If the enemy offer an allurement, do not take it. - Sun Tzu from The Art of War

TL;DR

This blog post takes a very comprehensive look at how TikTok could be a national security threat to the West, and the United States in particular. To summarise the argument:

1. TikTok is the first Chinese app to penetrate Western markets and has done so with immense success (so far) with billions of users around the world. A big part of its success is the recommender system powering its 'For You Page', which has enabled the app to retain its users' attention a lot more than its competitors like Instagram and Snapchat.

2. The political backdrop of China is important for understanding the potential danger of TikTok's success to the West. The Chinese Communist Party (CCP) dominates China's political system and utilises it for its ideological aims. But since Xi Jinping became its general secretary, he has managed to cement his own thoughts and ideas into the constitution of the Party and therefore dictate not only the political direction of the CCP, but also of China. The country therefore moves towards the Chinese Dream according to his vision; China is the CCP, and the CCP is Xi.

3. The crux of the political ideology of the CCP is the pursuit of the Chinese Dream, which is about establishing China as the world superpower and imposing a Sino-centric world order that entails the global adoption of the Party's system of governance. As such, the CCP views the US as a direct competitor and threat.

4. In the pursuit of the Chinese Dream, the CCP establishes strong social control both at home and abroad. In doing so, it relies on the Chinese private sector to push its political aims with the support of a favourable legal framework that allows it to essentially force these companies to toe the Party line. ByteDance, the Chinese company that owns TikTok, is no exception to this and has been made to comply with orders from the CCP in the past.

5. The CCP therefore uses private sector companies to carry out its foreign policy, including its signals intelligence and information warfare operations, of which in practice are carried out by the People's Liberation Army (PLA). Huawei is a proven example of this. Thus, that TikTok has such a broad reach in the US and internationally, and that it collects a vast amount of data about its users and is equipped with a highly effective recommender system, it is reasonable to presume that the CCP and the PLA will inevitably use, and perhaps is currently using, TikTok against the US and the West in general. This is a concern that has been expressed by the US and UK governments, as well as NATO and the FBI.

6. As such, TikTok can be reasonably regarded as a national security threat because (a) information warfare can provide an effective way for an adversary to disrupt and disorientate its opponent, especially via social media which provides an injection point to deploy such operations, (b) there is a strong motive to exercise this power given the aims of the Chinese Dream and the will of the CCP to enact policies to achieve these aims, and (c) given the data it collects and the influence it can impart through its recommender system, TikTok presents a compelling opportunity for the PLA to execute its information warfare operations in accordance with the CCP's political ideology.

Ever since this debate became mainstream in 2020 when the Trump administration raised alarm bells about TikTok (and also after India banned the app in 2019), many have written about it being a genuine national security threat. But it seemed difficult to find articles/commentary going to the heart of the issues regarding TikTok and the nature and extent of the threat it presents. A couple that I have found that are quite good include one from Wired (which questions what makes TikTok different from other apps) and another from Lawfare. But even these articles do not address, in detail, each of the constituent parts of the argument for TikTok being a national security threat.

Thus, this is what this post is attempting to do; deliver a comprehensive outline of exactly how TikTok could be a national security threat, and thus why such claims are not necessarily outlandish or purely speculative.

This post is a long read, but this is maybe necessary given what I'm aiming for (and just below I have provided an outline of the different sections of this post to help navigate its contents). At the end of this post I have included a list of all the books referenced as well links to articles and other resources I used for my research.

If you have any comments, feel free to leave them below. Also consider subscribing if you like the content here on CS.

How this post is structured

1. Why TikTok has been so successful - This section gives an overview of how TikTok came to be and explores how its user interface and user experience are key to its immense popularity.

2. China's end game - This sets out the political ideology of the CCP (i.e., the Chinese Dream) and how this influences political governance in China and the Party's foreign policy.

3. Overview of Chinese signals intelligence (SIGNIT) - In this section, I look at Chinese SIGNIT, including the agencies responsible for China's information warfare operations.

4. Chinese national security law and policy - This section explores (i) the institutions responsible for national security policy in China, and (ii) the legal framework under which they operate.

5. The relationship between the State and private enterprise in China - This sections explains that, through a combination of authoritarian socialism and free market capitalism, the CCP maintains a very close relationship with the private sector in China to help with the execution of its policies. I show how Huawei is a typical example of this.

6. The data processed by the TikTok app - This sets out the personal data processed by the app, the processing purposes and the possibility of behavioural data and psychometrics being used.

7. Does China access TikTok data? - This section provides the various pieces of evidence suggesting that there is Chinese access of data collected and processed by the TikTok app.

8. How TikTok is a national security threat - This penultimate section outlines how TikTok could be used for information operations by the PLA in accordance with the CCP's ideology, and thus present a threat to the US and the West as a whole.

9. Concluding remarks - This contains my final thoughts.

1. Why TikTok has been so successful

TikTok is a social media platform focused on short-form videos that has become immensely popular over the last few years. To give just a few impressive stats:

• In 2021, it generated around $4.6 billion in revenue with 1.2 billion monthly active users in the fourth quarter of that year. (Business of Apps)

• The app has been downloaded over three billion times and was the first non-Meta app to reach this milestone. (SensorTower)

• Consumer spending on the app has now surpassed $2.5 billion. (SensorTower)

The platform is owned by ByteDance, which is a Chinese technology company headquartered in Beijing. TikTok is actually the international version of Douyin, which is a version of the platform for the Chinese market.

The TikTok we know today was born out of an acquisition of Music.ly by ByteDance in 2017 for somewhere between $800 million and $1 billion. Music.ly was another short-form video platform focused on lip syncing videos started by Alex Zhu (a former in-house futurist at SAP) and Luyu Yang (a former product manager). Before the acquisition, ByteDance had already launched its international version of Douyin in 2017, which it called TikTok, but this did not perform well initially. Douyin itself is based on another app that ByteDance develops called Toutiao, which is a news-aggregation app in China in which the dissemination of content is executed through a central content recommender system. Thus in 2018, after the acquisition, ByteDance combined its version of TikTok with Music.ly, and retained the name TikTok for the resulting app. Later that year, both TikTok and Douyin had accumulated 500 million monthly active users (MAU) around the world, which was more than double the MAU of Instagram at the time. TikTok also became the most downloaded app in iOS App Store throughout 2018, with users spending 52 minutes per day on the app (which was higher than any other app). In 2019, both TikTok and Douyin manage to reach 800 million MAUs.

(This podcast by Acquired provides a comprehensive timeline of TikTok, including its acquisition by ByteDance and how the app evolved into its current iteration.)

Matt Schlicht, CEO of Octane AI, sums up well the constituent elements of TikTok as a social media platform:

TikTok is the culmination of all social content platforms leading up to today — its mobile first, short form videos, with a heavy emphasis on music, comedy, dancing, intimacy, and trends. You can follow people, you can browse popular videos, and you can explore hashtags. (Emphasis added)

To explore this further:

• Mobile first - It is estimated that, in 2021, over 6 billion people across the world had a smartphone, making up roughly 83.32% of the population. Furthermore, according to DataReportal, the average American spends 7 hours and 4 minutes looking at their screens everyday. In the UK, the average is 6 hours and 12 minutes, and in China the average is 5 hours and 15 minutes. Across the world, the majority of this time is spent on mobile devices, and about 2 hours and 27 minutes of that time is spent scrolling through social media. Thus, clearly mobile apps present a lucrative business opportunity (based on the idea that attention = revenue), and this is why TikTok focuses its efforts on building an app fit for smartphones (more on this below).

• Short form videos - If mobile is the best medium to build a social media app for, then the next issue is what kind of content that app should be focused on. For TikTok, it is short-form videos. This is where the inspiration from Vine comes in; this was a platform bought by Twitter in 2013 that featured 6-second looping videos and was eventually shut down in 2019. When Zhu and Yang started Music.ly, they recognised how short form videos like the those on Vine were (and still remain today) a very popular format not only for content consumers but also content creators.

• Emphasis on music, comedy, dancing, intimacy, and trends - One of the prominent features of TikTok is the emphasis on ‘sounds’. These are “little clips of audio, usually between 15 and 60 seconds long, which can range from music to tv shows to clips of conversations, that are overlaid on top of [a] TikTok video.” This focus on sounds comes from the early development of Music.ly. In the spring of 2015, Zhu and Yang made a major decision for the app, which was to redesign it around lip syncing. As a result, the onboarding flow was oriented around helping users create these kinds of videos, and daily notifications were sent to users to complete lip syncing challenges to encourage the creation of content. After these changes, as well as the implementation of a new content recommender system (more on this below), the app took off and by July 2015 it was the No.1 app in the iOS App Store.

But there are two particularly significant aspects of TikTok that really separate it from other social media platforms. The first is its user interface (UI), and the second is its user experience (UX) and its content recommender system.

(The Harvard Business Review has a good article on the innovation strategy employed by ByteDance that has earned it enormous success.)

The TikTok UI

Martin Irvine, a professor at Georgetown University, has written an analysis of the design choices in TikTok’s UI.

The user interface is what users see and interact with and is the conduit between the machine on one end and the human on the other. The design of the UI is therefore a significant factor in engaging users and retaining that engagement when they are using the app.

A notable facet of TikTok’s UI is how it uses the real estate provided by the mobile screen. When users open the app, videos are played in full screen with minimal icons and text surrounding the edges of the playing media. This approach “draws users’ attention immediately and significantly [reduces] the user’s cost on learning how to use it.” Even if a user opens up the comments section, this is presented as a pop-up over the video which still plays.

The gestures for navigating the app are also quite intuitive. The motion of scrolling on a mobile device is a popular gesture that TikTok implements as the main way of moving through the content on the app. This method also does away with the interfaces used by other apps like Snapchat and Instagram which display collages of video thumbnails which users need to tap to watch a video. TikTok removes this friction by having users scroll through videos that are already playing in full screen mode.

Liking a video is also simple; users merely double tap on the video playing. Confirmation of this interaction being registered is signified by a temporary heart icon that appears over the video. Liked videos are retained in a list that users can access on their accounts.

