U.S. officials have repeatedly expressed concern that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment (allegations Beijing denies).
But TikTok, the popular video-sharing application, is a different type of data collection opportunity for China because Americans are willingly handing the information over, a senior Department of Justice official alleged Wednesday.
“[Y]ou have an instance of Americans voluntarily signing onto this product as opposed to the Chinese stealing the data or the Chinese buying the data,” said John Demers, the assistant attorney general for national security. “And that’s what the recent executive order was meant to address,” Demers said, referring to the Aug. 6 directive from President Donald Trump that will ban transactions with ByteDance, TikTok’s Chinese parent company, and Tencent, another Chinese tech firm, starting Sept. 20.
TikTok, which is wildly popular in the U.S., has denied any wrongdoing and said it is “fully committed to protecting our users’ privacy and security.”
But the video-sharing platform is now caught up in a much broader clash between the world’s two biggest economies over access to technology. The Trump administration has also engaged in a years-long effort to blunt the market dominance of Chinese telecoms provider Huawei.
Demers framed the alleged national security threat from TikTok as part of a broader “Chinese [government] appetite for large volumes of sensitive personal data.”
“99% of that data they will not be interested in from a counterintelligence perspective,” Demers said on a webcast hosted by the Center for Strategic and International Studies. “But once they’re interested in somebody… they can mine those existing data sources to find out what that person’s financial life is like, what their health life is like, what they’re married life is like.”
Like countless other mobile apps, from Facebook to Snapchat, the TikTok app can access information about a user’s device. An analysis of TikTok by an independent security researcher found no signs of “suspicious behavior” or unusual data exfiltration from the app.
A report in the Wall Street Journal did find that the app collected unique identifiers from millions of mobile devices running the Android operating system, an apparent violation of Google Play store terms.
“It’s not TikTok itself that we’re worried about…it’s the Chinese government’s access to the TikTok data under their national security laws that we worry about,” Demers said.
One element of the U.S. strategy to curb China’s alleged economic espionage, and even its traditional spying, has been to charge hackers linked with Beijing with crimes. The latest charge came in July, when U.S. prosecutors accused two men of working with China’s civilian intelligence agency to steal data at firms working on a potential coronavirus vaccine.
When asked Wednesday whether there is likely to be another China-related hacking indictment by the end of 2020, Demers said, “yes,” but declined to elaborate.