A strong and serious warning has been handed down by the Chief Administrative Officer (CAO) of the House of Representatives about the use of the app TikTok in any official capacity.
This past Wednesday, an extensive two-page memo was handed out to staffers on Capitol Hill, which was obtained by Politico, about the CAO’s recommendation that the members of Congress and their offices refrain from downloading or making use, to any degree, the Chinese-owned social media application in order to talk to or message their members, highlighting extreme national security concerns. The CAO memo highlights, in specific, the excessive permissions requests from the app, potential security risks in regard to using the app, and its entire and intentional lack of transparency about how it deals with the data of its users. It also puts a spotlight on just how the app harvests content for any data, which could include information that might be labeled as sensitive.
“TikTok is a Chinese-owned company, and any use of this platform should be done with that in mind,” stated the office in the dispersed memo. “The ‘TikTok’ mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved with its use. Additionally, we believe the user base should be aware that this application is known to store users’ Data Location, Photos, and other Personally Identifiable Information (PII) in servers located in China and potentially mined for commercial and private purposes.”
The memo notes that TikTok “actively harvests content for identifiable data.” As stated in the memo, “TikTok ‘may collect biometric identifiers and biometric information as defined under US laws,’ including ‘faceprints’ and ‘voiceprints,’ from videos users upload to their platform.”
The document also states that the app automatically gathers information about devices that make use of the app, which includes location data based on the SIM card of the device, GPS data, and IP address; information about how the user makes use of the app, which includes any content uploaded by or created by the user; data sent via the built-in messaging feature of the appl all metadata attached to the uploads; cookies; the names of files on the device; battery health; and even the rhythms and patterns of the keystrokes of the user.
The CAO also highlighted several quite specific concerns it had over security:
- The app requests external storage access
- The app saves images in the device’s photo album
- According to the CAO, the app may also be able to access other information including Wi-Fi networks; Device and SIM card serial numbers; device ID; phone number; GPS information; and the clipboard.
- Device mapping – the device can gather all other apps on the phone and retrieve other apps that are running
- The app checks the device’s location every hour
- The app has ongoing access to the phone calendar
- The app “continually requests access to contacts until given”
“To reiterate, we do not recommend the download or use of this application due to these security and privacy concerns,” ended the memo, citing another report from back in 2020 that the app had already been banned for all military service members.
Quite a few Democratic members of Congress who had been making use of the app shared their concerns with The Hill. “We only just put something up for the first time. So it’s not something I have used extensively. I do have concerns about the company. … So this is always a dilemma,” stated New Jersey Rep. Tom Malinowski.
“TikTok has been a way to reach young and otherwise disengaged people, but now that we have more details about the security risks of having it on government devices, we will pause on usage until we feel safe and get further clarity,” explained a spokesperson for the office of New York Rep. Jamaal Bowman.
