The growing number of countries and authorities that are banning TikTok on national security grounds could provoke a major change for the Chinese video app.

Bloomberg reported that TikTok’s leadership is discussing the possibility of separating from ByteDance Ltd, its Chinese parent company, to help address concerns about national security concerns.

The move comes after the UK government signalled it is investigating the Chinese app and could potentially ban it from government devices because of security concerns.

TikTok divestiture

According to Bloomberg, a divestiture, which could result in a sale or initial public offering, is considered a last resort, to be pursued only if the company’s existing proposal with US national security officials doesn’t get approved, according to people familiar with the matter, who asked not to be identified discussing non-public information.

Even then, the Chinese government would have to agree to such a transaction, the people said

The short-form video app is undergoing a national security review by the Committee on Foreign Investment in the United States (CFIUS) and it agreed last year to implement a number of measures under the plan, nicknamed “Project Texas”, in an attempt to placate hostile lawmakers.

CFIUS has stalled in its process, leaving TikTok unsure of whether its plans will be sufficient to continue operating in the country, according to the report.

Members of CFIUS from the Justice Department have been unwilling to accept TikTok’s proposal, it added.

Current bans

TikTok is already facing a number of bans around the world.

India banned TikTok and other Chinese apps back in July 2020, after a sharp deterioration in its relationship with Beijing, after 20 Indian soldiers were killed by the Chinese military in the disputed Sino-Indian border region.

TikTok was then banned on federal devices in United States, as well Canada, Belgium and the European Commission.

At least 32 of fifty US states have banned TikTok on state devices.

US officials for a while now have alleged China’s government could force TikTok parent ByteDance to hand over data on US users that could be used for intelligence or disinformation purposes.

TikTok chief executive Shou Zi Chew is set to testify before the US House Energy and Commerce Committee of the US Congress on Thursday 23 March, as American lawmakers prepare a bill that could ban the social media platform entirely from the United States on national security grounds.

TikTok is used by more than 100 million Americans, but that countrywide ban of TikTok in the United States seems increasingly likely, after the White House last week lent its backing to the bill from a bipartisan group of a dozen US senators.

Data collection

Security experts point to the wide ranging data collection habits of TikTok as a cause for concern.

Indeed, cyber expert Jamie Moles, senior technical manager at cyber security firm ExtraHop can’t believe UK government workers still have TikTok on their phones, in reference to the UK investigation of the app.

“I’m a security expert who downloaded and used TikTok when it came out like so many others, including those working in the UK government,” said Moles. “But here’s the difference – I removed it as soon as it became clear that the app could harvest *anything* from my phone including contacts, gps data, authentication info from other apps, etc. Having this app on your phone is tantamount to giving the Chinese government the keys to our economy.”

“I’m unsure why the UK government still needs persuading from the NCSC that TikTok is a dangerous piece of surveillance technology when the rest of the world is very aware, and is slowly but surely banning its use,” said Moles. “The UK government must stop its officials using technology that puts our economy at risk.”

App self-protection

This concern about TikTok’s data collection habits was echoed by Will LaSala, field CTO at global cybersecurity firm OneSpan

“As a security person, TikTok being allowed to collect any and all data from a device is dangerous. There is talk about how a rogue nation could collect this information, monitor the movements of a population, and then use that to plan targets,” said LaSala.

“This is real and is already happening – it’s how brick-and-mortar stores know you’re nearby and start notifying you of deals they are having,” said LaSala. “However, banning is always a band-aid and never a solution. Education is part of the solution, but really application providers and operating system manufacturers need to address some of the concerns.”

“Apps can already self-protect from leaking information and allowing other apps access to their data,” LaSala added. “The problem is that many of these app providers are not using this technology and are actively avoiding it because it might hurt the user experience. This allows these bad actors and bad apps to glean even more information.”

“Many app providers are relying on operating system manufacturers to secure their apps, but the operating system is never going to be completely secure due to the many different demands being put on its development. (That is not to say that the operating systems shouldn’t be addressing these problems.),” he said.

“Instead, app developers should be made aware of the security tools available, security tool vendors need to make sure they aren’t causing negative user experiences, and OS manufacturers need to implement controls that can be used to help mitigate the risks,” LaSala concluded. “Users should be able to quickly see what data is being collected, when it is being collected and for what purpose and should be able to shut off the stream of a specific type of data in real time at any time.”

Industrial espionage

Meanwhile Jake Moore, global cybersecurity advisor at ESET noted the dilemma for organisations considering the reach and popularity of TikTok, coupled with its security concerns.

“Tiktok has a humongous reach and can be used very easily to target potential customers,” said Moore. “It can also raise brand awareness for companies into groups of people where traditional advertising does not always work.”

“However, businesses need to remember that the data on the platform is closely monitored and TikTok is potentially more likely to understand their customer’s habits more than the businesses themselves,” Moore added. “Moreover, recent news on Chinese espionage has heightened fears on Chinese owned companies that handle such a huge set of UK data.”

“Industrial espionage has shifted up a gear in the last few years and there are many questions surrounding interactions with Chinese firms,” Moore cautioned. “The TikTok can of worms has very much opened with little chance of ever forcing the lid back on.”

“The temptation for businesses to connect with such audiences is too great for them not to tap into and however the tension grows with the government, it will be a battle right to the end,” said Moore.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago