{"id":79013,"date":"2023-04-17T12:00:01","date_gmt":"2023-04-17T02:00:01","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=79013"},"modified":"2023-04-17T12:01:47","modified_gmt":"2023-04-17T02:01:47","slug":"australia-needs-a-cybersecurity-overhaul-not-whack-a-mole-bans-on-apps-like-tiktok","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/australia-needs-a-cybersecurity-overhaul-not-whack-a-mole-bans-on-apps-like-tiktok\/","title":{"rendered":"Australia needs a cybersecurity overhaul\u2014not\u00a0whack-a-mole bans on apps like\u00a0TikTok"},"content":{"rendered":"
<\/figure>\n

Australia has joined other countries in\u00a0announcing a ban<\/a>\u00a0on the use of TikTok on government devices,\u00a0with some states and territories following suit<\/a>. The rationale was based on security fears and, in particular, the risk that the platform will be used for foreign interference operations by China.<\/p>\n

TikTok<\/a>\u00a0is a video-sharing platform operated by\u00a0ByteDance<\/a>, a company headquartered in Beijing but incorporated in the Cayman Islands. Data is allegedly\u00a0stored<\/a>\u00a0in the US and Singapore.<\/p>\n

Like those of similar sites, TikTok\u2019s\u00a0privacy policy<\/a>\u00a0indicates an expansive approach to the collection and use of personal information. The app can collect information from users and third parties (such as advertisers), and it can draw inferences about its users\u2019 interests. All of this information can then be shared with TikTok\u2019s partners and service providers to, among other things, personalise content and advertising.<\/p>\n

The policy also says information will be shared when there is a legal requirement to do so. China\u2019s\u00a0national intelligence law<\/a>\u00a0obliges citizens and organisations to support, assist and cooperate with national intelligence efforts, which could include ByteDance sharing people\u2019s TikTok data.<\/p>\n

While TikTok\u00a0denies it would hand over data<\/a>\u00a0in such circumstances, there are reports that data from American users\u00a0has been accessed<\/a>\u00a0by China-based employees. TikTok has also\u00a0censored<\/a>\u00a0content that is politically sensitive in China.<\/p>\n

While the Australian government\u2019s response can be explained through this logic, questions remain.<\/p>\n

Given the ban only affects government devices, couldn\u2019t the same people be susceptible to foreign interference through\u00a0their use of TikTok on personal devices<\/a>? And what about other apps, such as Facebook, that collect significant amounts of user data. Are they more secure than TikTok?<\/p>\n

Even if other digital platforms don\u2019t have connections with China, couldn\u2019t they share or sell data to other entities, such as advertisers, data brokers or business partners? And mightn\u2019t those third parties have connections with China? Or other countries with similar laws?<\/p>\n

But the problem of digital security and foreign interference is bigger than just one app or the use of government devices. Russia\u00a0has run<\/a>\u00a0information campaigns designed to influence US elections using\u00a0platforms<\/a>\u00a0such as YouTube, Tumblr, Google, Instagram, PayPal, Facebook and Twitter.<\/p>\n

Indeed, the Department of Home Affairs\u00a0notes<\/a>\u00a0that foreign interference activities are not only directed towards governments, but also academia, industries, the media and other communities (which is actually everyone).<\/p>\n

Banning TikTok on government devices may eliminate one risk, but the broader pool of risks remains, both in government and beyond.<\/p>\n

The government is currently\u00a0developing<\/a>\u00a0a new cybersecurity strategy to replace the\u00a0one put in place by the previous government<\/a>\u00a0just three years ago. A\u00a0discussion paper<\/a>\u00a0on the new strategy was released earlier this year. This process will hopefully result in a more holistic strategy on how to manage the cybersecurity and foreign interference concerns that led to the TikTok ban.<\/p>\n

Rather than the whack-a-mole tactical response of banning one app at a time, the strategy could provide clarity on how the government will manage the issue of weak security on mobile apps (particularly when used by people in sensitive sectors), as well as the potential for this to be an entry point for foreign interference.<\/p>\n

This could include such things as:<\/p>\n