The US Departments of Defense, State, and Homeland Security have banned the use of TikTok on government-owned devices. At least five US states have also banned TikTok; Maryland has also banned products from Huawei Technologies, ZTE Corp., Tencent Holdings products including WeChat, Alibaba, and Kaspersky as well.
Note
- Honestly, if there is a lot of government support for banning dangerous practices, I’d rather see those same agencies ban the use of ISPs that regularly deliver known malicious traffic to government servers, PCs and mobile devices. If that is too much, how about just banning cell phone number spoofing?
- Be aware of what data is processed on which sort of devices, then consider which hardware and software providers you are allowing. Be aware of what your adversaries’ motives are, for example: China is big on data exfiltration, theft of IP, while Russia is big on disruptive behavior. Make an active risk determination, then review them over time. Implement technical and administrative controls which follow those assessments. The risks to US or State government data are different than the risks to your data, however if you’re processing data on their behalf, you’re probably going to have to implement their restrictions to be able to continue to process that data.
- This is about what data can be collected by the app; where and how the data can be accessed; and dossiers built from this and other data sources. Can companies be trusted to protect user data from government access, given national laws? Interestingly, government doesn’t think so; or perhaps this is also a bit about ‘tech nationalism.’
- In an abundance of caution and at the risk of being accused of economic nationalism. One might well object to lumping products like Kaspersky, merely suspected of divided loyalty, with TikTok, a known bad actor.
Read more in