To sum up the TikTok UI:

• The app takes advantage of the screen real estate provided by the mobile device by playing videos in full screen, doing away with thumbnails or lists of content.

• Interaction with the content is executed through well-known intuitive gestures with minimalist icons, pop-ups and animations.

• The cumulative aim of these various facets of the UI is to thrust users into consumption-mode immediately, essentially forcing them to view and scroll through full screen looping videos.

This leads to the other significant aspect of the TikTok app, namely its UX which is delivered predominantly through this content recommender system.

The TikTok UX and its content recommender system

The main way in which content is disseminated across the platform is through the ‘For You Page’ (FYP). It is on this page that TikTok’s infamous content recommender system lives.

So what is a content recommender system? In simple terms, this a system consisting of algorithms that attempts to deliver content to a user that they are most likely to engage with. These content recommendations can be based on what the user has engaged with in the past, what other alike users have engaged with, or even what is popular among all users on the platform:

A website showing top 10 lists of the most sold bread-making machines provides non-personalized recommendations. If a website for home sales or concert tickets shows you recommendations based on your demographics or your current location, the recommendations are semi-personalized. Personalized recommendations can be found on Amazon, where identified customers see “Recommendations for you.” The idea of the personalized recommendation also arises from the idea that people aren’t only interested in the popular items, but also in items that aren’t sold the most or items that are in the long tail. (Falk 2019, 5)

In the context of TikTok, the FYP features a content recommender system that produces personalised content. This means that the system is carrying out two tasks: (i) collecting data about a user’s interaction with a piece of content to measure their level of engagement and determine whether that level of engagement reaches a certain threshold, and (ii) if that engagement reaches/surpasses the engagement threshold, finding similar content and loading that up in a queue for the user to view.

In terms of collecting data for measuring engagement with content, Eugene Wei, whose career has been spent at various consumer internet companies, notes the following in a blog post on TikTok’s FYP:

Bytedance has an absurd proportion of their software engineers focused on their algorithms, more than half at last check. It is known as the algorithm company, first for its breakout algorithmic “news” app Toutiao, then for its Musical.ly clone Douyin, and now for TikTok. (Emphasis added)

But as Wei also explains (in a separate post), it is unlikely that TikTok is employing some revolutionary new algorithm for its recommender system. The key to a well-functioning, accurate machine learning algorithm is large volumes of high quality training data. This is because large volumes of high quality training data is more likely to produce a sufficiently dense sampling of the input space (i.e., the environment in which the algorithm is going to be deployed) to better enable the algorithm to accurately generalise based on that sample. In other words, better quality training data can produce a sufficiently dense sampling which in turn enables the algorithm “to make sense of new inputs by interpolating between past training inputs.” (Chollet 2021) This is shown in the diagram below:

To explain further:

• The squiggly line labelled ‘Original latent space’ at the top of the diagram represents the whole of the input space for the algorithm.

• In the bottom left of the diagram, you can see an illustration of the performance of algorithm trained on sparse sampling. It performs badly because there are not enough data points representing the input space, and so the algorithm does not follow the correct squiggly line for the input space. Instead, it identifies patterns based on the limited data available that is not congruent with the input space. This is why the dotted squiggly line (representing the input space) and the non-dotted line are out of sync.

• In the bottom right of the diagram, the inverse of this is shown. With a sufficiently dense sample, thus providing a more comprehensive representation of the input space, the algorithm can identify patterns that are more congruent with that input space. Thus, as is shown, the dotted line and the non-dotted line are in sync, showcasing an algorithm that is better at generalising and thus more accurate.

So for TikTok’s algorithm, the collection of data for the recommendations needs to be sufficiently comprehensive in order for the recommender system to perform well. The crucial issue is where that data should be sourced from. This presents an interesting problem for TikTok:

…for TikTok (or Douyin, its Chinese clone), who needed an algorithm that would excel at recommending short videos to viewers, no such massive publicly available training dataset existed. Where could you find short videos of memes, kids dancing and lip synching, pets looking adorable, influencers pushing brands, soldiers running through obstacle courses, kids impersonating brands, and on and on? Even if you had such videos, where could you find comparable data on how the general population felt about such videos? Outside of Musical.ly’s dataset, which consisted mostly of teen girls in the U.S. lip synching to each other, such data didn’t exist.

The solution to this is what makes TikTok’s recommender system so effective; the algorithm employs a closed feedback loop that takes data generated from a user’s activity and uses this to train itself on what that user likes (or more accurately what the user engages the most with). In other words, the source of the training data for TikTok's recommender system is TikTok itself.

As mentioned before, the TikTok app aggressively focuses the user’s attention on the video presented to them playing in full screen as soon as the user opens the app. By thrusting the user into consumption mode straight away, the app is able to solicit a vast array of different signals that can be used to measure engagement. These signals include:

• How many times the user watched (or looped) the video

• Whether the user shared the video

• Whether the user tapped the icon in the bottom right corner of the UI that shows more videos using the same sound or music

• Whether the user liked video

• Whether the user tapped the creator’s profile page

• Whether the user followed the creator

These data, which indicate a user’s behaviour with respect to each video they watch, will be combined with other information that TikTok will garner about the user, including:

• The types of videos they have enjoyed in the past

• Demographic and psychographic information

• Location data

• The type of device being used

• And much more

TikTok itself explains how this data is then processed in order to produce recommendations (i.e., find other content that is alike that which the user engaged with past a certain threshold and load that up in a queue for them to view next):

All these factors are processed by our recommendation system and weighted based on their value to a user. A strong indicator of interest, such as whether a user finishes watching a longer video from beginning to end, would receive greater weight than a weak indicator, such as whether the video's viewer and creator are both in the same country. Videos are then ranked to determine the likelihood of a user's interest in a piece of content, and delivered to each unique For You feed. (Emphasis added)

Thus, the more the user views content on the app, the better the algorithm performs (in terms of generalising and filling in the gaps to recreate the input space) and the more accurate the recommendations are for the user. In essence, the development team at TikTok have created an algorithm capable of a reinforcing feedback loop that allows its performance to improve in an exponential manner.

However, it is important to stress that both the UI and UX together make up the USP of TikTok, and they are thus both key to capturing user attention for much longer periods than other social media platforms. The global average for the time spent on TikTok by its users is 95 minutes per day. For Instagram it is 51 minutes, Facebook is 49 minutes, Twitter is 29 minutes and Snapchat is 21 minutes.

(An important side-note: China has been very serious about AI ever since it had its ‘Sputnik moment’ in 2016 when DeepMind’s AlphaGo beat Lee Sedol in a five-game match of Go:

Nowhere in the world was the fascination and the surprise at AlphaGo’s triumph as great as it was in China, the game’s original home. And nowhere else reacted to it with such resolve and speed. China’s leaders must have felt like the USA did on 4 October 1957, when it was caught off guard by the news that its great rival, the Soviet Union, had just launched the first man-made satellite into space: Sputnik 1. ‘Control of space means control of the world,’ Lyndon B. Johnson warned in 1958, when he was the majority leader of the US senate. It was one of the key speeches of the Cold War. The future, he said, was ‘not as far off as we thought,’ and whoever won the space race would then have ‘total control, over the earth, for purposes of tyranny or for the service of freedom’. Two AI advisors to the Chinese State Council described AlphaGo’s victory in Seoul as China’s very own ‘Sputnik moment’. And the Chinese state reacted in much the same way as the USA had in 1957: with a sudden change of tack, and a financial and strategic effort that almost overnight led to the funnelling of huge resources into artificial intelligence. (Emphasis added) (Strittmatter 2020, 176)

Thus, ever since 2016, the CCP has been working hard to accelerate progress in AI research, looking to private sector companies to do much of the heavy lifting:

The contribution of private high-tech companies and countless start-ups, and their cooperation with the state, are central to Beinjing’s plans. The government is keeping these companies close: the Ministry of Technology has officially selected firms like Baidu, Alibaba, Tencent and the speech-recognition company iFlytek to lead the development of nationwide AI platforms in areas such as self-driving cars, smart cities, medial diagnostics and speech recognition. This gives the chosen firms an advantage in these markets, with valuable access to state databases. At the end of 2018 the Chinese Academy for Information Technology, a think-tank operated by the Ministry of Industry and Information Technology (MIIT) produced a ‘white paper on AI security’ praising the large private internet companies Alibaba, Tencent, Baidu and Netease for their active contributions to the ‘intelligentization of national social governance’, in fields such as ‘security monitoring, data investigation and public opinion control’. (Strittmatter 2020, 186)

Geoff Hinton (and two of his students) are credited for the creation of neural networks and advent of deep learning. China took interest in this early on, and Baidu offered Hinton $12 million to work for the company for just a few years. Hinton eventually accepted Google’s $44 million offer for his startup, DNNresearch.)

(Another important side-note: there is a valid, and worrying, point to be made about TikTok and its capacity to grab people's attention so effectively, even to an extent that could be considered detrimental. There is a phenomenon called 'limbic capitalism' that touches on this concern; it is the idea that the modern digital age consists of apps and platforms with designs, production and marketing "that stimulate habitual consumption and pleasure for maximum profit." This paper provides a more in-depth analysis on this point. Also, this opinion piece by Niko Nguyen depicts a worrying picture of how TikTok imposes this limbic capitalism on its young user base; this college student wrote about why he deleted the app from his phone and how its "addictive nature and emphasis on performing online explain the stranglehold on today’s youth." Finally, another good resource to look at is this video by a UX designer essentially snitching on herself regarding the dark side of UX design and product management inside tech companies!)

To sum up the TikTok UX and its content recommender system:

• The crux of the TikTok UX is the FYP, which consists of a personalised feed that is powered by a content recommender system.

• The content recommender system employed by TikTok uses a reinforcing feedback loop to learn from the content that the user engages with and recommend new alike content based on this learning. This means that the algorithms are not being trained on a pre-existing database of videos and the corresponding level of user engagement for each video. This is how TikTok manages to overcome the 'generalisation' problem typically faced by those developing ML algorithms.

