TikTok and its parent company ByteDance will continue to safeguard US user data from China, Erich Andersen, general counsel for TikTok, has confirmed. ByteDance is developing technologies “to make it physically impossible for any government, including the Chinese government, to access US user data,” Andersen made the claims in an interview with The Associated Press (AP) on 31 March 2023.
The attorney also highlighted ByteDance’s intentions to make Lemon8, a photo- and video-sharing app released in China in 2020 and currently being tested in the US, just as secure. “We’re obviously going to do our best with the Lemon8 app to comply with US law and ensure we do the right thing here. But I think we [have] got a long way to go with that application. It’s pretty much a startup phase.”
Andersen’s claims come almost a year after TikTok CEO Shou Zi Chew first discussed Project Texas, a program intended to strengthen the company’s data security posture in the US. Since then, TikTok has undergone a slew of bans on government devices in several countries. Many legislators and governments do not believe the company’s intentions of safeguarding user data from the Chinese government. Zi Chew also spoke at a congressional hearing in late March 2023, confirming ByteDance will delete all historical US user data from non-Oracle servers by the end of the year. “We’re investing in a system where people don’t have to believe the Chinese government, and they don’t have to believe us,” Andersen told AP, defending Zi Chew’s views. “Where are we falling short here? At some point, you get beyond the cybersecurity risk assessment, etcetera, and you get to ‘We don't like your nationality.”
TikTok is barred only on governmental devices in the US, but the ban could extend to other devices, primarily throughout the so-called RESTRICT Act. The White House and a bipartisan group of 12 senators endorsed the Risk Information and Communications Technology (RESTRICT) Act on 04 April 2023.
The legislation is designed to empower the US administration to potentially ban foreign producers of electronics or software deemed a national security risk by the Commerce Department and its current head, Gina Raimondo. “We look forward to continuing working with both Democrats and Republicans on this bill and urge Congress to act quickly to send it to the President’s desk,” commented the US President’s national security adviser, Jake Sullivan, in a statement published by the White House.
Technically speaking, the RESTRICT Act is less prescriptive when compared to other proposed bills that suggest outright banning transactions by certain social media companies or forbidding the nationwide use of TikTok. Instead, the new legislation would act as a general framework to enable the US administration to review foreign technologies coming into the US individually. “Instead of playing whack-a-mole on Huawei one day, ZTE the next, Kaspersky, TikTok, we need a more comprehensive approach to evaluating and mitigating the threats these foreign technologies pose from these adversarial nations,” Sullivan explained.
According to Matthew Marsden, vice president at Tanium, the RESTRICT Act may effectively limit the collection of data, particularly from China-based companies. “We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted,” Marsden said. “There have also been numerous reports of Chinese efforts to sway politicians through lobbying and donations, and the public via social media and the spread of disinformation.”
A case in point, the push for the RESTRICT Act comes days after the White House gave federal agencies a final deadline to remove TikTok from all government-issued devices. The US is not the only country following this line of action.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments