Can the U.S. be trusted with TikTok? An internal investigation of the December 23 hacking attack by ByteDance
If TikTok is to convince the US government that the platform can be trusted, it will have to work hard. On December 23rd, an internal investigation found that several ByteDance employees had accessed the TikTok data of US journalists, despite previously claiming it has never been used to target individuals such as members of the US government or journalists.
Forbes reported in December that ByteDance employees obtained users’ data without their consent. At least two reporters had their data viewed by ByteDance employees who were investigating past leaks of internal company documents. ByteDance fired all four employees who were involved in the scheme and two of them worked in China.
As the war in Ukrainedrags on, Ukrainian forces have shown themselves to be resilient and have mounted many attacks on Moscow. But as the conflict evolves, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. With Russian president Vladimir Putin escalating his rhetoric about the potential for a nuclear strike, and NATO officials watching closely for any signs of movement, we examine what indicators are available to the global community in assessing whether Russia is actually preparing to use nuclear weapons.
What Do You Need to Know About Cloud Email Hosting? An Observational Look at Some Unresolved Technicolor Aspects
Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. There are state-sponsored misinformation campaigns shown in the crowdsourced encyclopedia’s entries.
The Vice Society, a group notorious for its high profit margins and low investment in technical innovation, has been warned by researchers that they are at risk of being attacked in the future. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.
But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. Stay safe out there.
The U.S. Plan to Create a Security Energy Star for the Internet of Things: Microsoft and the American Council on Bit-Dance Americas
Microsoft said this week that it had a misconfiguration that had exposed the data of some prospective customers. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. SOCRadar said in a report that the exposed information stretched back to as far as 2017 and up to August of this year. Over 67,000 organizations from over 100 countries were LINKED to the data. Microsoft said there were exposed details that included names, company names, phone numbers, email addresses, and files sent between customers and the company or one of its partners. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.
There are no easy answers to improve the longstanding security dumpster fire created by cheap, undefended internet of things devices in homes and businesses around the world. But after years of problems, countries like Singapore and Germany have found that adding security labels to internet-connected video cameras, printers, toothbrushes, and more. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. This week, the United States made some progress in this direction. The White House has a plan for a kind of energy star for the internet of things. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.
Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/
The Rise of Community Surveillance in the United States and Implications for the Internet and Soccer in the Era of the Trump Era
Sources told The Washington Post this week that sensitive information related to Iran‘s nuclear program and the United States’ own intelligence operations in China were included in documents seized by the FBI this summer at former President Trump‘s Mar-a-Lago estate in Florida. The experts say unauthorized disclosures of specific information in the documents pose multiple risks. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could also potentially motivate retaliation by other countries against the US.
Last month, an American candidate won the election to head the International Telecommunications Union, a body tasked with cross-border communications. We looked at the internet infrastructure and its vulnerability, as well as the fragility of the internet.
There is evidence of a culture of community surveillance promoted by the US’s new legal climate for abortion access. And surveillance is on the rise in soccer stadiums around the world as well. In the stadiums that will be used in the World Cup in Saudi Arabia, more than 15,000 cameras will be there to monitor spectators and conduct facial recognition.
The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. The most important vulnerabilities that you can patch right now are in the list.
Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
Why is Liz Truss so upset by a phone hacking attempt? How do she know if she is talking to people in other countries?
Liz Truss is having a rough time. The Mail on Sunday said that Russia’s agents hacked into her cell phone when she was foreign minister. The breach allegedly allowed these Russian operatives to intercept messages between Truss and officials in other countries, including messages about Ukraine. The Mail reported that former prime minister Boris Johnson and Simon Case suppressed the incident. The Labor Party is calling for an urgent investigation into their Conservative opponents. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. The security of the information must be studied more thoroughly and questions must be answered about how it was leaked or released.
Another of Jack Dorsey’s corporate creations is facing new heat this week. Sex traffickers in the US and elsewhere are being helped by the Cash App. The investigation found that hundreds of court filings and ex-Cash App employees had claimed they had been a victim of sex trafficking and other crimes. The company, which is owned by Block Inc., does not tolerate illegal activity on Cash App and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”
The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. ranware, including attacks by Russian-linked actors, remain a serious threat to our national and economic security said Himamauli Das, acting director of the Treasury Department’s Financial Crimes Enforcement Network. One cannot ignore the costs and other consequences of a random attack on a payment outside of the payment itself.
The Anti-TikTok App Act: Negotiating to Keep the App Available for Public Use in the United States and Other Foreign Adversaries
The bill states that TikTok and its parent company, ByteDance, are social media companies. Rubio and one of the House sponsors of the bill, Wisconsin Republican Rep. Mike Gallagher, had indicated their intention to introduce the bill in a Washington Post op-ed last month.
The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.
Since 2020, TikTok has been negotiating with the US government about keeping the app running in the United States. The talks have failed so far, which made it easier for people in Congress and the state to seek restrictions on TikTok.
There is still no deal to keep the app in the US. The Wall Street Journal reported last year that negotiations between the two parties had stopped.
The agreement under review will meaningfully address any security concerns raised at both the federal and state level, Oberwetter said. We will continue to brief lawmakers on the plans that are well underway in implementing, because they have been developed under the oversight of our country’s top national security agencies.
A version of this article first appeared in the “Reliable Sources” newsletter. Receive the daily digest on the evolving media landscape.
The U.S. Supreme Court’s Investigation of TikTok, a Social Media App for Tracking the Locations of Teens and Teens
Lawmakers are concerned about the location tracking services inside the app, which they fear could be used for espionage. When it comes to social media apps, location tracking is a standard feature.
The Senate-passed bill provides exceptions for certain activities.
In 2021, TikTok announced it had reached one billion monthly global users. In the U.S., two-thirds of all teens say they use it, according to the Pew Research Center.
30 prominent TikTok creators were invited to a call by the White House after the Russian invasion of Ukraine. Jen Psaki, then the White House press secretary, and members of the National Security Council staff briefed the creators, who together had tens of millions of followers, on the latest news from the conflict and the White House’s goals and priorities. The White House had recruited dozens of TikTokers to help encourage young people to get shot against Covid during the previous summer.
While the company denies it would ever be used for nefarious purposes, national security experts say China-based businesses usually have to give unfettered access to the authoritarian regime if information is ever sought.
The ban on government devices is anIncremental restriction since the efforts lacked political will or courts stopped them.
“I think some concern about TikTok is warranted,” said Julian McAuley, a professor of computer science at the University of California San Diego, who noted that the main difference between TikTok and other social media apps is that TikTok is much more driven by user-specific recommendations.
The China Investigation of the ByteDance Social Media App, and Why China Shouldn’t Rely on Its United States Operations
There isn’t a way to determine whether or not ByteDance maintains its operations in the United States separately, as the company claims.
“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.
The committee could set a wider TikTok ban in motion, or it can force the app to be sold to an American company, something the Chinese government will likely forcefully oppose, as it did when such a sale was floated during the Trump years.
If that’s the case, the committee is satisfied with the steps TikTok has taken to keep user data out of the hands of the Chinese government.
CFIUS deliberations are famously secretive and happen behind closed doors. The committee is unknown when it will finish the investigation, or which way it is leaning.
The app will be banned on government devices by Canada as soon as Tuesday, and the European Commission banned it on official devices last week due to security concerns.
Any customer information relevant to China’s national security must be furnished by Chinese companies. TikTok collects astonishing amounts of user information, more than some other popular social media apps. There is no evidence that this information has ever been turned over to the Chinese government. Yet in an episode that revealed the possibility of future government interference, ByteDance itself admitted in December that it had fired some China and U.S.-based employees for wrongfully snooping on American’s private information, including that of journalists, collected through TikTok.