• The content recommender system uses range of data to measure the level of engagement expressed by a user, ranging from how many times they watch a video to demographic and psychographic information.

• These various pieces of information are weighted based on their value to the user and forms the basis for the selection of content that is recommended to them next.

The next four sections of this post focus on the relevant Chinese political backdrop that includes the CCP’s approaches to foreign policy and national security.

2. China's end game

The end game for China is ‘the Chinese Dream’; an ambition to “restore China’s historical glory as a powerful nation and rejuvenate the Chinese nation through the supremacy of the [CCP] in the twenty-first century.” (Ding and Panda 2022, 3)

The Chinese Dream has long been pursued by multiple leaders throughout China’s history. Currently, this mission is being led by the the CCP and its General Secretary Xi Jinping. But in 2017, it became clearer how China would be pursuing the Chinese Dream under Xi. The 19th National Congress, held on October 18-24, 2017, saw Xi become “the ‘custodian political figure’ of the [CCP] while inducting his ‘core’ political thoughts and ideas into the [CCP] constitution.” (Ding and Panda 2022, 2). Then a year later, Xi cemented himself further into the political fabric of China:

[I]n 2018 Xi a) consolidated power around himself and his supporters (called “the core” leadership), b) amended the Chinese constitution to make it clear that the Chinese Communist Party has control over everything, c) eliminated term limits for the president and vice president, d) created supervisory commissions to ensure that government officials are operating consistently with the party’s wishes, and e) enshrined Xi’s perspective, called “Xi Jinping Thought,” into the constitution. (Dalio 2021, 419-420)

Thus, China pursues the Chinese Dream strictly in accordance with the vision of its leader; China is the CCP and the CCP is Xi. As part of his vision, Xi is seeking to create a Sino-centric world order, which entails elevating "China to a predominant position in the international community and [replace] the existing US-led global order." (Ding and Panda 2022, xxvi)

So what does Sino-centric world order look like under Xi? It essentially consists of China’s journey to becoming the world superpower, and thus overtaking the US in this regard. To break this down:

• The Chinese Dream is viewed by many as “the reference point for China’s international image and diplomacy.” (Ding and Panda 2022, 3)

• The crux of the Chinese Dream is to take on the “Western notion of democracy and outmatch the supremacy of the United States in the existing global structure.” (Ding and Panda 2022, 3)

• This is the mission goal, and Xi is the ‘globalizer in chief’.

• The result is that the CCP and China become a new political model that other countries follow, encouraging the international adoption of China’s national governance, mixing authoritarian socialism with free market capitalism.

(An important side-note: to get a full understanding of Xi's ambitions for China, read his report to the 20th National Congress of the CCP held on 16 October 2022. This report details the objectives to be met by the CCP over the next 10 years or so. Among these include making China a leader in education, science and technology, culture, sports, and health, as well as significantly enhancing national soft power.)

The implementation of the Chinese Dream is carried out through policies executed in two domains; internal politics and external politics. One commonality between the strategies deployed in both domains is that the CCP operates on very long timelines:

The planning horizon that Chinese leaders concern themselves with is well over a century because that’s at least how long a good dynasty lasts. They understand that the typical arc of development has different multidecade phases in it, which they plan for. (Dalio 2021, 380)

Thus, the current pursuit of the Chinese Dream has involved multiple leaders starting with Mao Zedong in 1949:

The first phase of the current Chinese Empire occurred under Mao when the revolution took place, control of the country was won, and power and institutions were solidified. The second phase of building wealth, power, and cohesiveness without threatening the leading world power (i.e., the United States) occurred under Deng and his successors up to Xi. The third phase of building on these accomplishments and moving China toward where it has set out to be on the 100th anniversary of the People’s Republic of China in 2049 — which is to be a “modern socialist country that is prosperous, strong, democratic, culturally advanced, and harmonious” — is occurring under Xi and his successors. Its ultimate goal is to make the Chinese economy about twice the size of the US’s and to have the benefits of its growth broadly shared. Nearer-term goals and the ways to achieve them were set out in the Made in China 2025 plan, Xi’s new China Standards Plan 2035, and the usual five-year plan. (Emphasis added) (Dalio 2021, 381)

Internal Chinese Politics

One of the main aspects of the threat vector informing the CCP’s national security policy is challenges to its political system. This includes protests, ideological challenges/frustrations, and even influences of thought from other countries, in particular the West.

To address this risk, the CCP uses a top-down approach to exert control over the populace:

The Party monopolises political power and its closed political system necessarily invites challenges which in turn necessitates repression. To pre-empt such an eventuality, the Party, in its typical authoritarian fashion, exerts extensive ideological and organisational control over society. As in other Communist regimes, political challenges principally take the form of creating alternative political thinking, nurturing political opposition forces, and mobilising civil society in support of certain or political changes. (Emphasis added) (Chan and Londras 2020, 44)

A significant part of the CCP’s efforts to exert ideological and organisational control over society is the use of modern digital surveillance systems. Such systems are designed to (i) reinforce and strengthen the apparent merits of the CCP’s political ideology to encourage support and promotion among the populace (‘proactive' strategy), and (ii) exert actual control over the population as a backstop for the support and promotion of the CCP’s ideology (‘reactive' strategy). Both aims are essentially centred around information control and this digital surveillance by the CCP “has intensified thanks to both the advance of technologies and a stronger willingness to check on citizens’ thinking and behaviours.” (Ding and Panda 2022, 66)

The proactive and reactive strategies of influence could be framed as the sword and the shield of CCP information control:

• The sword - This is about the dissemination of propaganda. More specifically, it is about the CCP imposing “its official narrative about China’s history and politics in particular, both inside and outside of the country.” (Ding and Panda 2022, 68) For instance, since 2016, “there has been a burgeoning nationalist ‘troll army’ or ‘Little Pinks’ (xiaofenhong) voluntarily launching all-out attacks against anyone venturing to criticise the party or Xi’s policies.” (Ding and Panda 2022, 68)

• The shield - This is about suppression and censorship. The CCP seeks to identify noxious content that criticises its ideology and could potentially trigger political protest and political change that does not align with CCP policy.

The CCP has in the past applied the sword and shield of its information control strategy to ByteDance. Regarding the sword:

ByteDance has made sure to wall off users of Douyin and Tiktok in order to ‘avoid having problematic content created outside of China viewed by domestic audience’, according to Samm Sacks, a China digital economy expert with New America; and this in spite of Tiktok’s growing success worldwide (1 billion users in early 2020). (Ding and Panda 2022, 68)

Regarding the shield:

In April 2018…ByteDance… was ordered to shut down its app for sharing jokes and ‘silly videos’, after many ‘honest citizens’ had reportedly complained about its content. A few days earlier, its flagship app Jinri Toutiao, a news aggregator that claims 120 million users, was pulled from app stores. It is in that context that Zhang Yiming, ByteDance’s founder and chief executive, publicly apologised, indicating that the ‘…content did not accord with core socialist values and was not a good guide for public opinion’. (Ding and Panda 2022, 67-68)

(An important side-note: in late November 2022, protests broke out in China as people demonstrated against the CCP's strict 'Zero Covid' policy. This is being viewed as the biggest challenge to Xi and the Party since the Tiananmen Square protests in 1989. Chinese media have not covered the protests and there have seemingly been attempts to constrain information regarding the protests on social media through spam tweets. This is another example of the CCP using information control as a shield to protect its national security, in this case challenges its policies and political ideology.)

External Chinese Politics (Foreign Policy)

As mentioned beforehand, the CCP sees the West as a challenge to its pursuit of the Chinese Dream. But its particular focus is the US, since this is current world superpower that the Party wants to replace with China (and impose a Sino-centric world order).

In this regard, China and the US could be seen as heading towards parity in terms of dominance on the international stage:

China is now roughly tied with the US in being the leading power in trade, economic output, and innovation and technology, and it is a strong and quickly rising military and educational power. It is an emerging power in the financial sector but is lagging as a reserve currency and financial center. (Dalio 2021, 368)

As such, China and the US could be considered to be the midst of ‘the Thucydides trap’; the idea that war or conflict can emerge when an established power (like the US) fears the rise and takeover of an emerging power (like China):

As far as foreign policy is concerned, China has become stronger and more forceful while the United States has become more confrontational. More specifically, from 2012 until the time of my writing China’s strengths have grown, which has become increasingly apparent and more openly shown (e.g., the Made in China 2025 plan trumpets its plans to dominate certain industries that the United States currently controls). This has sparked a strong reaction in the US, which became most evident after the election of Donald Trump in 2016. (Dalio 2021, 418)

Interestingly though, the CCP’s approach towards Europe has been different:

A similar Chinese approach would not be replicated towards Europe even though the larger European community will be critical about China, following the massive loss of life in Italy, France and Germany due to COVID-19. This is partly because Europe’s approach towards China, unlike the United States’, has never been aggressive. Europe’s reactions to China’s BRI projects as well as governance matters have never been severe enough even though at times the European Union (EU) has confronted China, mainly on economic and security considerations. Another reason is that China does not compete with the EU, but with the United States, for global prominence. A fight with the United States raises the stature of China globally, while a fight with the EU weakens China’s outreach in the region. Therefore, China would pursue a ‘low-profile’ foreign policy towards Europe and try to mend its ties by offering the struggling economies in the region Chinese financial assistance. (Emphasis added) (Ding and Panda 2022, 9)

But regardless of whether it is the US or Europe, China’s military approach is the same:

Traditional Chinese military philosophy teaches that the ideal way to win a war is not by fighting but by quietly developing one’s power to the point that simply displaying it will cause an opponent to capitulate. It also calls for the extensive use of psychology to influence opponents’ behaviours. Still, there have been numerous violent dynastic wars inside China. The few wars that were fought outside China were for the purpose of establishing China’s relative power and opening trade. (Dalio 2021, 384)

This philosophy, inspired by Sun Tzu’s Art of War, is important for how the CCP:

• Conducts its signals intelligence (SIGNIT)

• Forms its national security law and policy

• Establishes its relationship with private enterprise

The next three sections of this post look at each of the above items in turn.

