The furor over TikTok is unlikely to go away. The recent appearance of company CEO Shou Zi Chew in front of a US Congressional committee did not alleviate concerns among members of both US political parties about the potential of the Chinese government accessing US citizens' information and conducting potentially nefarious activities against their users and the US itself.

The concerns are in the context of ongoing US-China tensions, including the increasing use of technology as a point of contention between the two countries' governments. The recent spy balloon episode only ratcheted up the tension further. Shou is not a Chinese citizen, having been born and raised in Singapore, attended college in London and the United States, and worked in London for Goldman Sachs early in his career.

He did, however, work as the CFO for China's smartphone company Xiaomi, which had revenue exceeding $45 billion in 2022. And of course TikTok is owned by Beijing-based ByteDance (although incorporated in the Cayman Islands), a company in which Shou Zi Chew led an early investment team in 2013.

Let's Ask the Experts
Politicians grandstand more than they probe real issues, so it's difficult to assess if TikTok is a real threat based on Shou's appearance before Congress. IDCA News asked three people in the tech industry who know something about security what they made of this business.

Bruce Schneier, the prominent cryptographer and security consultant, was asked whether TikTok poses a true security risk to its user. “Probably,” he answered. “The Internet is built on surveillance, and pretty much every company spies on their users constantly. TikTok does nothing that Facebook and Google -- and everyone else -- don't do. And all these companies give use data to their government on demand. So just as Facebook and Google hand use data to the US government in respond to a court order, TikTok will give data to the Chinese government under whatever legal regime is in force there.”

He cushioned his words a bit by describing the notion of the Chinese government getting information on US citizens as “a pretty esoteric risk,” but also noted “it's real. So this is the question: do you trust a company that is located in a country whose government you don't trust?,” he asked. “It's a good question, and a difficult one.”

Not Malignant, But Troublesome
Lori MacVittie, the noted F5 Evangelist and a person who describes herself as “really opinionated, actually” made remarks similar to Bruce's, noting, “I'm not sure it's actual 'cybersecurity' in the sense of systems or data that's at risk, but more traditional information that's at risk. There have been enough revelations of taps into software feeding various official organizations of many countries in the past. To assume TikTok is different would be folly.”

Former IBM Fellow and CTO of Open Technology Christopher Ferris provided the caveat that his remarks were “just my opinion and not a researched position on cybersecurity,” while saying “I suspect that they are tracking journalists critical of China’s government as well as some politicians using it. I suspect that there is a privacy policy issue with the data they collect, (yet) I don’t think it is necessarily a case that TikTok will become malignant and take over people’s phones.”

Chris also noted that he didn't hear an “actual cybersecurity vulnerability mentioned, (but) seemed largely about some far flung notion that China could order the company to do something malign.”

Lori did not cite a specific cybersecurity risk either, but said to remember we live on a “public” not “private” Internet, so can expect the “purposeful sharing of sensitive information and the ability of others to see that information, regardless of your intent to share it or not.” As far as potential action by the US government against TikTok, she said we should “remember, the US government banned Furbies (in 1998).”

Indeed. The three wise ones we consulted don't see a malignant threat here, but seemed to strongly echo the famous maxim uttered by Sun Microsystems CEO Scott McNealy a generation ago, “You have no privacy. Get over it.”

Image from IBM.