A leading Australian cyber security expert says it is time to stop playing “whack-a-mole” with one social media app and instead evaluate them all.
TikTok has been at the centre of a debate around data privacy for some time, with its CEO even appearing in front of the United States Congress.
Following advice from national security and intelligence agencies, the federal government has banned TikTok on government devices. Victoria has followed suit. They join the likes of the US, UK and New Zealand in doing so.
Many proponents of the ban have cited a law from China that requires a Chinese company to hand over any data to the government, if asked. ByteDance, which owns the social media app, has denied its user data can be supplied to Beijing.
Nigel Phair, the director at UNSW’s Institute for Cyber Security, is eager to see the report that compelled Australia to ban TikTok on government devices.
Mr Phair doesn’t think people should be more worried about TikTok than any other app.
Some experts are pleased by Australia’s ban. Speaking to ABC’s RN Breakfast on Tuesday, Alastair MacGibbon, chief strategy officer at Cyber CX Australia, said it was a step in the right direction.
“This is not around things made in China, as it’s often depicted, this is an argument about things controlled by China,” he said.
“There’s a fundamental difference between normal electronics manufactured in China and electronics that are controlled essentially under the laws of Beijing.”
Time to evaluate them all
Mr Phair said he thinks it’s time we had a discussion that goes well beyond TikTok.
He says if you look at the other mainstream social media apps, Facebook, Instagram and Twitter, the information they collect is near identical.
“So, I think it’s time we had a much bigger discussion, rather than trying to play whack-a-mole and ban one app because, do you ban the next one at some stage, whatever it might be?” he questioned.
Australia needs to evaluate what it means to participate on these social media apps, Mr Phair says, which he states are, in essence, a form of entertainment.
The heart of the discussion is about what it means to set the privacy permissions on social media apps so that individuals are only sharing data they feel comfortable about sharing.
“Legislation is not the answer. It’s about education and information and giving people the choice,” he said.
As for the ban itself, Mr Phair thinks it won’t work.
Data sharing concerns
Mr MacGibbon expressed concern not only about TikTok handing over information to the Chinese government, but also reducing the visibility of activists and using the app to track journalists.
Mr Phair said we all leave digital traces of ourselves online – but people should be more worried about the things they voluntarily share online, as opposed to what data a social media company has on them.
These days, people will upload photos of their children in their school uniforms and display on their social accounts where they live, for anyone to see.
Social media companies are social enterprises, and their main objective is to make money for their shareholders. If the app is free, then the individual is the product, Mr Phair said.
Generally, an app will ask to access your contacts or photos or geolocation and this is all done to enhance the user experience.
People should be savvy enough to notice red flags – if a flashlight app is asking to access your contacts, alarm bells should be going off, Mr Phair said.
However, a social media app asking to gain access to your phone’s camera or location is just allowing the app to operate as it is intended.
“It wants to give you the most targeted, precise experience with advertising and that’s why it wants your location,” he said.
Governments’ access
When thinking about a foreign government accessing data about you, it’s important to know what they are getting, and if they can’t get it anywhere else.
Mr Phair says this is why he would be curious to get his hands on the government’s threat assessment regarding TikTok. If a social media company can determine your preferences because you ‘liked’ a video, is that really concerning? That is a question for the individual.
It’s not just TikTok that may or may not be surrendering your data to governments.
“All companies put out a transparency report every six months where they give up all requests from governments around the world,” Mr Phair said.
“And governments around the world request data from all the app manufacturers.”
For example, from January to June last year, Meta had 237,414 government requests for user data. The US accounted for the largest number of requests, with more than 69,000, with 87.97 per cent resulting in data being turned over by Meta.
Meta does provide some case studies where data was handed over to the government – in many cases shared by Meta, it related to alleged crimes, fugitives or terrorist attacks.
As Meta notes on its website, the company responds to data requests from governments “in accordance with applicable law and our terms of service”.
“Each and every request we receive is carefully reviewed for legal sufficiency and we may reject or require greater specificity on requests that appear overly broad or vague,” Meta states.
TikTok’s response to ban
Lee Hunter, general manager of TikTok Australia and New Zealand, slammed the ban ahead of the official announcement, saying the company had tried to work with the government regarding the policy.
Mr Hunter also says TikTok should not be treated any differently to other social media platforms.
“Again … there is no evidence to suggest that TikTok is in any way a security risk to Australians and should not be treated differently to other social media platforms,” he said.
-with AAP