Skip to main content
  • Sections
  • Search

Center for Strategic & International Studies

User menu

  • Subscribe
  • Sign In

Topics

  • Climate Change
  • Cybersecurity and Technology
    • Cybersecurity
    • Data Governance
    • Intellectual Property
    • Intelligence, Surveillance, and Privacy
    • Military Technology
    • Space
    • Technology and Innovation
  • Defense and Security
    • Counterterrorism and Homeland Security
    • Defense Budget
    • Defense Industry, Acquisition, and Innovation
    • Defense Strategy and Capabilities
    • Geopolitics and International Security
    • Long-Term Futures
    • Missile Defense
    • Space
    • Weapons of Mass Destruction Proliferation
  • Economics
    • Asian Economics
    • Global Economic Governance
    • Trade and International Business
  • Energy and Sustainability
    • Energy, Climate Change, and Environmental Impacts
    • Energy and Geopolitics
    • Energy Innovation
    • Energy Markets, Trends, and Outlooks
  • Global Health
    • Family Planning, Maternal and Child Health, and Immunizations
    • Multilateral Institutions
    • Health and Security
    • Infectious Disease
  • Human Rights
    • Building Sustainable and Inclusive Democracy
    • Business and Human Rights
    • Responding to Egregious Human Rights Abuses
    • Civil Society
    • Transitional Justice
    • Human Security
  • International Development
    • Food and Agriculture
    • Governance and Rule of Law
    • Humanitarian Assistance
    • Human Mobility
    • Private Sector Development
    • U.S. Development Policy

Regions

  • Africa
    • North Africa
    • Sub-Saharan Africa
  • Americas
    • Caribbean
    • North America
    • South America
  • Arctic
  • Asia
    • Afghanistan
    • Australia, New Zealand & Pacific
    • China
    • India
    • Japan
    • Korea
    • Pakistan
    • Southeast Asia
  • Europe
    • European Union
    • NATO
    • Post-Soviet Europe
    • Turkey
  • Middle East
    • The Gulf
    • Egypt and the Levant
    • North Africa
  • Russia and Eurasia
    • The South Caucasus
    • Central Asia
    • Post-Soviet Europe
    • Russia

Sections menu

  • Programs
  • Experts
  • Events
  • Analysis
    • Blogs
    • Books
    • Commentary
    • Congressional Testimony
    • Critical Questions
    • Interactive Reports
    • Journals
    • Newsletter
    • Reports
    • Transcript
  • Podcasts
  • iDeas Lab
  • Transcripts
  • Web Projects

Main menu

  • About Us
  • Support CSIS
    • Securing Our Future
Photo: AFP via Getty Images
Commentary
Share
  • LinkedIn
  • Facebook
  • Twitter
  • Email
  • Printfriendly.com

How Scary Is TikTok?

July 14, 2020

After a long, untroubled slumber, the United States has awoken to the risks of China’s massive espionage campaign. China’s spies are inventive, tolerant of risk, and well resourced, making them formidable opponents. China has constructed the world’s largest surveillance state and does not hesitate to use information technology to spy on its citizens and others. Anything that is Chinese and connects to the internet can create risk.

So it is unsurprising that TikTok, the wildly popular entertainment app, has fallen under suspicion. If you have ever watched TikTok, you know it is a channel for short, homemade videos, usually young adults lip-syncing songs or copying some favorite meme, accompanied by the usual dog and cat videos that crowd the internet. This seems harmless. What are the charges against TikTok?

There are four: Chinese intelligence services harvest useful information from TikTok; the personal information TikTok collects when you open an account can be exploited by the Chinese state; downloading the app gives access to Chinese malware; and TikTok is a vehicle for Chinese influence operations. None of these charges hold up to scrutiny. 

It is good that Chinese espionage and cybersecurity have become major topics of concern in the public discussion, but sometimes that discussion seems more like a robotic repetition of charges irrespective of probability rather than a careful assessment. If you have watched TikTok, you may find it addictive, but it contains nothing of intelligence value. If the Chinese services have been driven to attempt to find intelligence value in 15-second videos of lip-syncing teenagers, they are in desperate shape. So charge one makes no sense.

Nor is the personal information (PII) supplied to TikTok useful. It is the kind of data collected by most apps—check out the permission you have given to some popular location apps. China does not need PII on young adults, since its 2015 hack of the Office of Personnel Management (OPM) supplied it with the federal form (SF-86) used to apply for classified positions. These forms contain a wealth of personal information—marital arrangements, mental health, employment history, arrests, or military service. OPM was the largest of a series of Chinese hacks against medial insurance companies and travel services associated with federal employees and provided the Chinese with a trove of invaluable information for counter-intelligence purposes used to identify U.S. intelligence officers and their Chinese agents. The OPM data appears to have never been used for blackmail (the dating app Grindr would have been much better for that, and even it was never used for blackmail). In any case, TikTok stores PII outside of China and says it does not share it with the Chinese government, a statement that is probably credible as TikTok knows sharing PPI with China would kill its business. Charge two makes no sense.

