Some universities are scrutinizing or blocking usage of the social media platform TikTok on school devices and networks amid cybersecurity concerns surrounding the video-sharing app and its parent company, ByteDance.
TikTok and Chinese company ByteDance has been gaining attention for connections with Chinese state media and potential influence from the Chinese government. The company was even reported to have been tracking and spying on journalists.
The University of Oklahoma (OU) said in a statement that it will be reviewing potential security concerns related to TikTok. Last month, Oklahoma Gov. J. Kevin Stitt issued an executive order banning state government agencies, employees, and contractors on government networks or government-issued devices from using the app.
“Given recent clarification from the Governor’s Office that Executive Order 2022-33 does not apply to public universities, we will undertake a review of the security concerns that TikTok may pose to our network systems while giving consideration to how a ban would impact our university community,” the OU statement read.
Alabama Gov. Kay Ivey instituted a similar ban in Alabama. In response, Auburn University has begun work to block and remove TikTok on university-owned devices, at the same time clarifying that there is no general campus ban on the app.
“In accordance with Alabama Gov. Kay Ivey’s recent executive order requiring all state-owned networks and devices to block access to and from the TikTok social media application, Auburn University’s Office of Information Technology began blocking TikTok on campus via wi-fi access on Dec. 13,” Auburn said in a statement. “Efforts are underway to remove TikTok from all state-owned devices provided by Auburn.
“Note also that the new policy recommends removing TikTok from personal devices to protect a person’s privacy there as well. The governor’s order addresses the growing risk of intrusive social media applications harvesting data totally unrelated to business use of the platform.”
Oklahoma and Alabama are but two of the several states that have placed varying degrees of limitations on TikTok usage. The other states include Maryland, Texas, South Dakota, South Carolina, Nebraska, Utah, and Georgia.
In the case of Georgia, Gov. Brian Kemp has banned TikTok and messaging platforms WeChat and Telegram from government-owned devices, but due to state law, Kemp generally cannot give direct orders to public universities. Yet, the University System of Georgia has opted to adopt Kemp’s policy for its devices.
The video-sharing app is also getting scrutiny on the federal level, with the U.S. House of Representatives banning it from all House-managed devices and Congress passing a spending bill that makes it illegal to have TikTok on federally-issued devices.
Such concerns are warranted, said Dr. Richard F. Forno, assistant director for the Center for Cybersecurity at University of Maryland, Baltimore County (UMBC).
"You got all this data being collected, personal data being contributed to TikTok, and then user profiles and user interests and activities and all that kinds of stuff, that's all being collected and stored by ByteDance, which is a Chinese company,” Forno said. “From a security and privacy perspective, that does raise concerns, absolutely. … All this personal information ... is online in a data center physically outside of the U.S., which makes it much more difficult to ensure the security and privacy and how that information is being handled."
But while multiple states and federal agencies taking action against TikTok is not surprising, the restrictions being put in place will be ineffectual in terms of improving cybersecurity, Forno said.
“Blocking TikTok on government systems, devices, and networks can help,” Forno said. “But it's not a 100% solution because users (students, faculty, staff, other employees, visitors, etc.) can download TikTok to their personal phones/laptops and connect to TikTok over cellular networks, thus bypassing the school's restriction. Such restrictions make it more difficult to access TikTok, but not impossible since the university's security controls pretty much only impacts university owned networks and devices, not personal ones.
“Of course, another concern is that even if a person uses TikTok on their own device, you can bet they have contacts from work in their phonebook or email app, so even there there's still a potential for privacy concerns from the app.”
Given that a foreign entity owns TikTok, there is little power the U.S. has over it, said Dr. Bhavani Thuraisingham, the Founders Chair Professor of Computer Science at The University of Texas at Dallas and founding executive director of the school’s Cyber Security Research and Education Institute.
“If the platform is owned by someone else, then you have very little control over that,” Thuraisingham said. “If say, another country – in this case, China – is owning the platform, the owner of the platform will have access to almost all the information. The question now is how are they going to use that information. That is the worry. ... There could be some sensitive information or something.”
One concern Thuraisingham has is that malicious actors can get access to devices through social media accounts. This worry goes beyond just TikTok and applies to other social media platforms as well, Thuraisingham said.
“Now, you can use the same argument and say that other countries banning Facebook – because Facebook is in the U.S., and so Facebook has access to all the information – you could say that some other country may not want people to use Facebook,” Thuraisingham said. “The power lies with the people who have access to this information. That's my biggest concern.”