When it comes to its own citizens, China has prohibited everything from Google to Twitter to this newspaper. Rather than viewing that asymmetry as unfair, we should recognize its symbolic value: America wins when it can show the world that it’s an open and democratic country. The People’s Republic of China did not see the banning of TikTok as a threat to its own security as much as other nations do. It’s also not certain that the federal government can, under the First Amendment, simply prohibit access to a significant communications platform or that it can control online content so as to preclude disinformation. There is a question about whether American fans of TikTok will allow it to be taken away from them.
“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. That’s the case for the weather app, as well as lots of other apps that are in your phone even if they’re not owned by China.
Ryan Calo is a professor of law and information science at the University of Washington. He says that, while data privacy in the United States still needs much improvement, the proposed legislation is more about geopolitical tensions and less about TikTok specifically.
The Chinese Communist Party, as well as the spread of malign influence campaigns in the U.S., are threats that have everyone talking about TikTok. Before TikTok, however, it was Huawei and ZTE, which threatened our nation’s telecommunications networks,” Warner said in a statement Tuesday. We are not playing Whac-A-Mole and scrambling to catch up once they are already ubiquitous because we need a comprehensive risk-based approach that tackles proactive sources of potentially dangerous technology before they gain a foothold in America.
“It is always easy to say that a foreign government is a threat, because I will protect you from that foreign government,” he says. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”
The U.S. Tech Industry in the Light of TikTok, ByteDance and the Wall Street Journal: We Are Not Far From the Top of the Hill
The ban on TikTok would have little effect because very few House-managed phones have been installed, the spokeswoman said to The Wall Street Journal.
“I think that we’re right in the United States to be finally thinking about the consequences of having so much commercial surveillance taking place of U.S. citizens and residents,” he said. “And we should do something to address it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something that, for example, the Federal Trade Commission seems very interested in doing.”
Tech giants have repeatedly deployed their CEOs to Capitol Hill, who in some cases have made arguments citing the threat of Chinese competition. They’ve also leaned on help from trade associations they’re members of and relied on advertising campaigns to make the case against some of the biggest legislative threats to their business.
The tech industry has faced allegations in the past. Big Tech has been made out as one of Washington’s largest villains because they have harmed children and mental health, spread hate speech and harassment, and censoring conservative viewpoints.
US officials have raised concerns that China could use its laws to pressure TikTok or ByteDance to hand over US user data that could be used for intelligence or disinformation purposes.
“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.
Tech Lobbying and Antitrust: The ByteDance Experienced Difficulties in Passing a Digital Media Antitrust Legislation
ByteDance spent $270,000 on lobbyists and 17 of them worked for the company, according to public records. At the end of last year, the company had spent more than five million dollars on lobbying.
Meta was the biggest internet industry lobbying giant last year, spending upward of $20 million. Next was Amazon with $19 million and then Google with almost $10 million. The parent of TikTok spent less than 10 percent of that sum on lobbying.
For the majority of the year supporters of AICOA called for Senate Majority Leader Chuck Schumer to bring the legislation to a floor vote. But between intense tech lobbying and doubts about whether the bill did in fact have the votes, it never received the floor time its supporters wanted. Other antitrust bills like the one that would have forced Apple to allow users to download iPhone apps from any website, not just its own app store, were also shot down.
For a brief moment this month, lawmakers seemed poised to pass a bill that could force Meta, Google and other platforms to pay news organizations a larger share of ad revenues. But the legislation stumbled after Meta warned it could have to drop news content from its platforms altogether if the bill passed.
Silicon Valley’s biggest players have a long history of maneuvering well in Washington to defend their turf from those trying to knock them off their perch.
The future of the internet, small businesses and individual users have been called into question by the decisions made about the rules government might impose on tech platforms.
In some cases, as with proposals to revise the tech industry’s decades-old content moderation liability shield, Section 230 of the Communications Decency Act, legislation may raise First Amendment issues as well as partisan divisions. Section 230 of the law gives social media companies a pass to leave out hate speech, and Republicans want it changed so that platforms can be pressured to remove less offensive content.
The cross-cutting politics and the technical challenges of regulating an entire sector of technology, not to mention the potential consequences for the economy of screwing it up, have combined to make it genuinely difficult for lawmakers to reach an accord.