3. Overview of Chinese SIGNIT

In 1995, China had the most extensive network of SIGNIT intelligence of any of the Asian-Pacific countries. Just ten years later, “China had become one of the major players in SIGNIT anywhere in the world, alongside the United States, the United Kingdom, and the Russian Federation.” (Faligot 2019, 323)

However, while Chinese intelligence is on par with other powerful nations, the way in which it carries out its functions is unlike those in West. As already pointed out, the pursuit of the Chinese Dream involves the CCP establishing the ideological direction of the political institutions in China. As such, Chinese intelligence is heavily influenced by the politics of CCP and, by extension, Xi Jinping (China is the CCP, and the CCP is Xi):

Each service is two-pronged, with a technical director, charged with handling daily operations, working alongside a political commissar, who is responsible for ensuring that the organization’s ideological orientation conforms to the strategy decreed by the CCP…Specifically, this orientation dovetails with the “Chinese Dream”, in other words President Xi’s aim of preserving the supremacy of the party, while also pursuing his global strategy. (Faligot 2019, 3)

The principal military force in China, that also serves as the armed wing of the CCP, is the People’s Liberation Army (PLA). It comprises of five service branches, the fifth of which is the Strategic Support Force (SSF). The SSF was founded in December 2015 by Xi and “integrates most of the Chinese military’s intelligence and specifically cyber-warfare departments.” (Faligot 2019, 399) It brings together the Aerospace Reconnaissance Bureau, a cyber-army, and electronic warfare troops. The PLA contains four main departments: (i) an intelligence collection department: (ii) an intelligence processing department, (iii) a dissemination management department, (iv) a technical support department.

Another important institution is the Guoanbu, which is the Ministry of State Security responsible for internal affairs within China. The Guoanbu “considers itself to be a global intelligence player as significant as the Soviet KGB was in the twentieth.” (Faligot 2019, 2) The PLA and Guoanbu both take on responsibility for strategic intelligence abroad. (Faligot 2019, 400) But the foreign intelligence priorities are dictated by the CCP, and thus by Xi.

The SSF has two main functions: (i) operating as an ‘information umbrella’ for the rest of the PLA and acting as “an important factor in integrating military services and systems”, and (ii) executing the PLA’s information warfare operations. So although “the SSF has been aptly characterized as the PLA’s information warfare service, its mission of strategic-level information support for joint operations is equally integral – and indeed the source of its name.”

4. Chinese national security law and policy

The National Security Commission of China (NCS) is the centrepiece of the Chinese national security apparatus; Xi created it to centralise leadership on all national security matters, including security in politics, the economy, society, culture and even food. The NSC exercises “supreme power [to] provide better coordination, and enhance the protection of China’s national security through powerful and comprehensive mechanisms.” (Chan and Londras 2020, 46)

The Cyberspace Administration of China (CAC) and the CCP Central Propaganda Department are also of relevance. Both the CAC and the Propaganda Department work closely together to function as what is essentially an ‘internet police’. In particular, they both “direct discussion on social networks and snuff out content deemed noxious.” (Ding and Panda 2022, 66)

In terms of the applicable legal framework, the National Security Law, enacted in 2015, is a key piece of legislation. This law “broadens the scope of national security matters and has effectively framed the entire sphere of political, economic and societal governance as a national security concern and as such it is placed squarely under the leadership of the NSC.” (Chan and Londras 2020, 47) The National Security Law is the umbrella covering several other pieces of legislation to address a range of Chinese national security issues:

• The 2018 Counter-Terrorism Law

• The 2016 Law on the Management of Domestic Activities of Overseas Non-governmental Organisations (NGOs)

• The 2016 Cybersecurity Law

• The 2014 Anti-Spy Law

Article 7 of the National Security Law states the following:

Any organization or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law, and keep the secrets of the national intelligence work known to the public. (Emphasis added)

In addition, Article 14 also states:

The state intelligence work organization shall carry out intelligence work according to law, and may require relevant organs, organizations and citizens to provide necessary support, assistance and cooperation. (Emphasis added)

Such provisions to a large extent underpin certain aspects of the relationship between the CCP and the private sector (more on this further below). However, these provisions also have some important and relevant historical context, as Bonnie Girard notes in an article for The Diplomat:

In 1966, Mao Zedong launched the Cultural Revolution, which “lighted the flames…to purge his opponents and preserve the ‘true’ communist ideology,” wrote Dr. Zhou Zehao in 2016. Marking the 50-year anniversary of the beginning of the movement that would effectively erase Chinese culture from the People’s Republic of China, and in the process kill, starve, maim, and dehumanize millions, Zhou poignantly describes his and his family’s suffering at the hands of the Red Guards who terrorized the nation, all the while exhorted and encouraged to do so by Mao.

But how did the Red Guards, who were effectively the field operations and enforcers of the Cultural Revolution, know whom to target? The Red Guards were the youth of China, not the older, seasoned Party elite with access to personal files of everyday Chinese citizens.

As Zhou describes, the Red Guards went from neighborhood to neighborhood, and house to house, torturing and killing along the way.

But they were selective. In Zhou’s home, his sister was earmarked as a “capitalist roader” because she was a school principal. His father was also guilty of crimes against the state for having worked with the American Flying Tigers during World War II.

The Red Guards knew these things about specific individuals because neighbors, work colleagues, and often other family members had spied and informed on them. Under Mao’s leadership, it was not necessary to incorporate the “obligation” of citizens to spy on one another into smoothly codified legal terms.

Fast forward five decades, and China has acquiesced to more formal measures of dictate. Written measures now define the Chinese state, and its relationship to its people. (Emphasis added)

The major objective of the Cybersecurity Law is “to better and more systematically control the internet, giving priority to defending state interests and securing critical infrastructures.” (Ding and Panda 2022, 67) Article 9 states that ‘network operators…must obey social norms and commercial ethics, be honest and credible, perform obligations to protect network security, accept supervision from the government and public, and bear social responsibility.’ (Emphasis added) The law also requires internet providers to verify the identity of its users and be potentially fined and wound up if they do not. In addition, “data collected by domestic providers of ‘key digital infrastructure’ may only be stored in China” and “any export of data out of the country is subject to prior governmental authorisation.” (Ding and Panda 2022, 67)

These various pieces of legislation are not necessarily meaningful laws that legally justify the activities of the CCP; rather they likely just bring to light what used to be done in the dark. In other words, the enactment of these pieces of legislation was not “intended to regulate and control the exercise of power, but to crystallise it, amplify it, and legitimise its exercise.” (Chan and Londras 2020, 47)

5. The relationship between the State and private enterprise in China

China’s economic system is predominantly socialist, though not completely. From the inception of the CCP in the 1940s, State centralisation has been a key tenet of economic activity. However, the mixed economic structure of China today is very much a result of Deng Xiaping’s policies between 1978 and 1997:

[H]is most important policies were conveyed in a single phrase: reform and opening up. “Reform” means market reforms, using markets to help allocate resources and incentivize people, and “opening up” meant interacting with the outside world to learn, improve, and trade. Capitalism become part of the communist mix. (Dalio 2021, 405)

Even so, while China is technically a mixed economy, it leans more towards State centralisation than free market capitalism. The latter is closely controlled by the CCP so as to serve its aim of achieving the Chinese Dream:

Steering the private sector by both economic and political means is an important manifestation of Top-Level Design (TLD) under Xi Jinping, which has been identified as the defining feature of Xi Jinping’s reign soon after he assumed power in 2012. TLD means a (re-)centralisation of political decision-making which has been observed in almost every policy field over recent years, vindicating Xi Jinping as the ‘core leader’ of the Chinese party-state. (Ding and Panda 2022, 105)

But the CCP is careful not to control the private sector too much. Rather, there is a certain balance to be struck so that the creativity of private enterprise can flourish whilst the State maintains its political control over the general direction of that flourishing:

For Xi, the state should effectively control the private sector without suffocating it, making use of its creativity and economic success to the benefit of China’s local and national development. At the same time, Xi Jinping wants to make sure that the country’s private entrepreneurs, who are the driving force of industrial upgrading and innovation, the most important providers of employment, indispensable taxpayers and contributors in social welfare programmes and charity work, remain loyal supporters of Communist one-party rule. (Ding and Panda 2022, 105)

Thus, at the National Peoples’ Political Consultative Conference in March 2016, Xi defined the relationship between the State and the private sector as "'intimate' (qin) and ‘clean’ (qing), with qin referring to frequent, honest, truthful, constructive and whole-hearted party-state authorities; and qing meaning honest, bona fide, law-abiding, honourable and open-minded entrepreneurs.” (Ding and Panda 2022,108) Private entrepreneurs in China are encouraged to be ‘committed patriots’, namely “subservient regime supports, agents of industrial upgrading and innovation and generous contributors to the finance of public goods provision.” (Ding and Panda 2022, 109)

So if you want to do business in China, the CCP will always be closely involved. Thus, “those ‘jumping into the sea’ (xiahai) of Chinese capitalism would be closely watched and ‘guided’.” (Ding and Panda 2022, 113) This is especially as private enterprise has become increasingly important for the Chinese economy and its development. As such, the CCP has for a long time ensured the ‘domestication’ of private entrepreneurs so that are more of an aid (politically and ideologically) as opposed to a threat to the Chinese Dream.

This political incorporation of the private sector in China by the CCP has two pillars. The first, as already described, is the close observation of private companies by the State (top-down control). The second is the infusion of the party within the private enterprises themselves (bottom-up control):

According to official sources, in 2000, the proportion of party members among private entrepreneurs was already quite high (19.8 per cent). According to the bi-annual survey on private entrepreneurs conducted by the Chinese Academy of Social Sciences, the percentage of CCP members among the sample of private entrepreneurs was 39.8 per cent in 2010 and 32.8 per cent in 2012. (Ding and Panda 2022, 114)

(According to this article from Forbes, about three hundred "current employees at TikTok and its parent company ByteDance previously worked for Chinese state media publications.")

Although, that CCP members are embedded in private companies in China does not itself necessarily provide conclusive evidence of the Party imposing its will on the company. However, given the strong determination of the CCP to achieve the Chinese Dream, and its exertion of social control in China (as outlined earlier), it is hard to imagine that the CCP would refrain from playing an active role in the running of Chinese corporations:

it is not so much the mere existence of party branches that counts, but rather what these organisations actually do, and how significant they are for shaping the relationship between the party-state and private entrepreneurs…[party incorporation] serves the party-state’s constant efforts to politically co-opt business owners and leading managers. Party building in private enterprise clearly coincides with political control over private entrepreneurs. (Ding and Panda 2022, 115)

Thus, corporations in China are at the whim of the CCP, and in turn the vision and political priorities of its leader (China is the CCP, and the CCP is Xi).

Huawei provides the archetypal relationship between the CCP and private enterprise in China. In particular, it showcases the use by the CCP of ‘sea lamprey tactics’, namely the use of “secret service methods using both clandestine and open sources to capture the key intelligence information that feeds the Chinese economy.” (Faligot 2019, 282-283) This includes nine MOs: (i) “the acquisition of open intelligence, particularly easy in the West and in democratic countries because of the profusion of sources and access to information (especially using the internet, as the Chinese services are increasing doing)”, (ii) “the exploitation of political relationships, particularly the kind that will lead to scandal”, (iii) economic international cooperation, essentially foreign investment, (iv) direct commercial acquisition, (v) scientific cooperation, (vi) student cooperation (sending students to study abroad to obtain training and skills from other countries), (vii) ‘the return from the West’, namely “Beijing’s hope…that these students will be won over to the cause of the Chinese economy” and return to work in China, (viii) the exploitation of national pride (which mainly concerns the vast community of Chinese overseas), and (ix) deploying a wide range of negotiation tactics, including “blackmail to gain access to the Chinese market, competitive pitching, — in the course of which the Chinese get hold of technical files containing the knowledge they are after, without even needing to conclude negotiations — and partnerships that turn against Westerners participating in joint ventures.” (Faligot 2019, 283-285).

To drill down on the Huawei case:

• This is a Chinese telecommunications company founded in 1987 by “a former PLA officer, Ren Zhengfei, in the Shenzhen Special Economics Zone.” (Faligot 2019, 285)

• Huawei is an excellent example of a company that has mastered the “‘sea lamprey strategy’, and the perfect symbol of China profiting from and buying up the rest of the world.” (Faligot 2019, 285)

• By the early 2000s, the company achieved much success; it was one of the top telecoms operators in the world, with around 30,000 researchers worldwide (one of the largest teams at the time).

• By 2018, it had 180,000 employees, with 79,000 working in R&D. It constantly opens up in new locations and in doing so it has shown little concern for geopolitical ethics; it “signed lucrative contracts with Suddam Hussein’s Iraq and the Taliban in Afghanistan in 2001 to set up both civilian and military communication networks.” (Faligot 2019, 286)

• Huawei has therefore “developed a gigantic business intelligence apparatus to unearth everything about its competitors, its potential markets and the research and development of other companies it is interested in acquiring.” (Faligot 2019, 286) Thus, given that those doing business in China are closely guided and watched and that the CCP and Xi pay close attention to the activity of private enterprise to ensure that they further the Party's political ends, it is likely that the business intelligence apparatus of Huawei is utilised by the CCP for political ends:

According to its own documents, [its] business intelligence system — Huawei TopEng-BI — depends on the internal and external flow of information and information in liaison with all its subsidiaries and the following networks: a real-time data warehouse, an online analysis process, data-mining, an AI system, and a geographical information system. The complex interface of these sectors gives access from Huawei’s massive headquarters in Shenzhen to analyses, information and market projections, an effective sales support, and detailed analyses of the company’s clientele, which presumably also enables access to vast amounts of personal data. It is difficult to know what to make of this last point — especially if one thinks of the potential overlap with ministries like the Guoanbu and the PLA’s 3rd Department [now taken over by the SSF], in charge of communication warfare.” (Faligot 2019, 286)

• Thanks to the work of GCHQ penetrating the systems of BT and Orange, it was able to identify the threat posed by Huawei and in 2013, the Joint Intelligence Committee (which runs British intelligence operations) warned that, in the case of a cyber-attack, “it would be very difficult to detect or prevent it and could enable the Chinese to intercept covertly or disrupt traffic passing through Huawei-supplied networks.”” (Faligot 2019, 287) Hence, the UK government has mandated that “Huawei technology must be removed from the UK’s 5G public networks by the end of 2027” and has instructed telecoms operators to act accordingly. Similarly, The US Federal Communications Commission voted in June 2021 to ban approvals of Chinese equipment acquisitions from several Chinese companies, including Huawei (though the removal of existing Huawei technology has not gone smoothly so far).

The main point here is that, in China, private enterprises are treated by the CCP as agents of political change (for now at least). The Huawei case shows that this is not a hyperbolic characterisation; “private entrepreneurs are regarded as politically conservative and, if not accused of corruption, easily co-opted by the [CCP].” (Ding and Panda 2022, 121)

Put another way:

the interweaving of affective, instrumental and institutional ties that thickly embed private capital holders in the party-state, makes support for the political status quo more enduring and “sticky” than would otherwise be the case. (Ding and Panda 2022, 122)

So it would be unusual for businesses involved in the Chinese private sector to not be influenced by, and thus follow, the agenda of the CCP. They will often need to concede to ‘playing ball’ with the Party so as to not rock the boat and lose access to a lucrative market. However, this could change in the future with the growing wealth and influence that private enterprises have been gradually generating for itself:

private entrepreneurs — within all the institutional arrangements to secure party-state control…—display an increasing capacity to negotiate their group-specific interests with the regime. This will soon introduce new challenges to the state-business relationship, which China scholars must observe carefully. (Ding and Panda 2022, 122)

The above sections of this post have addressed (i) what TikTok is and how it works (in particular why it has so far been such a popular social media platform across the world), and (ii) the relevant Chinese political backdrop. The following sections bring all this together to form the arguments for why TikTok could be considered a national security threat to the West.

6. The data processed by the TikTok app

In July 2022, Internet 2.0, an Australian cybersecurity company, published a technical analysis mainly of the Android version of the TikTok app. This consisted of a static and dynamic analysis of the app’s source code to determine what data is processed (only a static analysis was carried out for the iOS version). The main finding of this analysis is that TikTok “does not prioritise privacy” and that its “[p]ermissions and device information collection are overly intrusive and not necessary for the application to function.” (Perkins 2022, 1) In addition, it found that the app has server connections to Chinese servers.

The ultimate conclusion of the analysis is the following:

For the TikTok application to function properly most of the access and device data collection is not required. The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting. (Emphasis added) (Perkins 2022, 14)

The findings of the report are split between (i) user permissions and third party data access, (ii) device and user data harvesting, and (iii) connections to Chinese servers.

User Permissions and Third Party Data Access

The technical analysis identifies a number of permissions in the Android and iOS source code that could be considered dangerous “due to the permission providing additional access to restricted data.” (Perkins 2022, 3) The screenshot below lists the dangerous permissions identified in the Android app:

This screenshot lists the dangerous permissions in the iOS:

In addition to permissions, the Android version “collects all other running and installed applications on the phone” which could “provide a realistic diagram of your phone.” (Perkins 2022, 4)

The Android app also makes persistent requests to access contacts stored on the device:

If the user denies access the application will continuously ask for access. TikTok does this as it runs its code in a loop that if a Boolean (true or false) is stored as false, it will keep prompting until given a true value...It is normal for an application to initially request access to contacts but TikTok’s persistent, endless harassment for user contacts access is abnormal. It reflects a culture that does not prioritize privacy or a user’s preferences for privacy. (Perkins 2022, 5)

Device and User Data Harvesting

The report lists the following device information that the Android application collects:

• Wi-Fi SSID

• Device build serial number

• SIM serial number

• Integrated Circuit Card Identification Number (this is a global unique serial number that is specifically tailored to a SIM card)

• Device IMEI

• Device MAC address

• Device line number

• Device voicemail number

• GPS status information (updates on the GPS location)

• Active subscription information

• All accounts on the device

• Complete access to read the clipboard (dangerous as password managers use clipboards)

As part of the technical analysis, the Android app was run through a code scanning tool called Joe Sandbox. This tool “detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities” and it “performs deep malware analysis and generates comprehensive and detailed analysis reports.” The screenshot below shows how Joe’s Sandbox rated the Android TikTok app:

The observation made by Internet 2.0 based on the above rating is as follows:

Joe’s Sandbox rated the Android application as malicious for Spyware and Evader categories...because of device and user data collection by the application and evasive techniques the application uses to block any type of analysis. Many applications have anti-sandbox run commands now to inhibit automatic analysis, the sandbox identifies these and categories it in the evader category. (Emphasis added) (Perkins 2022, 13)

Connections to Chinese servers

The technical report states that the analysis of TikTok’s source code (for the iOS app) found subdomains pertaining to several different locations, including Baishan in China. However, the purpose of these server connections, as well as what data is stored, could not be confirmed. The server connection was run by Guizhou Baishan Cloud Technology Co Ltd, which is a cloud and cyber security company.

(This blog post covers this point around Chinese access to TikTok user data in more detail in the next section as this is an important component of the argument for the app being a national security risk).

Behavioural Data Processing and Psychometrics

The TikTok Privacy Policy (as of 14 November 2022) states that one of the sets of information the app collects about its users includes “Inferred Information”. The Policy details what this means:

We infer your attributes (such as age-range and gender) and interests based on the information we have about you. We use inferences to, for example, keep our Platform safe, content moderation, and, where permitted, to serve you personalised ads based on your interests. (Emphasis added)

The Policy also notes one of the data processing purposes listed in the Policy, which is “[p]ersonalising and customising [the user] experience on the Platform, such as providing [the] For You feed.”

