U.S. FBI Director Christopher Wray addressed national security concerns as he warned Congress regarding potential “weaponizing” of TikTok by the Chinese government. He believes Chinese authorities have the potential to use TikTok to control data collections on millions of users or control the recommendation algorithm that could be used to carry out influence operations. The authorities could also use the application to control software on devices, which would give attackers operating under government authority the opportunity to compromise personal devices. The short-form video-hosting service is owned by ByteDance, a Chinese company and has more than 100 million users.
Impact
In 2020, the Chinese government enacted the National Intelligence Law of PRC, a series of data-sharing laws that compel Chinese businesses and citizens to support the government’s access to the collection, transmission and storage of data. These laws may compel citizens to turn over data collected abroad and domestically to comply with Beijing’s intelligence and economic goals. TikTok claims it physically stores all data about U.S. users in the U.S. and Singapore to mitigate risk of being subject to this law. However, since employees based in China can access the data, this policy does not effectively address the considerable national security risk from Chinese Communist Party (CCP) intelligence.
DXC perspective
The U.S. government's Committee on Foreign Investment in the United States (CFIUS) and TikTok have been negotiating for months to reach a national security agreement to protect TikTok’s user data. In the meantime, businesses with staff in China should aggressively limit the data stored in China and accessed by China-based staff.