In reading observations, opinions, and analysis on the TikTok ban, I wanted to take a step back and look at the problem holistically. First, how is the TikTok ban different from the Kaspersky or Huawei ban or restrictions?

• TikTok is an online platform that both hosts content for content providers and simultaneously serves up content, curating it, for consumers.
• This means TikTok has access to data to decipher patterns and information from both sides of a connection.
• For the content provider, they make it desirable to use their platform over another through benefits and popularity of the platform.
• For the end user, they have the ability to curate content to targeted audiences. For instance, children in China see STEM videos and in the US, the content looks very different. From a national strategy perspective, this could lead to a greater divide between students from each nation for the impacted generation(s).

A major difference between TikTok, Huawei and Kaspersky is that TikTok is an application that rides over Internet infrastructure and Huawei and Kaspersky produce products that are Internet infrastructure or supplement the capabilities of infrastructure. The Internet can remain free and open without use of specific infrastructure, endpoint equipment, or tools. TikTok operates on the Internet and requires filtering of some type (several methods are possible) to censor access, accommodating a ban in a region.

•  Huawei provides infrastructure, including routers and network equipment aimed at service providers.
  • Hardware-based threats that have led to infiltrations of network were likely a key concern in this ban.
  • While Huawei and other network equipment providers follow international standards to ensure interoperability across vendors, they each have points of differentiation that complement the required standards.
  • Priorities in implementations vary between these equipment providers and this can be seen at international standards meetings.
  • Huawei generally does not have access to plain text, but may gain access to aggregate flows, and may be able to track people's habits simply based on those flows
• Kaspersky is well-known for their threat intelligence services, offering a culturally inspired diverse viewpoint from other analysts. This is a positive contribution as we layer our own biases in work products and having international sources for threat intelligence is very important. Kaspersky also offers products to reduce the threat of malicious content from gaining access to an organization’s endpoints.
  • Similar to TikTok, there is a concern that the installed products could serve as an agent to leak information about the user or organization that installs its products.
  • Kaspersky has access to people's operating systems with a potential to track or bug a system.
  • Different from TikTok is that such a ban does not restrict Internet access or create the need for a national firewall.

National-level Censorship

The technical controls behind a ban set a bad precedent. The idea of having TikTok owned by a US company struck a sort of balance on concerns. The primary issue on a ban that results in a requirement for national-level censorship is that it begins to break down the concept of a free and open Internet. Now we have firewall (of some sort) access requirements to censor content as opposed to the current censorship models that may be deployed by a network operator to prevent porn or malicious content from entering a network they manage in which users have signed acceptable use policies. In other words, we do have filtering options today either through DNS-based solutions or scanning products, but they are optionally deployed by the owners of a network. Users are subject to the policies and filtering if they operate within the bounds of that network, usually with a signed agreement for awareness and consent. These users have an option to use other networks that do not have the restrictions but may need to use separate equipment to operate on the free and open network.  

There are a few key concerns with TikTok usage:

• Management of data by a foreign adversary,
• The ability to track users of TikTok, and
  • TikTok has access to plain text of millions of people, including the metadata on content preferences and other stored data.
  • This provides a huge source of intelligence as well as a means to serve misinformation in targeted ways.
• The ability to curate content for audiences. TikTok can decide who sees what, which can lead to a skewing of views within a region or globally.
  • For example, in China kids using TikTok are exclusively served educational content including STEM and learning videos 
  • Content curated for children in the US is not exclusively educational and could serve as a national strategy on the part of China as a way to break down the knowledge gap even further for future generations. As parents and citizens, it is our duty to manage appropriate access. Some parents utilize filtering solutions, some ensure all content viewed is in a public place in their home to prevent inappropriate access.
• TikTok through its parent ByteDance is compelled to share data with Chinese authorities on their demand.

Impact on Content Providers

An entire aspect I had failed to consider and was made aware of through a thoughtful post from Julie Michelle Morris, is the impact on content creators. As she stated, this ban presents an enormous impact to numerous small businesses who use TikTok as a platform to directly earn revenue or raise awareness for their products and services. The user base will be difficult, if not impossible, to replicate on a new platform especially if it is a base built over many years. A ban results in a shift where users may go to any number of other platforms, which means a particular type of user may no longer be present on the same application to develop the user base again.

Application Selection

In response to the ban, numerous users are seeking alternatives. Unfortunately, this is through word of mouth and does not consider the concerns on TikTok may apply to the next application selected. Charles Mok points out in a LinkedIn post that RedNote is also Chinese owned and suffers the same set of problems as TikTok. He goes on further to say, "there's only ONE TRUE Little Red Book -- Chairman Mao's little bible,” shedding light on the origin of the name for the application.

Even if you are selecting an application that is managed within your own country, policies and legislation are on a continuous evolution as we play in the tussles that influence technology based on cultural norm differences, government and military strategies, and influence from technology and standards.

Consider where your application was developed, where data is stored, and how access to that data is curated when selecting your applications of choice. This may be a periodic review requirement since technical policies from application providers and even legislation changes over time.

The replacement applications may or may not share desired feature sets,but may win your approval due to policy decisions or other factors. Watching users decide if they want to continue on Facebook due to recent changes raises considerations on features, such as the ability to share content with restricted groups versus fully public posts. Applications with that contrast were intended for differing use cases.

Summary

There’s an opportunity to develop new alternatives so that users can make informed choices on Internet applications and parents should be monitoring what their kids do online. Instead of the filtering options mentioned above, my child has a limited list of sites they are allowed to use to ensure age-appropriate content with limits on screen time.

I don’t have any answers as this is a complex problem but do think it is important to uncover all of the considerations to lead to the development of better answers for the future.

Blog reviewers:

Eliot Lear

Julie Michelle Morris