As 2023 begins, open up the most-downloaded charts for free apps on iOS and Google and you’ll find TikTok where it usually is: on top. The video-centric social app currently ranks No. 3 overall in both stores, trailing only a shopping app and mood diary (on Android) and a to-do app and video editor (on iOS). That video editing app is CapCut, by the way, and it is also developed by ByteDance; CapCut is an app for making TikTok videos.
Downloads are a crude metric for capturing an app’s cultural impact, but there’s no doubt that TikTok has retained its dominant position among social apps as the year begins. It’s the place where new trends are born, pop stars are minted, and young people spend a staggering share of their time.
But while American teenagers spent their holiday break installing TikTok on their brand-new iPhones, US government officials were taking a much more skeptical view of the app and its Chinese parent company, ByteDance. A movement to ban the app that began with Republican state governors quickly spread to Congress, and now TikTok is forbidden from being installed on devices owned by the federal government.
According to Reuters, 19 of the 50 states now restrict access to TikTok on government computers, with most of the bans being passed during a two-week period last month. That’s in addition to school districts and other parts of the public sector, which have introduced restrictions of their own.
Jamf Holding Corp., which sells software to organizations to enable filtering and security measures on iPhones and other Apple devices, said its government customers have increasingly blocked access to TikTok since the middle of this year.
About 65% of attempted connections to TikTok have been blocked this month on devices managed by Jamf’s public sector customers worldwide, including school districts and various other agencies, up from 10% of connections being blocked in June, the company said.
In some cases, these are largely symbolic protests: relatively few state agencies were maintaining significant presences on TikTok, and motivated hackers would likely have easier and more useful ways to surveil government targets than by accessing their TikTok data.
But amid an ongoing trade war with China, distrust of ByteDance is the rare tech issue on which Republicans and Democrats found bipartisan agreement. The $1.7 trillion spending bill that President Biden signed into law on Thursday contained a provision banning TikTok from devices under federal management; it is also banned in the House of Representatives and the Senate.
All of which raises a question that had seemed mostly resolved since Trump left office: could TikTok be banned in the United States, period?
Biden is proving to be quite hawkish on Chinese tech
Trump tried and failed to forcibly divest ByteDance of TikTok and hand it to one of his top fundraisers, Oracle CEO Larry Ellison. Biden has taken a less thuggish approach to his China dealings, but in the end is proving to be quite hawkish on Chinese tech: he has worked to prevent China from developing advanced chips, plans to limit US investments in Chinese tech, and will restrict the ability of Chinese apps to collect data about Americans. (Guess who that last one is aimed at.)
Since Biden took office, TikTok has been working to reach a deal with the Council on Foreign Investment in the United States that would let ByteDance continue to own the company while putting TikTok’s user data, recommendation algorithms, and corporate governance into a kind of quarantine.
The company shared more details about its plans just before Christmas with Reuters. Here are Echo Wang and David Shephardson:
To overcome these hurdles, TikTok has sought to provide new layers of oversight to the U.S. government. It has expanded Oracle’s role to ensuring that TikTok’s technology infrastructure is separate from ByteDance, the sources said.
Oracle will review both app codes, which determine the look and feel of TikTok, and server codes, which provide functions such as search and recommendations, according to the sources. The reviews will occur at dedicated “transparency centers” visited by Oracle engineers, with the first one scheduled to open in Maryland in January, one of the sources added.
TikTok has also proposed to form a “proxy” board that would run the [US Data Security] division independent of ByteDance, the sources said. This division is headed on an interim basis by Andrew Bonillo, a former U.S Secret Service agent, and until a security deal with the U.S. is reached it reports to TikTok Chief Executive Shou Zi Chew.
A basic template for the deal was in place by August, a TikTok spokeswoman told me today. But the Biden administration has been slow to make a decision, as different government departments and agencies disagree about how to move forward, Reuters reported.
In that respect, the story of TikTok’s future is a familiar one to anybody who has followed the past half-decade of US tech regulation. Lawmakers hold hearings and draft rules, but succumb in the end to infighting and paralysis. The only changes we ultimately see come either from regulation in Europe or competitive pressures from rivals.
ByteDance can ill afford a high-profile mistake
But while that has been the story to date for Facebook, YouTube, Twitter, and others, TikTok’s position appears to be much more serious. For all the criticism that Facebook in particular took during that period, it was never banned from federal government devices. And while banning TikTok for consumers would surely cause a furor, Biden’s China posture to date suggests that he may be willing to do it anyway.
At such a fraught time, ByteDance can ill afford a high-profile mistake. And yet in the days after more states began to ban TikTok, an internal investigation found that ByteDance employees had used TikTok to record journalists’ physical locations using their IP addresses. It was apparently part of a leak investigation in which ByteDance attempted to discover reporters’ sources — particularly sources for Forbes’ Emily Baker-White, who has broken a series of important stories about connections between TikTok and ByteDance over the past year.
According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of stories exposing the company’s ongoing links to China. As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.
“I was deeply disappointed when I was notified of the situation… and I’m sure you feel the same,” Liang wrote in an internal email shared with Forbes. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals. … I believe this situation will serve as a lesson to us all.”
As Baker-White noted, this represented a sharp reversal from October, when ByteDance tweeted that “TikTok has never been used to ‘target’ any members of the U.S. government, activists, public figures or journalists.” Analyzing TikTok reporters’ physical locations in an effort to out their sources certainly qualifies under my definition of targeting — and it met a lot of lawmakers’ definitions, too.
It’s difficult to overstate the degree to which the TikTok spying scandal has undermined the goodwill the company spent the past few years cultivating through its transparency centers, public research APIs, and similar industry-leading measures. For years, executives have openly scoffed at the idea that their app could be used to surveil Americans. But in the end it was used for exactly that purpose. And worse, it was used against the Americans working to understand the relationship between ByteDance and TikTok.
“The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data,” the company told me over email. “This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users. We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”
I hope that’s true. But as the movement to ban TikTok accelerates, the company can no longer plead innocence to charges of targeted surveillance. For a handful of reporters, “TikTok is spying on you” was the rare conspiracy theory that turned out to be true. And as 2023 proceeds, that could give President Biden all the reason he needs to finish what Trump started.