Such data processing hints at the possibility of psychometrics being used by TikTok. To explain:

• Psychometrics is "the science of psychological assessment, and has traditionally been seen as an aspect of psychology." (Rust et al 2021, 1)

• This relies on large amounts of data, and the internet and social media has been able to deliver this; these modern technologies produce large arrays of information, including demographic information like age, marital status, gender, occupation, and education, as well as "troves of new data such as the words being used in status updates and tweets, images, music preferences, and Facebook Likes." (Rust et al 2021, 4)

• But more importantly, such data collected over long periods of time leave behind digital footprints that are far more reliable for predicting personality and thus future behaviour; user data is analysed to score users "on a handful of easily interpretable latent dimensions (e.g., Big Five personality traits), and then such estimates are used to predict [users'] future behaviours." (Rust et al 2021, p.133)

• As such, by combining digital footprints with "ever-increasing computing power and modern statistical tools, such vast amounts of data are radically changing the potential of psychometrics." (Rust et al 2021, p.131)

• If TikTok is admitting to the processing of data to make inferences about a user's 'attributes' and 'interests' so as to personalise their user experience on the app, then it is therefore likely that TikTok is (i) using the data it collects about its users to create detailed profiles about them and possibly psychologically score those users, and (ii) using those psychological profiles to predict how they may respond to certain types of content. This is perhaps part of how the recommender system decides what content to show a user in their FYP.

• If this behavioural data is made available to the PLA, then this could greatly aid its information warfare operations (see more on this below).

7. Does China access TikTok data?

Given the political ideology of the CCP (i.e., the Chinese Dream), and the relationship between the CCP and private enterprise in China (see the Huawei case described before in this post), it is probably difficult to assert that there is no Chinese access of the data processed by TikTok.

Unsurprisingly, TikTok has tried to argue that there is no such access as well as point out that it has data centres located outside of China and that none of its data is subject to Chinese law. See also this BBC article from July 2020.

In reality, there are several pieces of evidence suggesting Chinese access to data. In fact, the clearest piece of evidence comes from TikTok itself; an update made to its Privacy Policy for Europe announced on 2 November 2022 by Elaine Fox, its Head of Privacy for Europe. In that update, Fox stated the following:

We currently store European user data in the U.S. and Singapore. Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States remote access to TikTok European user data. Our security controls include system access controls, encryption and network security. (Emphasis added)

Another significant piece of evidence comes from June 2022. This is when BuzzFeed broke a story about leaked tapes from 80 internal TikTok meetings in which China-based employees from ByteDance talk about accessing data about TikTok users from the US:

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

There is also this article from Forbes which reports on how ByteDance was planning to use TikTok "to monitor the personal location of some specific American citizens."

Samantha Hoffman, Senior Analyst at the Australian Strategy Policy Institute and an expert on Chinese State surveillance, did an interview with the MIT Technology Review in August 2020 in which she spoke on how China collects data around the world as part of its SIGNIT operations. When asked exactly how the CCP collects this data, she stated the following:

The data used by the Party comes in many forms, including text, images, video, and audio. Inside China, accessing this data is straightforward. To get access to global data, the Party uses state-owned enterprises, both Chinese and foreign tech firms, and partners such as university researchers. (Emphasis added)

The final sections of this post put all the above sections together to articulate the argument for how TikTok could be considered a national security threat to the US and the West.

8. How TikTok is a national security threat

The argument for TikTok being a potential national security threat to the West (and the US especially) can summed up as follows:

• Means = Information warfare

• Motive = The Chinese Dream

• Opportunity = TikTok

So putting these elements together:

Means + Motive + Opportunity = National Security Threat

Means = Information warfare

The following extract is from the US government’s latest national security strategy under the Biden administration, published in October 2022:

The PRC is the only competitor with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do it…It is using its technological capacity and increasing influence over international institutions to create more permissive conditions for its own authoritarian model, and to mold global technology use and norms to privilege its interests and values. (Emphasis added) (White House 2022, 23)

These next extracts are from the UK government’s Integrated Review, published in 2021, which describes its vision for the UK’s role in the world over the next decade:

The geopolitical role of non-state actors, in particular large tech companies, is likely to continue to grow. In some democracies, inequality – made more visible by digital technology – may increase social and political dissatisfaction. Governments may struggle to satisfy popular demands for security and prosperity, with trust further undermined through disinformation from malign actors. Authoritarian states will face and confront similar challenges with a different toolkit, including the use of technologies for surveillance and political control. (Emphasis added) (HM Government 2021, 27)

Those who challenge the values of open and democratic societies increasingly do so through culture: systemic competitors like Russia and China invest heavily in global cultural power projection and information operations (Emphasis added) (HM Government 2021, 49)

In NATO's latest Strategic Concept ,which was adopted in June 2022 and details the organisation's current strategic priorities, it states the following regarding China:

The People’s Republic of China’s (PRC) stated ambitions and coercive policies challenge our interests, security and values. The PRC employs a broad range of political, economic and military tools to increase its global footprint and project power, while remaining opaque about its strategy, intentions and military build-up. The PRC’s malicious hybrid and cyber operations and its confrontational rhetoric and disinformation target Allies and harm Alliance security. The PRC seeks to control key technological and industrial sectors, critical infrastructure, and strategic materials and supply chains. It uses its economic leverage to create strategic dependencies and enhance its influence. It strives to subvert the rules-based international order, including in the space, cyber and maritime domains. The deepening strategic partnership between the People’s Republic of China and the Russian Federation and their mutually reinforcing attempts to undercut the rules-based international order run counter to our values and interests. (Emphasis added) (NATO 2022, 5)

It is seems clear therefore that, broadly across the West, the prospect of information warfare (IW) applied through social media is a realistic part of the threat vector that the West is contending with. But not only is IW via social media just a part of the threat vector (and therefore influencing national security policy), it is also dramatically expanding that threat vector. This is because (i) large parts of the population have migrated their lives to the internet, and social media in particular, increasingly relying on this medium to communicate with other people, access online news and conduct a range of other activities, and (ii) their 'digital lives' are subject to systems and algorithms that can observe the activity of its users and control the flow of information. Accordingly:

The attack surface of IW — meaning the sum of vulnerabilities of a system, in this case entire national societies, to exploit — is immense and multilayered. As such, IW effects can manifest extremely broadly and across diverse targets, often without obvious patterns of interconnection. (Whyte et al 2021, 2)

IW can be defined as "the deliberative manipulation or use of information by one party on an adversary to influence the choices and decisions that the adversary makes in order for military or strategic gain." (Whyte et al 2021, 1) In the military/national security context, it is a game of smoke and mirrors in which one attempts to disorient and weaken the other-side without firing a single bullet.

However, IW is not unique to the current digital age; it takes advantage of the vulnerabilities in how humans process information that has always existed. The fact that "the dominant media through which people receive most of their information about the social and political world has changed over time has not changed the underlying concepts and processes of persuasion." (Whyte et al 2021, 6) The particular vulnerability of relevance here is the way the human mind attempts to simplify problem solving through reliance on quickly accessible pieces of information:

The availability heuristic weighs the amount and frequency of information received, as well as recentness of the information as more informative than the source or accuracy of the information. Essentially, the mind creates a shortcut based on the most — or most recent — information available, simply because it can be remembered easily. Often, the availability heuristic manifests itself in information received through media coverage. (Whyte et al 2021, 92)

Hence, psychological operations (or 'psyops') have always been a significant tool in the toolkit of those who attempt to use IW. One can look at the US presidential election in 2016 as one of the prominent recent examples of this, whereby Russians used fake social media accounts to "spread misleading or provocative information online to potentially millions of people, information that never would have reached them through traditional news outlets." (Whyte et al 2021, 7) The goal of psyops is to (i) target people within the societal fabric of the other side and influence their beliefs, and in turn influence their behaviour with the aim of, inter alia, diminishing trust in their government institutions and fundamental values and principles, and (ii) strengthen the appeal of the perpetrators' own ideology to fill the resulting political vacuum. In essence, it is divide-and-conquer.

As explored already in this post, the CCP uses cyberspace as an additional frontier to advance its political ideology inside and outside of China. This involves empowering the PLA to pursue strategies centred around exploiting the 'intangible' domains through IW, with psyops playing a key role:

For the People’s Liberation Army (PLA), psychological warfare is an integral element of information operations, in conjunction with cyber and electronic warfare, to be undertaken continuously throughout peacetime and wartime across all domains. The PLA sees these “intangible” domains as integral to modern “informatized” warfare, in which seizing information dominance is vital to victory on the battlefield. Similarly, psychological warfare, along with legal warfare and public opinion warfare, known as the “three warfares” are seen as critical to seizing “discourse dominance” in future political and military struggles. (Whyte et al 2021, 42)

The term 'computational propaganda' encapsulates how psyops could be applied in the current digital age. In their book on the subject, Woodley et al explain what this entails:

[C]omputational propaganda describes the use of algorithms, automation and human curation to purposefully manage and distribute misleading information over social media networks. As part of the process, coders and their automated software products (including bots) will learn from and imitate legitimate social media users in order to manipulate public opinion across a diverse range of platforms and device networks. These bots are built to behave like real people (for example, automatically generating and responding to conversations online) and then let loose over social media sites in order to amplify or suppress particular political messages. These “automated social actors” can be used to bolster particular politicians and policy positions — supporting their activity and enthusiastically, while simultaneously drowning out any dissenting voices. They can be managed in conjunction with human troll armies to “manufacture consensus” or to otherwise give the illusion of general support for a (perhaps controversial) political idea or policy, with the goal of creating a bandwagon effect. (Woodley et al 2018, 4)

Taiwan presents an interesting example of where and how the PLA executes its psyops. These operations are carried out through its former General Political Department’s Base 311 (Unit 61716), its Public Opinion Warfare, Psychological Warfare, and Legal Warfare Base. Base 311 is HQ’d in Fujian and is subordinate to the PLA’s SSF and is key to IW operations against Taiwan:

During Taiwan’s fall 2018 local elections, there were credible allegations of interference by China that involved attempts to manipulate media and public opinion. There are also reasons for concern that Taiwan’s media and information ecosystem may be particularly vulnerable to such efforts going forward. Just as Russia initially targeted nations within its “near beyond” before turning to employ similar techniques against the United States, Taiwan may also become a critical bellwether for the techniques and relative sophistication of Chinese attempts to undertake electoral interference or psychological operations that could be turned against overseas Chinese populations and perhaps even against the United States in the future. (Whyte el at 2021, 48)

It has also been mentioned in this post that China invests heavily in AI, and this includes its potential in the context of IW and psyops. In fact, relative to the US, "there is greater attention in China about how AI will affect or could be leveraged to impact public opinion and propaganda going forward." (Whyte et al 2021, 48) This may entail, for example, the frightening prospect of deepfakes being utilised in IW (see an example of a viral deepfake on TikTok here). Thus, both big data and algorithms constitute crucial elements in modern PLA psyops.

