When Maryland became the latest US state to ban the use of TikTok on government devices and networks last month, cybersecurity officials in the state of Connecticut turned to the FBI for guidance.
They wanted to know if the FBI had additional information to support a ban in their state amid dire warnings by the law enforcement agency’s leadership and Republican governors that the Chinese-owned app posed serious threats to privacy and national security.
“Good morning gentlemen. We’re looking for any recommendations on TikTok after Maryland moved to ‘ban’ its use,” Jeff Brown, the chief information security officer for Connecticut, said in an email to a contact at the FBI on December 7.
“Our logic is captured below, but we’d be interested in your thoughts. Appreciate any feedback,” Brown said in the email, which was also sent to contacts at the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security.
Brown included in his message an email chain in which he and Mark Raymond, Connecticut’s chief information officer (CIO), expressed agreement that Maryland’s ban appeared to be a case of “overreach”.
Offered a chance to provide additional information in support of a ban, the FBI contact declined.
“I asked one of my analysts to reach out to our HQ,” the FBI agent, who leads a team in Connecticut focused on cybercrime, said in an email to Brown.
“She emailed me towards the end of the day to say that she couldn’t find evidence that we had any additional information to share.”
Maryland and other states that had announced TikTok bans appeared to have “based their decisions on news reports and other open source information about China in general, not specific to Tik Tok,” the FBI agent quoted his analyst as saying.
“Sorry we don’t have more to offer,” the FBI agent said.
The CISA contact, a cybersecurity adviser for Connecticut, told Brown he had “no additional” information and would recommend deferring to the guidance of the FBI.
Al Jazeera obtained the Connecticut state government emails, along with emails from several other state governments, after submitting public records requests with the 50 US states and the District of Columbia.
Raymond, the Connecticut CIO, ultimately determined that the risk of TikTok was “low” based on the fact that, among other criteria, he had received no information suggesting Tiktok had misused data, concerns about the app appeared to have nothing to do with the platform itself, and a ban could “drive additional Chinese cyber activity and interest in Connecticut.”
He recommended that Connecticut Governor Ned Lamont, a Democrat, “take no action at this time” but continue to monitor the situation.
When contacted by Al Jazeera for comment, Raymond said protecting state networks is an “extremely high priority for us”.
“We regularly review security threats against the state and act as warranted,” he said. “We are supportive of national action on topics that may threaten our national security and continue to work with all our partners on the most appropriate recommendations for our state.
The episode in Connecticut, which has not been previously reported, stands in contrast to the dire public warnings FBI Director Christopher Wray has made about TikTok.
Wray has repeatedly warned that China could use TikTok to “manipulate content” to carry out influence operations and steal personal data for espionage purposes.
“All of these things are in the hands of a government that doesn’t share our values, and that has a mission that’s very much at odds with what’s in the best interests of the United States,” Wray told a University of Michigan event last month. “That should concern us.”
In response to a request for comment, the FBI National Press Office directed Al Jazeera to past comments by Wray in which he said the agency is advising the Committee on Foreign Investment in the United States (CFIUS) amid its discussions with TikTok on ways to address national security fears and expressed concern about the Chinese government forcing companies to hand over sensitive data.
TikTok’s parent company ByteDance, which has its headquarters in Beijing and is incorporated in the Cayman Islands, argues that the FBI’s warnings about the app relate to purely hypothetical concerns and no evidence has been presented of wrongdoing.
ByteDance has long insisted it would never share user data with the Chinese government and says it is working to address hypothetical national security risks as part of a deal it is negotiating with CFIUS.
“As we have said before, these state and university bans are not driven by specific intelligence about TikTok and are driven by misinformation about our company and our service,” TikTok spokeswoman Brooke Oberwetter told Al Jazeera.
“We stand ready to fully brief state and local officials about our comprehensive plan to address national security concerns, plans developed under the oversight of our nation’s top national security agencies.”
Even as bans on TikTok gather steam, tech experts — and even some government officials, as in the case of Connecticut — acknowledge there is little technical evidence to justify the level of fear and anxiety the video-streaming platform, one of the world’s most popular apps, has inspired.
Instead, most arguments for restricting the app have rested on broader mistrust of Beijing, including fears the Chinese government could access users’ personal data or manipulate public opinion for nefarious ends.
“We haven’t seen any evidence that TikTok is a greater risk than any other social media platform,” Cliff Lampe, a professor of information at the University of Michigan, told Al Jazeera.
“The sole concern expressed is that its main owner is a Chinese company — even though most TikTok traffic in the US is managed on US servers. The logic is that the Chinese government could importune TikTok for private user data.”
While the Trump administration first put TikTok in the crosshairs in 2020 with proposals for an outright ban, efforts to stymie the app gained momentum after South Dakota announced its ban in November last year.
