UK gov’t asks National Cyber Security Centre to review TikTok
The UK government has asked the National Cyber Security Centre (NCSC) to review TikTok in a move that could prefigure a ban on the app on government devices.
Speaking to Sky News, security minister Tom Tugendhat said the government has asked the NCSC to look into the popular video sharing app — telling the broadcaster he did not rule out a ban but wanted to wait for the Centre’s review to conclude. “Understanding exactly what the challenges that these apps pose, what they are asking for and how they’re reaching into our lives is incredibly important,” he said.
The development follows a report in the Sunday Times at the weekend which suggested a ban is incoming. The newspaper suggested TikTok is set to be banned from all government devices — after initial security assessments had raised concerns about the safety of sensitive data.
We’ve reached out to the Cabinet Office about the NCSC review and the reports of a ban incoming and will update this report if we get a response. Update: A spokesman declined further comment, saying only: “All departments have robust processes in place to ensure government IT devices are secure, including managing risks from third party applications.”
TikTok was also contacted for comment. A company spokesperson said:
While we await details of any specific concerns the UK government may have, we would be disappointed by such a move. Similar decisions elsewhere have been based on misplaced fears and seemingly driven by wider geopolitics, but we remain committed to working with the government to address any concerns. We have begun implementing a comprehensive plan to further protect our European user data, which includes storing UK user data in our European data centres and tightening data access controls, including third-party independent oversight of our approach.
Concerns about security and the privacy of TikTok user data — along with worries that the video-sharing platform’s algorithm-driven content feed might be being used as a conduit for Chinese Community Party propaganda or to run state-backed information operations seeking to manipulate public opinion in the West — have led to a series of bans on the China-owned app by other governments and public institutions in recent months — including the European Commission, the Belgian federal government and the US House of Representatives.
Back in mid 2020, the Indian government went even further — banning TikTok and a swathe of other Chinese made apps, meaning citizens can’t even download them for personal use — saying it was taking the step over concerns the software posed a risk to national security and to “the sovereignty and integrity of India”, as it put it at the time.
Former US president Donald Trump also caused headaches for TikTok later the same year — when he inked an executive order banning transactions with ByteDance, the parent company of TikTok, and also sought to ban the app from the US.
The Trump TikTok ban ended up stalled and a subsequent attempt by him to force the Chinese company to sell TikTok’s US operations to Oracle was also shelved. But while the next US president, Joe Biden, went on to revoke the Trump administration’s TikTok actions he also signed a new order requiring the Commerce Department to review apps with ties to “jurisdiction of foreign adversaries” that may pose national security risks — so US attention on TikTok remains.
The company has responded to Western security concerns by announcing a number of major data localization infrastructure programs.
Last year it claimed all US users data had been moved to Oracle servers in the US. Similar moves in the EU are ongoing — meaning EU users’ data hasn’t yet been ‘localized’ — but TikTok recently dialled up its regional PR efforts, saying it will layer new data access and control processes on top of locally stored data, along with a promise to engage an external auditor, in a bid to counter concerns that employees outside the bloc can still access European TikTok user data.
In parallel, the overarching question of the legality of TikTok’s regional data exports remain under investigation by EU data protection authorities.
The social media platform is facing further bad press in the region today: A report in the Financial Times contains allegations the company mishandled claims of sexual harassment against a senior manager at its London office. Five former employees told the newspaper they had experienced or personally witnessed sexual harassment at the organisation in its UK and European offices.
In a statement responding to the FT’s report, a TikTok spokesperson said:
“Harassment of any kind in our workplace is completely unacceptable and will be met with the strongest form of disciplinary action possible. We’re fully confident in the rigour of our process for surfacing, investigating and taking action on any and all complaints of this nature.”
UK gov’t asks National Cyber Security Centre to review TikTok by Natasha Lomas originally published on TechCrunch
from https://techcrunch.com/2023/03/14/tiktok-uk-ncsc-security-review/
No comments: