China Could Be Using TikTok to Spy on Australians, but Banning It Isn’t a Simple Fix

Hypothetically, it would then be possible for Chinese authorities to use biometric data to identify people using facial recognition. It would also be possible to map rooms and locations by using “feature extraction” (a machine learning method) on videos.

This could then aid the creation of new, advanced deepfake videos potentially targeting specific people.

While this may seem far-fetched, there have already been preemptive TikTok bans within major organizations to ensure sensitive information isn’t leaked.

For instance, the app has been banned from devices used by the Australian Defense Department, the US Department of Defense, and even entire countries – with the Indian government announcing a nationwide ban last month.

Privacy Issues
ByteDance claims its data is stored in servers in the U.S. and Singapore: “Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.”

TikTok’s privacy policy is ambiguous. As of January, it states: “You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.”

From a user privacy perspective, TikTok has access to a device’s location and a user’s personal information. Although TikTok’s servers may be located outside China, it’s very difficult (if not impossible) to confirm where this data could end up, or what it could be used for.

While the location of servers can be important, possession of data is more relevant. Once data is obtained, it can be used. If data is stored on a server in Australia, for instance, Australian jurisdiction applies. But once it is sent to another country, that country’s laws take precedent.

And if a TikTok user decides to delete their content from their device, or if there is a government-imposed ban, data can’t be retrospectively erased. Once information is transferred, it’s impossible to retract without the cooperation of the organization or agency concerned (in this case, TikTok).

Can the Government Actually Ban TikTok?
The fact is, enforcing an Australia-wide ban on TikTok isn’t a simple prospect. While the federal government could request the app’s removal from the Apple App Store and Google Play Store, it could only do this for Australian regions and marketplaces.

Users in Australia would still be able to download TikTok from another region’s store, or via a third-party source. Also, banning the app won’t automatically remove it from devices on which it is already installed.

Blocking access to TikTok’s servers would be done in conjunction with internet service providers (such as Telstra and Optus), as they can block access to apps and websites. But users could still use proxies or Virtual Private Networks (VPNs) to circumvent these controls.

And even if TikTok was banned, citizen data already handed over would remain stored, and could be accessed for the foreseeable future.

Paul Haskell-Dowland is Associate Dean (Computing and Security), Edith Cowan University. James Jin Kang is Lecturer, Computing and Security, Edith Cowan University. This article is published courtesy of The Conversation.