Why A US FCC Commissioner Is Asking Apple And Google To Ban TikTok Immediately
In 2020, an iOS update revealed that TikTok was frequently monitoring users’ keyboards, three months after ByteDance, the company behind TikTok, promised to remove the app’s keyboard snooping. Not even a month later, a Wall Street Journal report found that TikTok was violating Google Play Store policies by exploiting a security vulnerability to uniquely identify Android devices by way of MAC addresses. The app was able to leverage the vulnerability to hide this tracking activity, leaving users without a choice to opt out of this form of unique identification. Then, in 2021, TikTok released an updated privacy policy stating that it may collect faceprints and voiceprints for a wide variety of reasons, including demographic classification, content and ad recommendations, and “other non-personally-identifying operations.”
All of these incidents and more have been cause for concern among privacy advocates, particularly given how popular and fast-growing the video sharing platform is. TikTok hit 3 billion total downloads in Q2 2021 and its viewership is growing faster than YouTube. On top of these privacy concerns are national security concerns. ByteDance is headquartered in Beijing, China and has been accused of being beholden to the Chinese Communist Party (CCP), which could mean that the CCP has access to TikTok user data. TikTok has sought to distance US operations from China by storing US user data outside of China. However, the physical location of TikTok servers doesn’t necessarily mean that US user data isn’t accessible from China.
As part of negotiations with the US Committee on Foreign Investment in the United States (CFIUS), TikTok announced last Friday that all US user traffic is now being directed to Oracle Cloud Infrastructure. The company currently maintains its own backup servers in both the US and Singapore, but according to the announcement, TikTok plans to “delete US users' private data from [its] own data centers and fully pivot to Oracle cloud servers located in the US.” However, in one of the leaked audio recordings, TikTok’s head of global cyber and data defense stated that “It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we're building our VMs [virtual machines] on top of it.” This admission calls into question whether the new Oracle Cloud Infrastructure can properly be considered independent from TikTok in a way that isolates US user data.
Amidst these latest revelations, Brendan Carr, an FCC Commissioner, has released a letter on Twitter calling on Apple and Google to remove TikTok from their app stores. In the letter, Carr writes that “TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data. Indeed, TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints … and voice prints. It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. The list of personal and sensitive data it collects goes on from there.”