OPINION:
A version of this story appeared in the Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each Wednesday.
Over the past few weeks, the social media site TikTok has spread a plethora of disinformation and propaganda, including misleading posts about the war between Israel and Hamas and the offensive viral video about Osama bin Laden’s “Letter to America.”
Cyberspace can be a force multiplier for freedom of speech and commerce. But it turns out that the internet and social media also provide an unregulated playing field vulnerable to exploitation by our adversaries, such as Russia, Iran and North Korea, to cyberthieves and terrorists.
In the case of TikTok, it is China that has us in its crosshairs.
That’s because the Chinese tech giant ByteDance owns TikTok, which has more than 1 billion users worldwide, including roughly 100 million in the U.S. A recent Pew Research Center study found that over 30% of adults between the ages of 18 and 29 rely on TikTok for their news.
TikTok hosts user-submitted videos, which might appear to have been created by a U.S. citizen or some other seemingly benign “influencer,” but might just as well be a Chinese intelligence officer seeking to twist our political discourse with propaganda in advance of the 2024 presidential election.
TikTok’s multifaceted threats extend well beyond influencing public opinion with algorithms designed to learn a user’s interests, adjust content to encourage the user to use the app, and disseminate Chinese propaganda and disinformation.
TikTok is also a rich source of personal information and an unmatched supplier of data to power China’s growing artificial intelligence capabilities. When users download TikTok, they must give ByteDance access to their phone’s microphone, camera, location services, contacts and data storage.
China’s spies engage in social engineering, the art of using information about users’ hobbies, interests and online proclivities to trick them into revealing sensitive, protected information. Social engineering enables the most destructive cyberattacks, such as China’s notorious hack into the Office of Personnel Management’s federal employee files in 2015. Chinese spies ruthlessly target business figures, particularly those in high technology, as well as government officials responsible for national security.
Responding to pointed questions from members of Congress at a March hearing, Shou Zi Chew, CEO of TikTok’s U.S. subsidiary, preposterously claimed there was a strong firewall between the American-based subsidiary and its Chinese ownership.
It is worth noting that in April, China’s National People’s Congress updated a 2014 anti-espionage law to close the remaining loopholes in government control over Chinese businessmen at home and abroad. All Chinese businesses, including ByteDance, which enjoys valuable “backdoor access” to TikTok, do the bidding of Chinese intelligence — and, ultimately, the ruling Chinese Communist Party.
Consider National Security Agency Director Paul Nakasone’s March Senate testimony, when he emphasized that the one-third of young American adults who get their news from TikTok or use it for entertainment purposes are effectively playing with a “loaded gun.”
FBI Director Christopher Wray rang alarm bells about TikTok being “ultimately within the control of the Chinese government. … It screams out with national security concerns.”
CIA Director William Burns warned that Beijing would “shape the content of what goes on to TikTok to suit the interests of Chinese leadership.”
That’s why the U.S. military and the Transportation Security Administration have banned TikTok on government devices. And this past May, Republican Gov. Greg Gianforte made Montana the first state to ban TikTok within its borders.
But more needs to be done.
While our policymakers and legislators consider the feasibility and constitutionality of blocking TikTok (and presumably other nefarious apps as well) through app store restrictions, granting more authority to the Federal Communications Commission — which has no power to regulate the internet or companies that operate on the internet, or perhaps through following through on demands that ByteDance sell off its American operations, others can help as well.
The U.S. intelligence community can take three steps to harden our defenses. First, cyber operations do not begin from a “cold start.” Good cyber defense requires active collection inside the networks, including TikTok, where disinformation, propaganda and massive data downloads are taking place.
Second, the lines between the public and private sectors are blurred and opaque in cyberspace. Like Russia, China maintains symbiotic, sometimes proxy relationships with hacker communities, which conduct cyber operations that can’t be traced. The intelligence community needs to uncover, track and disrupt those networks.
Third, effective cyber defense requires a holistic approach, recognizing that cyberspace is intertwined with other battlefields — real and virtual — where conflict can occur. Using the findings of the intelligence community, the U.S. government should be more forthright about the threats TikTok poses to our democracy, our economy and our individual well-being as citizens.
Being warned about our adversaries’ use of a nefarious cyber Trojan horse is to be forearmed — in this case, with the sensible use of a smartphone delete key.
• Daniel N. Hoffman is a retired clandestine services officer and former chief of station with the Central Intelligence Agency. His combined 30 years of government service included high-level overseas and domestic positions at the CIA. He has been a Fox News contributor since May 2018. Follow him on X @DanielHoffmanDC.
Please read our comment policy before commenting.