accounts of sailors, particularly submarine sailors, looking for hints to possible deployments, new equipment, morale problems, and so on. A foreign spy agency would also widen the net to include husbands or wives, and boyfriends or girlfriends. Sometimes, dependents inadvertently drop information they were unaware was confidential. A picture of a submarine getting underway could be innocuously captioned, “I’ll see her again in four months.”
The problem of stray information leakage is well known, and all militaries warn their troops not to post information that could violate operational security, or “opsec”. But people invariably get bored, or make bad judgment calls, or upload photos with secret information in the background.
Information gleaned from social media could be used to build a picture of military units, their deployments, and their strengths and weaknesses. Russian intelligence has taken it to a more sinister level, gathering information on U.S. and NATO troops, who are then approached in public by strangers who seemingly know a lot about them.
A lieutenant colonel with the Germany-based Second Cavalry Regiment had his cell phone hacked near the Russian border, and later told Stars and Stripes it was part of an effort to “to intimidate personnel.” Spouses of Dutch fighter pilots deployed to the Baltics reportedly received harassing phone calls from individuals with Russian accents.
The U.S. government’s second concern is unique—so far—to Tiktok. The app is owned by Bytedance, a Chinese technology company. Like all apps, TikTok collects data on users. The problem is who gets access to that data, and what they can do with it. The authoritarian nature of China’s government, ruled by the Chinese Communist Party, complicates matters.
Schumer’s concern is that the Army’s use of a Chinese app could allow the company to collect data on U.S. soldiers, tracking them and providing a source of intelligence to the Chinese government. Schumer cites the “potential national security risks” of the Army relying on Chinese-owned companies, “in light of laws that compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.” Schumer is particularly concerned about the sharing of IP address data, which could help locate troops—especially on overseas deployments.
As a Chinese company, ByteDance is bound by Chinese law. China’s Intelligence Law, passed in 2017, grants the Chinese government sweeping powers to require cooperation from Chinese individuals and companies. This goes beyond previous laws designed to defensively prevent espionage and, some argue, is designed to go on the offensive and collect intelligence data. In a post on the law, The Lawfare Blog wrote:
“The Intelligence Law, by contrast (to previous laws), repeatedly obliges individuals, organisations, and institutions to assist Public Security and State Security officials in carrying out a wide array of “intelligence” work. Article Seven stipulates that “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law.” Article 14, in turn, grants intelligence agencies authority to insist on this support: “state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.”
In other words, even if ByteDance were well-meaning and had a firm policy of keeping its user data private, the Intelligence Law gives the Chinese government the authority to requisition pretty much anything it wants—including TikTok user data. Furthermore, it also appears within Beijing’s rights to forbid any company from revealing it is cooperating with the Chinese government.
Despite all this, there’s zero evidence so far that TikTok is sharing data with the Chinese government. According to a company hired by Bytedance to conduct an audit of its internal processes, the data of U.S. TikTok users is stored on servers located in the United States, and there is no direct way for the app to send data to China.
TikTok’s past policies don’t exactly bode well for TikTok standing up to its government. In September, The Guardian revealed that the company censors content mentioning, “Tiananmen Square, Tibetan independence, or the banned religious group Falun Gong” under the auspices of screening out content involving “hate speech and religion.” TikTok claims that it no longer specifically screens out such content, saying it originally took a “blunt approach to minimising conflict.” Still, the policy of screening out content that the Chinese government wanted to hide hints that TikTok is vulnerable to pressure from Beijing.
Meanwhile, the U.S. Army seems to have backed off the use of TikTok as a recruiting tool. The service has a very minor footprint on the app, with just a handful of local recruiters trying to reach out to local teenagers.
Schumer’s concerns about a Chinese-origin could be painted as modern “yellow peril” hysteria. But China’s use of social media within its borders for intelligence purposes, coupled with the new Intelligence Law and China’s own perceived rivalry with the United States, give his argument some merit.
America may just have to get its teens to serve through some other means.