Is TikTok a security threat? CT legislators ask for hard data on spying as ban considered
The Government Administration and Elections Committee heard testimony on a bill that would ban TikTok from being used by government employees or public officials on state-owned devices. The sole exception would be for “law enforcement purposes.”
“You don’t need to be a member of Generation Z to know what TikTok is,” said Sen. Bob Duff, D-Norwalk, during a Friday meeting. “The Federal Bureau of Investigation has repeatedly pointed out the danger that this application poses to government entities.”
Rep. Gale Mastrofranceso, R-Southington, said, “I gotta be honest with you, I’m on the fence on it.” “Do you have any data besides the news outlets? Do we have hard facts?”
The proposed bill before the General Assembly would also charge the chief information officer, chief information security officer and the chief court administrator jointly develop security standards for computer programs and state-issued devices to “counter cybersecurity threats.”
During the testimony, board members asked Duff and Sen. Ryan Fazio, R-Greenwich, if there was any concrete evidence about the espionage threat of TikTok.
“I’m a freedom guy, as you know,’ said Sen. Rob Samson, R-Southington. “Do you have any concrete evidence?”
Fazio replied, “The best example is that employees of ByteDance used TikTok geolocation data specifically to track journalists whom they were suspecting of speaking to employees of TikTok in the U.S. The ability of these applications to retain and collect data is immense.”
In replies to requests for more data on the privacy threats of TikTok, Duff and Fazio pointed to news reports about TikTok tracking journalists and the testimony of FBI Director Chris Wray.
In December 2022, Jeff Brown, the current chief information security officer, and Mark Raymond, the chief information officer, had asked the various intelligence and security agencies, including the FBI, for guidance on TikTok
According to documents obtained by CT Insider via a Freedom of Information request, the FBI and the Cybersecurity and Infrastructure Security Agency had no additional evidence to provide that TikTok was a security threat.
“I asked one of my analysts to reach out to our HQ … She couldn’t find evidence that we had any additional information to share,” wrote FBI supervisory agent Connor Phoenix in an email to Connecticut officials. “Sorry we don’t have more to offer.”
The discrepancy between what the cybersecurity agents could provide and what the FBI director is saying in public is likely political, says Milton Mueller, director of the Internet Governance Project of Georgetown University.
“Chris Wray is not an expert on cybersecurity. The FBI director is a political appointee and he is touting a political line,” Mueller said in an Intelligence Squared debate earlier this month. “This is a foreign policy case. There are people who believe in decoupling from China, and they will interpret any connection to a Chinese company as a threat. There’s really no evidence that this is harming the United States”