Overall, IW presents a plausible means through which the CCP could continue in its advance of the Chinese Dream and confront the US and the West without having to use (much) kinetic military action. Through the PLA's operations, the CCP can deploy offensive IW tactics using psyops by injecting political propaganda into the societal fabric of the other side to cause disorientation and disruption. Taiwan presents an important example of this.

Motive = The Chinese Dream

TikTok presents a compelling medium through which PLA psyops can be effectively deployed. However, before exploring this in more detail, it is important to reiterate the motive for using such techniques against the West (already thoroughly addressed earlier in this blog post), which is the pursuit of the Chinese Dream:

• The Chinese Dream is about making China the world superpower.

• In doing so, the CCP seeks to replace Western ideals of liberalism and democracy with a Sino-centric world order based on the political model that the CCP employs in China, which is a mixture of authoritarian socialism with free market capitalism (but with a greater emphasis on the former).

• The pursuit of the Chinese Dream involves the CCP, under the political direction of Xi Jinping, exerting strong social control domestically as well as promoting and cementing its influence internationally.

• Following Sun Tzu and The Art of War, a significant part of the CCP's foreign policy involves the extensive use of psychology to influence the behaviour of others.

• TikTok presents a compelling opportunity for the CCP, with the help of the PLA and its IW capabilities, to carry out this foreign policy objective.

Opportunity = TikTok

In order to weaponise social media as part of IW and psyops, the adversary must learn how to 'command the trend'. This is where the adversary accesses "regular streams of online information via social media to influence networked groups." (Whyte et al 2021, 88).

To explain why commanding the trend is so important for modern psyops:

• The internet is still largely in its Web 2.0 phase (Web 3.0 is emerging but has seemingly not attracted the sufficiently broad adoption required to establish itself as the definitive next phase of the internet).

• With Web 2.0, user-generated content (UGC) is aplenty.

• With UGC has come the ability to virtually network, in particular through social media platforms that allow users to disseminate their content to large networks of people.

• Adversaries have been quick to "find ways to exploit the openness of the internet, eventually developing techniques to employ social media networks as a tool to spread propaganda.” (Whyte et al 2021, 89)

• Thus, in the end, what social media has done is create “a point of injection for propaganda and has become the nexus of information operations and cyber warfare.” (Emphasis added) (Whyte et al 2021, 89)

An adversary attempting this technique of commanding the trend will need to (i) put together a comprehensive dataset of the target population, and (ii) use this dataset to identify patterns and trends that can be used to execute the psyops:

• Information collection/State surveillance - This could entail collecting relevant information from scratch but it is becoming increasingly more efficient to source the necessary data from those who have already collected it, such as social media platforms. As this post has already explored, the close relationship between the CCP and Chinese private enterprise, as well as Chinese national security, mean that it is relatively straightforward for the PLA to solicit data it needs for its IW operations from companies like ByteDance. Additionally, there is already evidence to suggest that TikTok employees in China can and do access data collected by the app, including, potentially, psychometric profiles (see above for more on this).

• Data analysis - This is where various data streams can be integrated and combined with data exploration and analytics techniques to identify trends and patterns about the target population. If the dataset is large enough and of a sufficient quality, it could even be potentially used to build and test simulations of individuals, groups or even whole populations and their reaction to "events (both virtual and real), advertising, political campaigns, and [psyops], and even guess what might go viral through person-to-person interactions." (Whyte et al 2021, 16)

As a next step, the adversary would then need to build a strategy for deploying the psyops, which may involve at least some of the following:

1. The establishment of an idea/message that can exist within an identifiable narrative, no matter how obscure. The data analysis conducted beforehand may reveal what kind of messages would be most effective or what is capable of 'trending' within the target population.

2. A group of people who are already pre-disposed to the narrative and its constituent ideas/messages (i.e., truly committed believers). If the dataset of the target population also contains psychological profiles of a sufficient number of individuals, then identifying these target groups could be more feasible.

3. A team of agents of cyber warriors.

4. A network of automated bots.

5. The exploitation of a feature of the social media platform which, if correctly interpreted, can be used for the broad dissemination of propaganda.

With this strategy, the aim of commanding the trend is to inject propaganda into a network of people on social media who are inclined to believe it, and encourage its dissemination beyond that local network to the broader social media ecosystem. The most effective psyop campaigns on social media are the ones that permeate everyday experiences of users to effectively manipulate those users into an ideology through a media blitz that makes them unaware that such ideas are not actually their own.

But the fifth factor (the exploitation of a feature of the social media platform which, if correctly interpreted, can be used for the broad dissemination of propaganda) is perhaps the most important and is essential for those executing IW as well as those who are engaged in social media content creation in general. Many internet content creators who rely on social media platforms like YouTube to make a living often complain about how their livelihoods "hang at the whims of mysterious algorithms." In other words, those attempting to go viral on social media must learn how the algorithms of that platform work, and in particular which types of content it tends to disseminate widely. By having this understanding, an adversary deploying psyops can ensure that their propaganda can spread throughout numerous networks on the platform and capture the attention of large numbers of users.

This presentation by Ben Guerin, one of the founders of the digital campaign company Topham Guerin which worked with the UK Conservative Party during the 2019 general election (see more on this here), explains how to exploit social media (in this case Facebook) to achieve virality for a political campaign. To summarise the main points:

• According to Guerin: "The best social media strategy is water dripping on a stone; you got to be pushing the same consistent message day in day out. The challenge is using a variety of content to do so." (Guerin 2019, at 3:31)

• Memes are comical depictions of relatable topics that can potentially spread widely among vast numbers of social groups. Thus, integrating your message within a meme can be a powerful tool in modern digital political campaigning.

• You need to surprise and shock people with your content in order to get their attention: "People talk a lot about engagement and engagement is a response of emotion...we are not going to interact with something if we don't care about it. But the particular emotions that we need to unlock are arousal emotions; we're talking anger, excitement, pride, fear. Your content should be relating to one of these emotions for anyone to give a damn about it." (Guerin 2019, at 5:42) (This reminds me about this quite well-known Facebook paper on the 'emotional contagion', which is about how "emotions expressed by others on Facebook influence our own emotions, constituting experimental evidence for massive-scale contagion via social networks." Such a phenomenon may have likely been evident during political campaigns for the 2022 US midterm elections.)

• When people care about content, they will like it, comment on it and share it with their friends.

• The content also has to be relevant and salient:

  • Relevant means it needs to be relevant to as many people as possible.

  • Salient means that it is connected to current events.

• Thus, content made for a political campaign needs to: (a) be relevant to as many people as possible, which can be achieved through the use of memes, (b) unlock an arousal emotion (anger, excitement, pride, fear etc), and (c) be connected to current events. In addition, every piece of content needs to be pushing your central message/objective.

• In deploying the content, three factors are particularly important:

  • Volume - keep posting more than the other campaigns (this will most likely mean quantity over quality), since more content means more engagement.

  • Variety - this means sending out memes, videos, blog posts, news articles and other formats as Facebook typically rewards volume and variety.

  • Speed - turn the silly comment at a press conference into a viral video within hours.

To replicate this kind of virality on TikTok, one would ordinarily need to learn and understand what kind of content the recommender system behind the FYP is most responsive to and therefore tends to disseminate to lots of users.

(

The Privacy Whisperer

I Was on TikTok for 30 Days: It Is Manipulative, Addictive and Harmful to Privacy

Read more

a year ago · 1 like · Luiza Jarovsky

But the PLA is in a unique position in the sense that it does not need to treat the system as a black box and learn it from scratch. It has laws at its disposable that enables it to simply instruct TikTok to configure the system in a way that conforms with its IW operations. Remember, Articles 7 and 14 of the 2015 National Security Law contain broad language that show how any organisation can be required to cooperate with Chinese State intelligence agencies and provide any support deemed necessary for national security purposes (and the concept of 'national security' itself is also interpreted broadly by the CCP).

So overall, the PLA has the mandate to (i) collect vast amounts of data about the target population through TikTok, and (ii) utilise the recommender system to execute psyops without needing to 'learn' how the system works. Last month, FBI Director Chris Wray had this to say regarding the potential for TikTok to be used in this way by the CCP and the PLA:

We do have national security concerns, at least from the FBI's end, about TikTok. They include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm which can be used for influence operations if they so chose or to control software on millions of devices which gives it the opportunity to potentially technically compromise personal devices...As to what is actually happening and actually being done, that's probably something that would be better addressed in a closed classified setting...it is certainly something that is on our radar. (from 1:20:16)

Yet this threat is not just merely hypothetical; there is even some evidence of Chinese psyops already taking place on TikTok. For example, this study by the Integrity Institute, a group of professionals aiming to ensure that social media platforms adhere to ethical and responsible practices, shows that the recommender systems powering TikTok and Twitter are particularly prone to amplifying misinformation relative to more benign content. Thus, TikTok's recommender system is capable of spreading misinformation "far beyond the followers of the account that created it, and...misinformation will perform well in the recommendation scores." Additionally, in the run-up to the US 2022 midterms, the Election Integrity Partnership (EIP), an organisation set up by the Stanford University Internet Observatory to defend elections against "online behavior harmful to the democratic process", identified a number of information operations on social media platforms, including TikTok, attempting to influence those elections, some of which were attributable to China. A network called '10Votes', which masqueraded as a progressive political advocacy organisation supporting progressive political policies and candidates, had an account on TikTok that "repurposed campaign videos and news coverage, but no individuals appeared on camera as representatives of the organization" and it also "engaged with its audience by liking comments."

