Author
Hallie Stern
Date
March 21, 2024
Featured in Deft9 News & Analysis
Most social media platforms have found themselves at the center of regulatory scrutiny at one point or another. From the Cambridge Analytica Scandal on Facebook, to the “57 pages of Twitter Controversy” listed on Wikipedia, they’re all guilty of undermining public discourse. But does it mean they should be shadow-banned from public view?
The common thread among them is their tendency to amplify misleading or deceptive content. This raises concerns about content moderation and censorship. Issues like voter interference, conspiracy, addiction, and even the spread of harmful diet tips further compound these challenges, fueling discussions about the boundaries of free speech protected by the First Amendment.
Debates frequently revolve around how much responsibility platforms should bear in policing hate speech, harassment, and extremism, but no conclusion is ever generally met. We can all agree that narrative manipulation is amongst the most prominent of global challenges. In fact, the World Economic Forum deemed narrative manipulation both the biggest long-term AND short-term risk per the Global Risk report of 2024…
Against this backdrop, TikTok has emerged as a focal point for government leaders. But what distinguishes TikTok from other platforms, prompting such heightened concern?
Shadow-Banning Baby Gronk
Let me ask you this: when you download a new application to your phone, do you read the terms of service? What about the privacy agreement? Personally, I don’t. I scroll to the bottom of the page and click the “agree” box in order to use the app immediately. I’m assuming most of you do the same. Here lies the problem.
When you download any application that collects and/or stores personal information, the app is required to disclose it. In most cases, the disclosure will say something like “in order to personalize your experience we use your data for X, Y, Z…” Fine. Show me what I want to see. Then I proceed to my cat videos and my daily “get ready with me.” Not a big deal, right?
Frankly, the U.S. government doesn’t care whether Baby Gronk “rizzed up Livvy” or “if it’s cake.” It would rather monitor your taxes. The issue, despite the constant attention to “disinformation,” doesn’t really have anything to do with the narratives you see at all. At least, not at first.
It has everything to do with what you do off the app.
Understanding Data Collection
When you download a new application to your phone, whether it’s TikTok, Instagram, or a video editor, you’re giving it access to everything else to which you’re connected, in addition to everything else you do. This can be for a range of reasons, like validating your identity, showing you location-specific content, or, the most common, personalizing your experience, as mentioned above.
Here’s a diagram of how it might work, courtesy of Snowplow, a popular behavior data aggregation tool:
Personal Identifiers
Associated algorithms measure personal identifiers like your user ID, your phone’s serial number, what network you use, what cell tower you’re pinging to, what credit cards are in your Apple wallet, your call logs, timestamps, communications, contacts, emails, notes, other applications you use, what you do or write in those applications, location records, and more, in order to determine who you are and what best to show you next.
Once in the data warehouse, this data can be measured against your other touch-points. That is, the same kinds of data, collected by the other platforms on your phone. By cross-referencing your behaviors, your identity can be de-anonymized for use in hyper-targeting in information campaigns (or worse).
Ever feel like your social media is listening to you? It might be. But not in the way you think. By using all of these touch-points, it doesn’t have to tap into your mic or watch you through your camera. All it has to do is “infer” your behaviors through predictive analysis, using this data.
Data Privacy and National Security Concerns
TikTok’s algorithm rapidly spreads content, blurring genuine expression and manipulation. This is the main theme raising concerns of political influence and cultural shaping, and it distinguishes TikTok from other platforms.
The reality is, however, by the time you see a story, you’re already at the end of a funnel. The things you see are based on thousands of ranking signals. Some come from your platform interactions. Most come from your other data.
If you’re someone who is concerned with privacy and/or surveillance, you can imagine why the U.S.G. is concerned about this kind of data collection, or in other words, technical surveillance.
But Why TikTok Specifically?
TikTok is owned by ByteDance, a Chinese company that is known for its unethical data collection practices. It’s undergone quite a bit of scrutiny regarding its propagation of content pertaining to human rights in Tibet and the persecution of Uyghurs in China. This same data is also used for monitoring and tracking other targeted groups and individuals via the SDK kits embedded in their affiliated applications, including TikTok.
One of the most recognized affiliates of ByteDance is Toutiao, a popular news platform in China that recommends stories based on user behaviors and habits—collected from their off-platform usage. Sound familiar? Toutiao is notorious for touting false information across platforms and deliberately publishing inaccurate stories about global events.
ByteDance is also known to have entered into strategic partnerships with the Chinese Ministry of Public Security for the ministry’s public relations. Just last year, the U.S. Department of Justice accused 40 of its officers of “creating and operating thousands of fake social media accounts specifically to harass, intimidate, and silence Chinese dissidents living abroad”—including in the United States.
