Technical Analysis on TikTok and Data Privacy Concerns

TikTok’s Data Practices and National Security Risks

The recent congressional hearing with TikTok CEO Shou Zi Chew highlighted concerns over TikTok’s data privacy practices and potential national security risks due to its ownership by the Chinese company ByteDance. Lawmakers questioned the company’s data practices and its ties to the Chinese government. TikTok is really on the brink of being banned, because of legislation that was passed by more than eighty percent of representatives in Congress, and signed by President Biden. Here’s what others are saying from a technical perspective.

Experts’ Perspectives on TikTok Ban

Some experts like James Andrew Lewis of CSIS argue that a complete ban may be an overreaction and robust regulation could mitigate risks, others contend that the proposed U.S. ban is more driven by concerns over control and competition than genuine threats.

Data Collection Practices of Major Platforms

Technical analyses by Mercury and Professor Nigel Phair’s comparative study demonstrate that major platforms like Facebook and Twitter also engage in substantial data collection, raising broader privacy concerns beyond TikTok. The image below is from Professor Nigel’s study.

Data Brokers and Personal Information Risks

TikTok is but a drop in the bucket when it comes to data capture. LiveRamp (previously part of Acxiom), one of the largest U.S.-based brokers, has amassed about 3,000 pieces of data on every U.S. consumer and up to 1,500 data points on each of 2.5 billion people globally, according to a 2020 research report from the NATO Strategic Communications Center of Excellence.

Technical Aspects of Data Collection

Users should understand how their data is collected through cookies, third-party apps (hitch-hike downloads), and mobile identifiers. Kaspersky’s safety article provides advice on securing one’s TikTok account. I sat through a vendor demo last month that could track anonymous users via their mobile devices. Their tech was added as a hitch-hiker with other apps that use the GPS feature of your device.

Potential “Splinternet” and Internet Fragmentation

The potential “splinternet“, where users’ access varies by location, is exemplified by Montana’s proposed TikTok penalties (SB419), currently blocked by a federal injunction amid legal challenges.

Comprehensive Approach Needed

While TikTok’s ownership raises concerns, the broader issues of data collection, privacy protection, and internet fragmentation extend far beyond a single platform.  I am not concerned about the fact LiveRamp knows I follow the catchy compositions of Big Merla or tasty recipes of Chef Luca Corleone. I have major concerns about what data I must give up in order to try out the Penne with swordfish and eggplant recipe.  Let’s be careful out there!