Alex Stamos, an adjunct professor at Stanford University's Center for International Security and Cooperation who helped set up EIP, also had this to say regarding Chinese information operations on TikTok during an episode of the Moderated Content podcast:

Chinese influence operations are a big deal. We wrote up the shut down of five influence operations before the US midterms. Several of them were attributed to China and were directly trying to influence US elections, including the creation of an anti-Mark O'Rubio group...[TikTok] were quite slow to take down some of the Chinese stuff...TikTok has a real problem of Chinese influence operations and I think it's a totally reasonable concern and one for which we don't have a lot of good solutions. (Douek and Stamos 2022, from 24:31)

To summarise this section:

• TikTok presents a compelling opportunity for the PLA to carry outs its IW operations, including psyops, against the West. This is because (a) TikTok provides a rich source of data that the PLA can solicit, under China's national security laws, to carry out data analysis of the target population, and (b) the app is equipped with a powerful recommender system which, under China'a national security laws, the PLA can instruct TikTok to configure in a way that supports its psyops.

• Using the resources provided by TikTok, the PLA could deploy its psyops by (i) creating messages containing CCP propaganda that is likely to expand beyond networks of pre-disposed users, (ii) using the app's recommender system to widely disseminate that message across several networks of users, and (iiii) setting up a team of cyber warriors to help disseminate that message further, potentially combined with a network of automated bots.

• The FBI believes that the use of TikTok in this way by the PLA is a realistic prospect and is something that is 'on its radar'.

• In the run-up to the US midterm elections, there were inauthentic networks attributable to China on TikTok and other social media platforms attempting to influence the outcome of those elections. It therefore shows that the use of TikTok for IW operations by the PLA is not just a hypothetical threat, but something that has potentially already materialised.

9. Concluding remarks

I started this post with a quote from The Art of War: “If the enemy offer an allurement, do not take it.” I included this quote because I think it encapsulates the essence of the debate around TikTok and its potential for being a national security threat.

TikTok is indeed an allurement. It is used by billions of people across the world (especially the younger generation), entertaining them with quirky challenges, viral trends and lots of other 'digital candy'. As soon as you open the app, it draws you in with a minimalist and appealing UI that forces you to focus on the content on display. To keep you hooked, it runs a recommender system that seems to know what the user wants and thus completely dictates the UX. As such, TikTok has "somehow dominated the social media industry, firmly planting itself into the culture of today’s youth."

But as this blog post hopefully shows, this allurement ought to be treated with caution. The US and UK governments, NATO and the FBI have all warned about China becoming a growing threat against the West, especially with the international perception of the country souring after the Covid-19 outbreak:

[T]he democratic world is, more than ever, strongly contesting China’s cavalier behavioural approach towards other countries…[the CCP] has been fighting a defensive ideological battle against democratic norms, liberal ideas and human rights. Though the [CCP] never directly engaged in a determined effort to spread its autocratic functioning outside China, the PLA has been expanding its strategic wings across the Indo-Pacific by building ports and military bases overseas…In the post-COVID-19 scenario, such Chinese assertiveness might be challenged.

Because of COVID-19 becoming a global pandemic, political reservations and strategic objections on China and Chinese-sponsored schemes around the world will continue to grow. Henceforth, even China’s ‘charm offensive’ approach of reaching out to countries and international communities for project financing through its [Belt and Road Initiative] schemes and building goodwill through ‘development partnerships’ will not be easy. Debates, as also conspiracy theories, about the origin of the coronavirus might also rage for some time, and many may choose to blame Beijing in view of its opaque governance system. (Ding and Panda 2022, 5 and 7)

So does this mean that we are, or at least heading towards, a new (tech) cold war with China (or the CCP to be more specific)? If you were to ask Huawei this question right now, it would probably say yes; Politico reported last month that the telecoms company was pivoting to its domestic market and scaling back its presence in Europe:

The reasons for doing this have little to do with the company’s commercial potential — Huawei is still able to offer cutting-edge technology at lower costs than its competitors — and everything to do with politics, according to interviews with more than 20 current and former staff and strategic advisers to the company.

Pressed by the United States and increasingly shunned on a Continent it once considered its most strategic overseas market, Huawei is pivoting back toward the Chinese market, focusing its remaining European attention on the few countries — Germany and Spain, but also Hungary — still willing to play host to a company widely viewed in the West as a security risk. (Emphasis added)

Not everyone is of the same view though. In an interview with The Markup, Shazeda Ahmed, a doctoral candidate at the University of California, Berkeley’s School of Information and a visiting scholar at the AI Now Institute, whose work focuses on China’s tech industry and internet policy, was asked whether there is a tech cold war with China, and she said this:

I disagree, but I do see how the actions of the U.S. government, Chinese government, and certainly some tech companies on both sides can be seen as creating a self-fulfilling prophecy of a tech cold war. I disagree with this as a framing of what we’re going through right now, and I think that it’s never too late to back away from this narrative.

The United States and China are extremely economically and, to an extent, even politically interdependent. Proposals for things like economic decoupling from China are extraordinarily difficult and harmful for both the U.S. and China. With the fear of China overtaking the United States and becoming economically and politically dominant, we are falling back on narratives that have been around for a long time to try and make an argument, to the world and domestically, that everyone will be worse off if China becomes the dominant global superpower. The Cold War analogy also benefits big tech companies by allowing them to deflect being regulated. (Emphasis added)

Alas, China may not be full on adversary (yet), but it is not exactly a trustworthy ally either. The CCP has been on a mission to restore the greatness of China ever since the Party was formed, inspired by the former Soviet Union but determined to go further than its predecessor. The Chinese Dream is simply not compatible with Western ideals, and there is now a slow realisation of this fact notwithstanding China's economic and geopolitical clout.

Both the US and the UK have realised that taking the allurement of Huawei was a mistake and are now trying to reverse course. India has also took the action it thought necessary in 2019. I would not be a surprise if TikTok eventually suffered the same fate in the West. It just seems like only a matter of time.

But if you are a TikTok user, and you are reading this blog post, you may be thinking: "Why should I care?" or "So what if TikTok harvests my data to be used by the CCP as a proxy for political gain...how does that really impact me and my life?"

If you are of this mindset, then you should probably read Privacy is Power by Carrisa Véliz, an associate professor of philosophy and ethics at the University of Oxford, in which she argues why your privacy, and the protection of your data, is so vitally important. This extract from the book sums it up well:

Not everyone will use access to your privacy in your interest...Fraudsters might use your date of birth to impersonate you while they commit a crime; companies might use your taste to lure you into a bad deal; enemies might use your darkest fears to threaten and blackmail you. People who do not have your best interest at heart will exploit your data to further their own agenda. And most people and companies you interact with do not have your best interests as their priority. Privacy matters because the lack of it gives others power over you.

You might think you have nothing to hide, nothing to fear. You are wrong - unless you are an exhibitionist with masochistic desires about suffering identity theft, discrimination, joblessness, public humiliation, and totalitarianism, among other misfortunes. You have plenty to hide, plenty to fear, and the fact that you don't go around publishing your passwords or giving copies of your keys to strangers attests to that.

You might think your privacy is safe because you are a nobody - nothing special, interesting or important to see here. Don't short-change yourself. If you weren't that important, businesses and governments wouldn't be going to so much trouble to spy on you. (Emphasis added) (Véliz 2021)

The main point here is this: it may not be today, or tomorrow, or next week, or next month, or next year, or in the next two, five or even ten years. But one day, because you have given away your data to an entity with ulterior motives (like the CCP), it could be used against you, and by the time that happens it may be too late to do anything about it. So be very careful about who you decide to give your data to, especially if it is TikTok.

Sources

Books:

• Arthur S Ding and Jagannath P Panda, Chinese Politics and Foreign Policy under Xi Jinping: The Future Political Trajectory (Routledge Studies on Think Asia) (Routledge 2020)

• Cade Metz, Genius Makers: The Mavericks Who Brought A.I. to Google, Facebook, and the World (Random House Business, 2021)

• Carrisa Véliz, Privacy Is Power: Why and How You Should Take Back Control of Your Data (Melville House Publishing 2021)

• Cora Chan and Fiona de Londras, China's National Security: Endangering Hong Kong's Rule of Law? (Hart Publishing 2020)

• Christopher Whyte, Information Warfare in the Age of Cyber Conflict (Routledge Studies in Conflict, Security and Technology) (Routledge 2020)

• Francois Chollet, Deep Learning with Python (2nd edn, Manning Publications 2021)

• John Rust, Michael Kosinski and David Stillwell, Modern Psychometrics: The Science of Psychological Assessment (Routledge, 2020)

• Kai Strittmatter, We have been harmonised: Life in China's Surveillance State (Old Street Publishing 2019)

• Kim Falk, Practical Recommender Systems (Manning Publications 2019)

• Ray Dalio, Principles for Dealing with the Changing World Order: Why Nations Succeed or Fail (Simon & Schuster UK 2021)

• Roger Faligot, Chinese Spies: From Chairman Mao to Xi Jinping (C Hurst & Co Publishers Ltd 2019)

• Samuel C Woolley and Philip N Howard, Computational Propaganda: Political Parties, Politicians, and Political Manipulation on Social Media (Oxford Studies in Digital Politics) (OUP 2018)

• Sun Tzu, The Art of War

Other Sources:

• TikTok's China Problem by Forbes

• What You Should Know About The TikTok National Security Debate by Forbes

• bangorlol claiming to have 'reverse engineered' TikTok (Reddit)

• What the Tik Tok Ban Really Shows by The Cyber Solicitor

• "Tik"ing Time Bomb? Exploring the National Security Threats of TikTok - Fall 2020 by
  The Federalist Society at UVA Law on YouTube