Domestic Data Breaches Are the Real Threat, Not TikTok

Note: I have being reading a lot the past few weeks on the potential shutdown of TikTok (and WeChat) in the United States. The best summary article I have found so far is entitled Does TikTok Really Pose a Risk to US National Security over at wired.com.

TikTok and WeChat are set to be removed from app stores, including the official platforms for Apple and Google, in the United States at midnight falling between this Sunday, September 20 and Monday, September 21. The apps will still be usable on phones and devices that already have it installed, but it will prevent the apps from being updated. Users that do not have the apps installed at that time will no longer be able to download the apps.

The major point is that developers will not be able to push out bug fixes and updates through official channels, which will make the apps vulnerable to issues that may be identified going forward. There will also be the problem of users attempting to jail-break/hack their devices to allow for unapproved installations of apps and updates. The term “bricked phone” will be trending sooner rather than later.

Thus, we are at a point now that users’ phones and two popular apps, which are also used by adults and organizations, are being compromised because of a political talking point that has been repeated until it became believable and accepted as fact.

The truth is that ByteDance, the developer of TikTok, has continued to issue patches to fix bugs, has made assurances that user data in the United States is stored in the U.S. and not China, has hired a CEO from the United States, and has made other changes due to potential security concerns that have been raised. One of these changes included preventing access to a user’s clipboard on the user’s device, which TikTok was using to prevent comment spamming across multiple videos. Dozens of US apps, such as Fox News, NPR, Reuters, and the Wall Street Journal, have been found to have accessed the user’s clipboard with little mention in the public arena.

Despite numerous public hearings that lacked any real evidence of a security threat (except the idea that ByteDance is based in China and must be a threat) and ByteDance’s repeated assurances and corrective actions, TikTok has continually been held to a higher level of scrutiny than other apps based in the U.S. For example, Reddit has Tencent, the owner of WeChat, as one of its large investors.

The larger issue that needs to be addressed further is the alarming number of data breaches in the U.S. that are occurring every single day. The breaches have become so routine that they are no longer capturing the attention of the general public. It was announced on January 22, 2020, that Microsoft had exposed 280 million customer records, including email addresses, IP addresses, and details of support cases for almost a month in December, 2019.

The “fix” after a data breach is typically a promise of more security going forward and occasionally free security monitoring for a period of time. The financial judgments that have been approved by the court system have shown to provide very little compensation to the end user, often just a few dollars.

Are we really at the point that real, identified problems are continually downplayed, while the idea has become prevalent that China is bad and anything associated with it must be a security threat? Let us focus our energy and resources on fixing what is broken and not chasing cheap talking points.