The Future of Social Media in the Era of Modern Technology: a Perspective from a Higher-Ed Students’ View of the Media Landscape
“It’s really important to establishing a Republican brand. A central tenet of what unites Republicans now is taking a strong stance [and] standing up to China,” says Thad Kousser, professor of political science at U.C. San Diego.
Teaching methods related to social media have become standard in the higher education curriculum. The app has changed the nature of communication with its practices and design.
From an educational standpoint, how are media and communications professors supposed to train students to be savvy content creators and consumers if we can’t teach a pillar of the modern media landscape? While students can still access TikTok in their bedrooms, professors can’t show the videos in powerpoint or on a classroom web browser. Brands, companies, and novel forms of storytelling all rely on TikTok, and professors will no longer be able to train their students in best practices for these purposes. Students can see what they’re learning in real time, which makes parts of the world more accessible.
The world keeps turning as states implement their bans, leaving their citizens in a faster-paced media world. Students in states will be less likely to apply for jobs, show their skills, and receive education as their peers from other states will be better equipped to do so.
The professors must do research as well. If these bans continue, social media scholars in these states will not be able to perform the tasks they were hired to do. While university compliance offices have said the bans may only be on campus Wi-Fi and mobile data is still allowed, who will foot that bill for one to pay for a more expensive data plan on their phone? The answer is no one. Professors are also employees who are expected to be on campus to show they’re actually working, and working at home does remain an option. This means any social media professor attempting to research TikTok on campus will have to rely on video streaming via mobile data, which can be quite expensive, either through having to individually pay for unlimited data, or accidentally going over one’s limits.
With TikTok’s future still unknown, lawmakers have started pursuing their own solutions. The committee announced that Chew would testify about user safety and security at the March hearing.
Earlier this month, Sen. Mark Warner (D-VA), chair of the Senate Intelligence Committee, was reportedly considering offering a bill to ban a broader “category of applications” that could be applied to other apps that pose security risks, according to Axios.
When the former president signed an executive order to ban the app, the app’s owner ByteDance sued, but it never happened.
Sen. Michael Bennet (D-CO) demanded that Apple and Google “immediately” remove TikTok from their app stores in a letter addressed to the companies’ chief executives, Tim Cook and Sundar Pichai, Thursday.
At a media briefing on Tuesday at its Los Angeles office, top TikTok officials described a data security plan, dubbed “Project Texas” because it relies on Austin-based software company Oracle.
Trudeau believes that many of Canadians will think about the safety of their data as a result of the government’s decision to stop federal employees from using TikTok on their work phones.
What is the problem with Apple? Commentary on the case of the India-US TikTok blockade and the Trump-China charm offensive
Unlike Google, Apple has a lot to lose regarding its relationship with both the US and China. Much of Cook’s success at Apple can be attributed to his ability to maintain working relationships with the Chinese government and manufacturers.
Some people think that Washington will take action. “We will see limitations this year,” says Mira Ricardel, a former White House deputy national security adviser now at the Chertoff Group advising businesses on regulations. “There is a unanimity of view that will lead to doing something.” Here is what that something may look like.
India’s TikTok blockade is permeable. According to NetBlocks, a few small internet service providers allow access. And Ram Sundara Raman, lead developer for the University of Michigan’s Censored Planet project, says he was able to watch videos during a visit to India using the app he had downloaded in the US. But the ban has forced many Indian users to turn toward rival services, including from Google and Facebook, and has caused turmoil for influencers who built businesses on TikTok.
The order that Trump placed would immediately ban app stores from distributing TikTok and nearly two months later would prohibit cloud providers and internet infrastructure services from doing business with the company. The companies caught dodging the order could have been fined or imprisoned. Ivan Kanapathy, who was China director for Trumps National Security Council, says he wanted to start at the root of the problem.
The company recently launched a charm offensive that included rapid-fire meetings in Washington with its CEO, a tour of its corporate campus in Los Angeles to members of the media and new transparency tools on the app.
“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. He said it is a desire to show toughness on China.