South Dakota Governor Kristi Noem claimed the Chinese Communist Party used the app to “manipulate the American people” and said her state would have no part in the “intelligence gathering operations of nations who hate us”.
Among Republicans, the party affiliation of Noem and other governors that rolled out early bans appears to have had some influence in persuading other states to follow suit.
In December last year, the Republican Governors Public Policy Committee (RGPPC), a public policy organisation for promoting conservative policy at the state level, sent out a newsletter to Republican-led state governments highlighting recent bans in South Dakota, South Carolina, Maryland and Texas.
“Within the past week, four Republican governors banned or limited the social media platform, TikTok, on state devices,” Zach Swint, a senior policy adviser for the RGPPC, wrote in the December 7 newsletter.
In North Dakota, which banned TikTok on state devices on December 13, the newsletter prompted the chief of staff to Governor Doug Burgum to request state cybersecurity officials to “quickly determine if we have any state devices using TikTok and if we should consider an action like other governors below”.
“Please expedite this and send a recommendation as quickly as possible,” Jace Beehler said in an email dated December 8.
Lampe, the University of Michigan professor, said that states appear to have looked to each other for lessons on how to handle TiKTok “given their lack of expertise in the area”.
“The danger of that, however, is that if the legislation is misguided then it will replicate itself quickly with little critical examination. My sense is that part of this is that legislatures are mostly run by older people, who may see a youth-oriented social platform as banal, so the danger of being too strict is low.”
Bipartisan concerns
At least 28 US states, including Texas, Alabama, North Carolina and Georgia, have introduced bans on TikTok for government devices so far. While a majority are led by Republican governors, Democratic-led states such as Wisconsin and North Carolina have also rolled out bans, which have increasingly attracted bipartisan support.
In December, US President Joe Biden signed legislation containing a ban for federal government devices, while a number of Republican politicians are pushing legislation to ban the app outright. Universities in Texas, Oklahoma, Arkansas, Georgia and Iowa have in recent weeks also announced bans for official devices.
Marc Faddoul, codirector of AI Forensics, a European non-profit that researches the mechanics of TikTok, said that concerns that the app has access to large amounts of personal data and could be used to sway public opinion are both reasonable and mired in hypocrisy.
“The concerns, I think, are legitimate but I think the US government’s position is hypocritical because the same concern is true for any other country with respect to the American platforms,” Faddoul told Al Jazeera, adding that it is also important to acknowledge that the US government has more respect for democratic norms than its Chinese counterpart.
“The US government could and has in the past leverage their power, their domestic companies for national security interests and could in the context of a war make use of it potentially to filter to promote specific types of information.”
Faddoul said discussions should focus more on protecting user data across the industry instead of just TikTok alone.
“I do believe that a better approach is to do something that is systematic for the whole industry in terms of data protection laws,” he said.
Even as a majority of US states have rolled out TikTok bans, some state officials have expressed ambivalence about the app.
In some cases, state governments have carved out exemptions in recognition of the app’s usefulness for some official business.
In Utah, which banned TikTok on state devices on December 12, officials at the Division of Juvenile Justice and Youth Services sought an exemption to allow some staff to access the app, emails obtained by Al Jazeera through a public records request show.
In South Carolina, one of the first states to announce a ban, officials retroactively introduced changes to allow “identified” law enforcement personnel to access TikTok, according to emails obtained via a public records request.
In New Jersey, where Democrats control the governorship and both branches of the legislature, the state’s top cybersecurity official last month expressed a preference for restricting the app to “separate and isolated devices” rather than a total ban, according to emails revealed by Al Jazeera last month. New Jersey, like most other Democratic-led states, has yet to publicly announce restrictions on the app.
Some states appear to have preferred a quiet approach to limiting the use of TikTok.
In Michigan, Caleb Buhs, the state’s director of communications, told colleagues TikTok would be added to a list of social media platforms not approved for official use from the following month, emails show.
Michigan has not yet announced a ban on the app and Democrat Gretchen Whitmer, the state’s governor, continues to operate a TikTok account where she regularly posts videos.
Sara Collins, an expert in data protection and consumer privacy at the non-profit Public Knowledge, said TikTok’s links to China deserve scrutiny, but the controversy around the app has distracted from the broader lack of privacy protections in the internet age.
“Given China’s authoritarian government and its control of its corporations mean that TikTok rightly deserves additional scrutiny,” Collins told Al Jazeera.
“However, the discourse surrounding the TikTok bans have mostly moved away from addressing specific risks and become a convenient way for politicians to signal they are anti-China. TikTok, like all social media platforms, collects enormous amounts of data about its users. As we have seen with other major tech companies, this constant surveillance can cause harm.”