(Photo by Kevin Frayer/Getty Images)
A ban on federal employees using TikTok on their government-issued phones is on track to become law after Congress included the provision in the year-end government funding bill released early Tuesday.
U.S. Sen. Josh Hawley’s legislation barring the popular social media platform from federal devices was one of several bills attached to the spending measure, the last major action this Congress will take before new members are sworn in next month.
Federal employees would be barred from downloading TikTok, a widely used video-sharing platform owned by the Chinese technology firm ByteDance, on phones and other devices issued by the federal government. Exceptions would be allowed for intelligence gathering purposes.
Hawley, a Missouri Republican, and lawmakers from both parties have called the app a national security risk because users share location data and other personal information with the service. The Chinese government could easily access that data, critics say, because as a Chinese company, ByteDance is obligated to share the data it collects.?
Congressional action comes after a flurry of activity at the state level.?
More than a dozen governors have enacted similar bans for state devices, almost all of them coming in the last three weeks. Those states include South Dakota, Georgia, Idaho, Iowa, Maryland, Montana, New Hampshire, Tennessee and Virginia.?
Louisiana Secretary of State Kyle Ardoin banned his department’s employees from downloading the app and blocked the platform? from the department’s Wi-Fi networks on Monday.
The ban moved with unusual speed. The Senate unanimously passed Hawley’s bill last week, but it needed to clear the House to become law. Inclusion in the $1.7 trillion spending bill — likely the last piece of legislation Congress will consider this year and thus attracted a slew of policy riders — makes that overwhelmingly likely.
In a Twitter post Tuesday, Hawley called the inclusion of the TikTok measure in the spending bill a “win for national security.”
Senate Democrats have also praised the measure.
U.S. Sen. Jon Tester, a Montana Democrat who chairs the Defense Appropriations Subcommittee, said in a statement that “eliminating opportunities for China to gather data and spy on the American government is a no-brainer.”?
Brooke Oberwetter, a spokesperson for TikTok, wrote in an email Tuesday that an ongoing review by the interagency Committee on Foreign Investment in the United States would have produced a better policy result. The company is on its way to implementing the committee’s plans, which were developed with input from top national security agencies, she said.
“We’re disappointed that Congress has moved to ban TikTok on government devices — a political gesture that will do nothing to advance national security interests — rather than encouraging the Administration to conclude its national security review,” she wrote.?
“The agreement under review by CFIUS will meaningfully address any security concerns that have been raised at both the federal and state level.”
U.S. Sen. Marco Rubio, a Florida Republican, has introduced a bipartisan bill to ban TikTok from the country altogether.
Like most phone apps and social media platforms, TikTok asks users for permission to access data stored on their phones such as location, contacts or calendar. To create accounts, users generally need to provide other information such as email address, phone number and real name.
That data collection, combined with information about users’ interests, allows the platforms to build profiles of users, which can then be sold to advertisers.
The data can also be used by bad actors for phishing schemes and other scams, said Len Gonzales, a private cybersecurity expert who runs the Virginia-based Ally Cyber Investigations, LLC.
“All that data that you provide to TikTok — and, again, any other app — can be viewed by those who nefariously want to capture and use that data,” Gonzales said.
And unlike most apps, which are usually owned by U.S.-based companies, data collected by TikTok contains another risk, especially for those with access to potentially sensitive government data: ByteDance’s obligations to the Chinese government.
Lawmakers say the China-based tech company must share its data with the country’s ruling Communist Party, which was part of the rationale they voiced for blocking government workers from installing it on their phones.
“TikTok is legally beholden to the Chinese Communist Party, and not only does it collect an alarming amount of information on users, but it could one day be used as a propaganda machine to sway the minds of Americans or spread misinformation,” U.S. Sen. Mark Warner, a Virginia Democrat, said in a written statement.?
“I certainly don’t want to give the CCP access to our government employees any more than I would want to give them access to our military.”
A widely popular app — it has more than 12 million reviews on Apple’s App Store alone — TikTok has collected “millions of lines of data,” Gonzales said.
In the hands of a bad actor, that data could be used for espionage or blackmail, said Douglas C. Schmidt, a computer scientist at Vanderbilt University.?
“If you’re a government employee, and somebody can figure out you have access to some sensitive information or some sensitive budget things, and they can get blackmail information because they know what websites you look at or who you talk to,” Schmidt said. “You can imagine people being more susceptible in those situations.”
TikTok’s offshore status may also make it more difficult for users to sue in the event of a data breach or some other misuse, Schmidt said.
Sharing data with platforms is the tradeoff for using mobile devices that make social networking, shopping and other activates easier, Schmidt said. That’s true regardless of the specific platform, he said.
“People should be concerned in general,” Schmidt said. “TikTok may have some extenuating circumstances that make it even more of an issue. But these are issues no matter what.”