TikTok’s Estranged Relationship With Privacy and Security
After India, the United States is considering imposing a ban on Chinese video-sharing platform TikTok citing child privacy concerns
On Monday, the Secretary of State Mike Pompeo told Fox News in an interview that the Trump administration is “looking at” banning multiple Chinese social media applications including ByteDance’s video-sharing platform TikTok, which is immensely popular with teens.
Secretary Pompeo added that people download the application “Only if [they] want private information in the hands of the Chinese Communist Party”.
A Reuters report stated that the Federal Trade Commission and the United States Department of Justice are probing into the way TikTok handles its user data and investigating the allegations surrounding the app’s subsequent failure in honouring its 2019 agreement to comply with Children’s Online Privacy Protection Act (COPPA) regulations.
The Federal Trade Commission’s data states that about 200 million people, including 65 million in the US downloaded TikTok in 2019.
According to Statista, as of January 2020, about 37.2% of active users fell under the 10-19 year age group, while 26.3% and 16.7% of TikTok’s demographic comprised of individuals aged from 20-29 and 30-39 years of age respectively. As of now, almost half of TikTok’s user base is comprised of children alone.
TikTok (then known as Musical.ly) in the past required users to provide personal data such as their email address, phone number, full name and a profile picture to set up their accounts, but did not have an age confirmation parameter. This practice continued for the first three years, allowing users below the age of 13 (which the Electronic Code of Federal Regulations defines as a ‘child’) to sign up while the application actively collected and stored information from them. Thus, in turn, the application forwent the identification of children and not only failed in barring them from creating user accounts, but also failed to obtain verifiable parental consent required under the e-CFR to collect, use or disclose personal information collected from children.
In July 2017, the application began requiring age verification before allowing users to set up accounts but did not disable existing accounts being operated by minors.
As for any application with a young user demographic, it wasn’t too long before TikTok became a hunting ground for sexual predators. Alongside several reports of unwarranted sexual advances, the Los Angeles Times in February 2019 reported a 35-year-old man who had vulgar exchanges with underage girls while impersonating 13-year-old boy on the platform.
The list of disasters is lengthy. Until October 2016, the application included a ‘my city’ feature that could allow one to view musers (musical.ly users) in their vicinity, with a radius of 50 miles —potentially allowing other users to track their location.
Under the violation of COPPA, TikTok was slapped with a fine of $5.7 million on February 27, 2019. The video-sharing platform had resolved to change practices to ensure stringent COPPA compliance, but it seems little has changed since then.
TikTok: Out of Time?
ByteDance has already lost its largest digital market this quarter, after the Indian government’s crackdown on TikTok and 58 similar applications whose origins could be traced back to China stating “they [applications] are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order.”
This comes as a debilitating loss for ByteDance, which according to CNN, had collected an estimated $1 billion in ad revenue from India, and growing steadily in the country at a rate of 50% y-o-y. As one could’ve guessed, this is not the best time for the firm to endure another setback.
From this vantage point, TikTok’s track record has been nothing short of disastrous, and the gaping holes in the security along with its relationship with the Chinese government have a lot to do with its recent ban.
Earlier this year the New York Times uncovered major security flaws intrinsic to the application, potentially allowing hackers to exploit user data and steal personal information through phishing attacks, the most common type of cyber-attack online. Coupled with the young and impressionable minds of TikTok’s user base, the vulnerabilities and subsequent attacks are a recipe for disaster.
When an application surges in popularity like TikTok, it’s impossible to keep them from reaching juvenile social circles. When an application with the likes of TikTok is written, the developers must be cognisant (or made cognisant) of the demographics of its user base, and such an application must be timely patched keeping data security and privacy as its foremost priority, and data collection itself should be kept minimal.
The Age Appropriate Design Code of the Information Commissioner’s Office devises standards of age-appropriate design of online services to appropriately safeguard children’s online data. What’s needed of information society services is to adopt a set of similar measures to protect the privacy and security of children online.
Because let’s face it — we can’t keep them away from mobile phones and tablets forever.