Governors’ TikTok bans make sense, cybersecurity experts say

At least 18 states, most led by Republican governors, have banned staffers’ use on government devices of the social media app TikTok over concerns about the possible security risks posed by the Chinese-owned company. They say the app can be used to collect data from users’ devices, which the Chinese government could then access.

Some states have gone even further, banning apps and products such as WeChat, QQWallet and AliPay from other Chinese companies.

In Maryland, Republican Gov. Larry Hogan authorized his chief information security officer, Chip Stewart, to issue such an emergency directive. The directive prohibits state employees from using TikTok as well as information technology products and platforms from four other Chinese companies and a Russian one. Agencies must remove the products from state networks and stop using them.

“A lot of states issued executive orders, saying, ‘We’re banning TikTok.’ That’s great for today,” Stewart said. “But tomorrow, what if you have a new product you want to ban? Are they going to issue an executive order for each one?”

The governors of least three other states — Georgia, New Hampshire and Virginia — also went beyond TikTok to ban WeChat and other apps and products from various Chinese companies.

Over the past few weeks, governor after governor has announced a TikTok ban for state employees.

On Wednesday, Kansas Gov. Laura Kelly became one of the first Democratic governors to ban the use of TikTok on the state-issued devices of government workers under her. Kelly’s action came five days after Congress approved the $1.7 trillion omnibus spending bill that banned TikTok from most U.S. government-issued devices for employees. 

<p>At least 18 states have banned staffers' from using TikTok on government devices over concerns about possible security risks.</p>

Kevin Frayer, Getty Images/TNS

At least 18 states have banned staffers' from using TikTok on government devices over concerns about possible security risks.

Florida Republican U.S. Sen. Marco Rubio wants to go even further. He introduced a measure, which has a bipartisan companion bill in the House, that would ban TikTok from operating in the United States, along with any other social media company in or under the influence of China, Russia and several other “countries of concern.”

Then-President Donald Trump tried in 2020 to ban TikTok from U.S. app stores, citing security concerns, but a federal judge blocked that effort.

This November, FBI Director Christopher Wray testified at a congressional hearing that his agency is “extremely concerned” about TikTok’s operations in the United States. He said the Chinese government could use it to collect data on users and control the app’s algorithm to manipulate content and launch influence campaigns.

This month, Wray again warned about the possibility of TikTok user data getting into the hands of a Chinese government “that doesn’t share our values,” and said China could collect it for espionage.

Cybersecurity experts say the governors’ bans are a smart move.

“States oversee law enforcement, transportation, utilities. There is good reason for governors to be involved in this,” said Anton Dahbura, executive director of Johns Hopkins Information Security Institute, a cybersecurity academic and research center. “It’s not just the obvious security that someone could bring down the power grid. It’s infiltration of systems to obtain confidential information that is quite valuable to foreign actors.”

TikTok, which allows users to create and share videos, has more than a billion users worldwide and more than 100 million in the United States. The state bans would not apply to employees’ personal devices, as long as they aren’t connected to state networks.

A TikTok spokesperson said the accusations against the company are false and that the Chinese government is not involved in its operations.

“It is unfortunate that the many state agencies, offices, and universities on TikTok in those states will no longer be able to use it to build communities and connect with constituents,” spokesperson Brooke Oberwetter said in an email.

In response to the concerns in the U.S. that American users’ information can being shared with the Chinese government, TikTok announced this year that it moved all the data to Oracle, a Silicon Valley company. But TikTok said it would still store backups of that information.

Oberwetter, the TikTok spokesperson, said though the parent company was founded in China, TikTok has offices and operations around the world and is not a state-owned enterprise or otherwise controlled by the Chinese government.

But China has laws that require private companies to provide information to the government, said Holden Triplett, co-founder of Trenchcoat Advisors, a risk advisory firm headquartered in Washington, D.C.

“Any company located in China can have the best of intentions, but it doesn’t matter. In the end, if the Chinese government wants to force them to comply, they must,” said Triplett, who formerly was an FBI special agent and director of counterintelligence for the National Security Council.

While it’s true that other social media companies such as Twitter and Facebook also track users’ data, the experts say TikTok is different. Those companies are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.