According to Reuters, they are suspected of operating over 100 additional websites disguised as local news outlets in Europe, Asia, and Latin America.
Chinese Intelligence Laws
China’s intelligence laws on data collected by TikTok primarily revolve around the legal framework that governs data collection, privacy, and national security on Chinese platforms. While TikTok operates globally, its operations and data practices are subject to Chinese laws and regulations.These include:
National Intelligence Law (2017)
Grants broad powers to Chinese intelligence agencies to collect intelligence both domestically and abroad. Article 7 is of special interest. It stipulates that “Any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.”
Cybersecurity Law (2017)
Imposes strict regulations on data collection, storage, and transfer within China. It requires network operators to store data collected in China on domestic servers. It also imposes security assessments on cross-border data transfers. While TikTok claims to store its U.S. user data separately, it’s still subject to these regulations as a Chinese-owned company.
Data Localization Requirements
Chinese laws, including the Cybersecurity Law and various regulations issued by Chinese authorities, often mandate data localization. This requires companies operating in China to store data collected from Chinese users within the country’s borders. While TikTok operates a separate app called Douyin, for the Chinese market, its data practices are subject to these requirements.
Data Access by Chinese Authorities
Chinese intelligence laws, including the National Intelligence Law, grant authorities the power to compel organizations and individuals to provide access to data and assist with intelligence work. While TikTok denies allegations of providing user data to the Chinese government, the legal framework in China allows for such access if requested by authorities.
With all this in mind, it is clear that the “shadow ban” of TikTok is less about narratives and more about user data in the hands of Chinese intelligence agencies. That is, if they don’t have it already.
While TikTok continuously emphasizes its commitment to user privacy and data security, critics argue that it simply cannot protect our data, even if it wanted to. The company’s ties to China and the legal environment there raise risks for user privacy and national security, particularly in countries like the United States, with geopolitical tensions with China.
In other words, the U.S. government does not want China tracking, monitoring, or targeting its people. Can you blame it?
Shadow-Banning TikTok
The commodification of personal data, across industries, is generally among the most disputed subjects among lawmakers in the United States. TikTok does not go against any specific terms of service per se—we do, after all, consent to its collection of our data when we download the app—but, in true shadow-ban fashion, the decisions to decrease visibility come down to the amount of reports or complaints mediators receive; not whether something is detected in your system.
That said, TikTok’s practices do contradict several laws and regulations in the United States that similarly govern the collection of data on U.S. individuals by foreign entities. They include:
Foreign Intelligence Surveillance Act (FISA).
FISA establishes procedures for the physical and electronic surveillance and collection of “foreign intelligence information.” It’s specifically important when it comes to “foreign powers and agents of foreign powers suspected of espionage or terrorism.”
Foreign Agents Registration Act (FARA).
FARA requires individuals and organizations acting as agents of foreign principals in a political or quasi-political capacity to disclose their relationship with the foreign entity. In doing so, they must provide information about their activities and finances. While primarily aimed at transparency in lobbying and advocacy efforts, it can also pertain to data collection activities by foreign entities.
Cybersecurity Laws and Regulations.
Various cybersecurity laws and regulations, such as the Cybersecurity Information Sharing Act (CISA) and the Cybersecurity Act of 2015, establish measures to enhance cybersecurity and information-sharing between government agencies and the private sector. These laws include provisions related to the collection and protection of data from foreign entities. Data on critical infrastructure and sensitive information are of particular concern.
Privacy Laws and Regulations.
While many U.S. privacy laws, such as HIPAA and the California Consumer Privacy Act (CCPA), primarily focus on domestic data collection and processing, they may also have implications for foreign entities collecting data on U.S. individuals, especially if the data involves personally identifiable information (PII) or sensitive data.
Executive Orders and International Agreements.
Executive orders and international agreements may also govern data collection activities by foreign entities operating within the United States or involving U.S. individuals and entities abroad. For example, executive orders related to national security or trade agreements may address data-sharing, privacy protections, and cybersecurity concerns.
And yes, the listed laws and regulations are from ChatGPT, which we’ll cover in another post.
Conclusion
According to CNN, the recently passed bill will “prohibit TikTok from US app stores unless it’s spun off from ByteDance.” If the company is not sold within five months of the bill’s passage, stores will no longer be able to carry TikTok. This could severely undermine the 150 million Americans who use the platform daily and the thousands of content creators who rely on the app for their income.
The question remains: which is more important? Profits or user privacy?