There’s a lot of animosity towards social media, which makes it easier to take out on Chinese-owned TikTok right now.
When the Trump administration wanted to put TikTok out of business in the US, the company was scrambling to find a U.S.-based cloud server in order to keep the app up and running.
Project Texas: An Interactive Public Relations Museum about TikTok’s Security Plan and its upcoming Server Rooms at the U.S. Department of State
USDS is expected to hire 2,500 people who have undergone high-level background checks similar to those used by the U.S. government, TikTok officials said on Tuesday. None of the people hired would be Chinese.
Still, aggregate data, like what kind of content is trending on the app or in what regions certain kind of videos are popular, can be analyzed by corporate employees in Beijing who would need to be granted special permission from the U.S. data security team.
The plan addresses many of the security issues that the U.S. government has, but that doesn’t guarantee approval, according to Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
Lewis said that the Oracle plan would work. “This kind of thing is pretty standard. TikTok has become so emotional that a reasonable solution may not be enough.
Not reaching a deal would put TikTok in limbo and raise the possibility that ByteDance would completely spin it off, perhaps even selling it to an American tech firm.
Segal said that it resolves most of the data security concerns by allowing inspections of its algorithm and transferring U.S. user data to a foreign company.
The company gave an official rundown on Project Texas for the first time on Tuesday, one of the many times that details have trickled out.
The Journalists were led through the transparency and accountability center, which felt like an interactive public relations museum.
There was a game of sorts where people were put into the position of TikTok content moderation and had to decide if a video was in violation of the rules.
The server rooms will feature a place where visitors who sign non-disclosure agreements can review TikTok’s entire source code.
Can You Kill a Naked Eye? Sen. Mike Rounds and Sen. Bennet, a Democratic Senator, of Colorado, revealed last week at the Senate Intelligence Committee
The content moderation game brought home how difficult it is for the thousands of people who have to make trade-offs every day on an endless flood of videos, but it was mostly beside the point.
“We hope that by sharing details of our comprehensive plans with the full Committee, Congress can take a more deliberative approach to the issues at hand,” the TikTok spokesperson added.
“If you’re certainly willing to fly a balloon over your continental airspace—and have people see it with a naked eye—what would make you not weaponize data? Or use an app that’s on the phone of 60 million Americans to drive narratives in society that try to influence political debate in this country?” says Senate Intelligence Committee vice chair Marco Rubio, a Republican from Florida.
Republican senator Mike Rounds of South Dakota says that they are trying to gather as much information as they can about the country and even the most minuscule items can add up to more data. “There’s a huge amount of data out there, which will never be touched, never be used, but it’s the small pieces that add up. They are working on it. They are patient. They see us as a threat, and are collecting data to do so.
“None of the suggested … efforts were particularly relevant to my concerns,” senator Michael Bennet, a Democrat of Colorado, told congressional reporters after hosting Chew in his office last week.
Is There a Load in the News? The Canadian Privacy Watchdog wants an investigation into the alleged interference of foreign election interference
Canada is banning TikTok from government-issued phones because of concerns over the Chinese-owned video sharing app.
The federal privacy watchdog and its province’s in British Columbia, Canada, as well as Quebec, are investigating whether the app complies with Canadian privacy legislation.
The opposition wants a public inquiry into the alleged interference of foreign election interference after recent media reports raised concerns.
“It’s not only the fact that you can influence something, but you can also turn off the message as well when you have such a large population of listeners,” Gen. Paul Nakasone said in testimony before the Senate Armed Services Committee.
Our status has been discussed in a way that ignores the facts of the agreement and what we have achieved already. Brooke Oberwetter said that they will continue to deliver a plan for national security for the American people.
The Commerce Department could be given authority to ban certain foreign technologies under a bill that Virginia Democrat Mark Warner is expected to unveil on Tuesday.
US officials can’t provide a lot of detail when asked to show public proof of how the Chinese government worked with ByteDance.
The head of the National Security Agency said in December that people were always looking for the smoking gun in new technologies. I think it’s a loaded gun.