The House of Representatives has voted to ban TikTok, which has previously faced scrutiny from various levels of the government. The vote will move to the Senate, where it will be determined whether or not this ban is to take effect. 

Security leaders weigh in 

Narayana Pappu, CEO at Zendata:

“There are two sides to the TikTok platform, content generation and content consumption. A significant portion of TikTok content generation comes from outside the US which in turn drives consumption/engagement in the US and brings in the audience for businesses to target. This is where the biggest impact will be, even if Bytedance divests the business to a US buyer and transfers the algorithms and existing user data.

“TikTok has in the past confirmed that user data is stored in China. With this ban, and the potential divestment that might change where the US user data is stored in US, there would also be better controls on who has access to user data and removal of potential backdoors, another common practice with services associated with CCP and China.

“These services, as well as the data collection, targeting, sharing networks behind them, are extremely complex. You cannot expect an average user to make sense and figure things out by themselves. The federal governments involvement and guidelines help protect users and create better guardrails with accountability to platforms.” 

Claude Mandy, Chief Evangelist, Data Security at Symmetry Systems: 

“The passing of the bill by the House comes hot on the heels of the Executive Order to protect sensitive data from countries of concern.  However this ban takes it a step further by prohibiting the use of applications controlled by countries of concern (or subject to the control of a foreign adversary as defined in Title 10) being offered in US app stores and hosted in the US. The focus on control of the application rather than the content being shared, data being collected, AI/ML models being trained or even the security of the app and code itself is telling. The narrative that this will help address the influence of hostile foreign actors in social media doesn’t acknowledge that this is happening across all social media platforms regardless of the control of the app. The focus on the control of the app in its entirety, also ignores the harsh truth that application code developed by ByteDance (as an example) is widely used and adopted in other applications not controlled by ByteDance. 

“The obvious implication of the bill being passed and potential ban being imposed on TikTok as a result will be most keenly felt by small businesses, influencers, and content creators. These users have built up huge followers and rely on TikTok as their only revenue source.  The immediate impact on cashflow could be devastating. The larger businesses using the platform to market to their target audience, may not feel the impact as keenly - given there are alternatives to TikTok that they can migrate to.”

Craig Jones, Vice President of Security Operations at Ontinue:

“In the realm of digital privacy and security, balancing the interests of technology, law, and freedom of speech becomes a precarious task. As guardians of cybersecurity, CISOs are thrust into this complexity, navigating uncertain waters to ensure compliance, protect data, and uphold corporate reputation, even as the digital landscape evolves.

• “Enforcement challenges: Even if a law exists banning the use of TikTok, enforcement would indeed be a complex issue. This could potentially involve IT departments having to remotely uninstall apps from company devices, or monitor usage to ensure compliance. However, for personal devices, enforcement becomes tricky, especially if the apps were downloaded before the ban. It's possible to restrict access to company resources if the app is present on end user systems enforceable via MDM.
• “Legal Repercussions for Carriers: In my opinion, it's not entirely clear what role carriers would have in this scenario. They generally don't have control over which apps users install on their devices, so it seems unlikely that they would face legal action for facilitating what would be considered an "illegal download."
• “Digital Privacy and First Amendment Rights: Banning an app, such as TikTok, could be seen as a potential infringement on freedom of speech, though national security and data privacy concerns might override this. Additionally, the ban might raise concerns about government overreach in terms of policing internet usage. The law is viewed by some as a potential risk to freedom of digital expression and user rights. The law's potential impact on individuals and businesses that rely on TikTok for various purposes—self-expression, information sourcing, or small business operations—cannot be overlooked.
• “Implications for CISOs and their Teams: A ban on TikTok could potentially have significant implications for corporations or government agencies that use social media for business purposes. They would need to ensure their employees comply with the ban and may need to find alternative platforms for their social media strategies. They also need to be aware of potential data privacy or security risks posed by these platforms.

“CISOs should care about these developments as they have implications for their organization's compliance with laws and regulations, data security, and even their organizational reputation. They need to ensure that their organization's use of social media aligns with their overall cybersecurity strategy, data privacy requirements, and legal obligations.”