Getting a user to download a “poisoned” app is a good technique for surreptitiously installing malware, but it is also well known. With swarms of cybersecurity research scrutinizing TikTok for flaws, no malware has been discovered. Nor have there been outflows of information, which shows either admirable discretion from the Chinese as they perhaps wait for TikTok to reach one billion users or a complete lack of interest given the kind of information on TikTok and the nature of its users, neither of which could be considered prime targets for collection. Charge three is, at best, not proven, and it seems safe to reject it.

Charge four reflects the growing Chinese efforts to influence Western politics to adopt attitudes more favorable to China. This is a difficult task for a Leninist police state, and Chinese influence operations have not been persuasive. Here is a video of a Chinese rapper chanting about how Western media fabrications misrepresent China. It is dreadful. Here is another with a collection of Chinese pop stars crooning about the benefits of the social credit surveillance system. Even if it wasn’t in Chinese, it is hard to see U.S. teenagers hypnotized into rushing out to buy a copy of Xi Jinping Thought (a bestseller in China but a bit dry). TikTok as a Chinese influence engine is outlandish.

TikTok needs to do better on dealing with Chinese censorship. They, like many information technology companies, say they must respect the laws of the country in which they operate. This approach was not a problem when we did not recognize the worsening political conditions in China. It is not a problem unique to TikTok—Hollywood would never dare to make a film critical of China, given the importance of its market (the Chinese are under no such constraint, and films where Americans are the villains are not uncommon), and can at times pander to China. TikTok’s best course would be to copy the practice of others. If it chooses to have one set of content for China and another for everyone else, it can create what is essentially an internal Great Firewall. But if TikTok must respect the laws of the countries in which it operates, it must respect the laws of the United States, which do not permit censorship. Chinese government requests to remove content should not apply in the United States, and the process for administering them must be transparent. The model here might be Google’s reports on law enforcement requests or government requests to remove content.

These problems are not uncommon for social media companies, all of whom wrestle with content control, and if anything TikTok’s actions reflect a lack of maturity in company processes. This will improve over time. Beyond that, given official discomfort with TikTok, the company may need to change its ownership structure. TikTok is a U.S. company owned by a Chinese parent, ByteDance. ByteDance could accept being a passive investor in TikTok with no operational or management functions, or it could divest itself and sell TikTok the way that the Chinese company Kunlun was forced by the Committee on Foreign Investment to divest itself of Grindr.  

China continues to be hostile, meaning that there will be a messy and drawn out divorce between it and the United States. TikTok is caught in the middle, and some actions, while masked as security concerns, seem more intended simply to punish China. There are good reasons to be deeply concerned about China and espionage, but TikTok is probably not one of them. China’s troubling behavior and the politics of the relationship mean that TikTok will need to assuage the concerns of the United States and other countries, and this may include divestiture, but as the company works through this problem, don’t be afraid to let your teenager use one of their favorite apps. 

James Andrew Lewis is a senior vice president and director of the Technology Policy Program at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2020 by the Center for Strategic and International Studies. All rights reserved.

Written By
James Andrew Lewis
Senior Vice President and Director, Strategic Technologies Program
Media Queries
Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Paige Montfort
Media Relations Coordinator, External Relations
Tel: 202.775.3173
Related
Commentaries, Critical Questions, and Newsletters, Cybersecurity and Technology, Data Governance, Innovation and Digital Transformation, Strategic Technologies Program

Most Recent From James Andrew Lewis

On Demand Event
The Future of Quantum – Driving Innovation and Security from the Government
May 16, 2022
Commentary
Who's Leaving Whom in the Dust?
By James Andrew Lewis
May 6, 2022
In the News
Russia’s cyber warfare against Ukraine more nuanced than expected
The Hill | Ines Kagubare
May 1, 2022
On Demand Event
AI and AVs: Implications in U.S.-China Competition
April 27, 2022
Report
Strategic Competition in the Financial Gray Zone
By James Andrew Lewis, Eugenia Lostri, Donatienne Ruy
April 25, 2022
In the News
War & Cryptocurrency - Russia’s Options to Use It in Ukraine Appear Limited
Forbes | Eric Tegler
April 21, 2022
In the News
Biden’s options if Russia hacks U.S. infrastructure
Politico | Maggie Miller
April 20, 2022
Commentary
Technology and the Shifting Balance of Power
By James Andrew Lewis
April 19, 2022
View all content by this expert
Footer menu
  • Topics
  • Regions
  • Programs
  • Experts
  • Events
  • Analysis
  • Web Projects
  • Podcasts
  • iDeas Lab
  • Transcripts
  • About Us
  • Support Us
Contact CSIS
Email CSIS
Tel: 202.887.0200
Fax: 202.775.3199
Visit CSIS Headquarters
1616 Rhode Island Avenue, NW
Washington, DC 20036
Media Queries
Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Paige Montfort
Media Relations Coordinator, External Relations
Tel: 202.775.3173

Daily Updates

Sign up to receive The Evening, a daily brief on the news, events, and people shaping the world of international affairs.

Subscribe to CSIS Newsletters

Follow CSIS
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram

All content © 2022. All rights reserved.

Legal menu
  • Credits
  • Privacy Policy
  • Reprint Permissions