Government says social media app 'presents unacceptable level of risk'
Federal government workers can no longer access their TikTok accounts using government-issued mobile phones.
Ottawa has banned the use of the Chinese-owned social media platform effective today, Feb. 28, citing cybersecurity concerns.
“Following a review of TikTok, the Chief Information Officer of Canada determined that it presents an unacceptable level of risk to privacy and security,” said Mona Fortier, president of the Treasury Board Secretariat, in a statement.
“The decision to remove and block TikTok from government mobile devices is being taken as a precaution, particularly given concerns about the legal regime that governs the information collected from mobile devices, and is in line with the approach of our international partners. On a mobile device, TikTok’s data collection methods provide considerable access to the contents of the phone.”
Just over a third (34 per cent) of employees express little-to-no concern about data theft at work, and 16 per cent believe they can't be targeted at all by cyber criminals, according to a previous Terranova Security report.
The Treasury Board Secretariat, meanwhile, is quick to point out that the move is simply a precautionary measure.
“The decision to remove and block TikTok from government mobile devices is being taken as a precaution, particularly given concerns about the legal regime that governs the information collected from mobile devices, and is in line with the approach of our international partners. On a mobile device, TikTok’s data collection methods provide considerable access to the contents of the phone,” says Fortier.
“While the risks of using this application are clear, we have no evidence at this point that government information has been compromised.”
Only 40 per cent of employers planned to offer cybersecurity training in 2022, IT company NOVIPRO previously reported.
TikTok data collection
TikTok has become a major player in the social media field, but it “gained an edge through its ability to collect sensitive data about users, even when those users neither saved nor shared their content,” says nonprofit Center for Internet Security (CIS), headquartered in New York.
“TikTok’s data collection is more intrusive than other apps,” it says. The data TikTok collects from users include the following:
- Device details: device brand and model, Operating System (OS) version, mobile carrier, browsing history, app and file names and types, keystroke patterns or rhythms, wireless connections and geolocation
- Personally identifiable information (PII) as well as user data collected from other sources, including age, image, personal contacts, relationship status, preferences and other data collected through a single-sign on (SSO) feature that allows users to sign into TikTok from other platforms
- “The content of [messages] and information about when [messages are] sent, received and/or read.”
“Regardless of an organization’s position on TikTok specifically, it is imperative that guidelines be set forth in an Acceptable Use Policy (AUP) for business devices,” says CIS. “For those who would like to take it a step further, social media apps can be easily blocked by category or by specific infrastructure, such as Internet Protocol (IP) addresses and domain names.”
There was a 150 per cent year-over-year ransomware surge in 2020, yet 90 per cent of IT decision-makers claimed their organization would be willing to compromise on cyber security in favour of digital transformation, productivity or other goals, according to a previous report.
And the average cost of a breach back then exceeded $4.2 million.