App bans won’t make US security risks disappear

Will the US government ban TikTok and WeChat, or won’t it—and why? With the Trump administration issuing vaguely phrased executive orders and policies about the apps, even as legal challenges against potential bans move through the courts and the president gives his “blessing” to a deal to keep TikTok in US app stores, it’s hard to make out a coherent story.

The Trump administration’s actions against the two Chinese-owned social-media platforms are driven more by politics and an effort to seem tough on China than by actual privacy, safety, or national security concerns. However, that doesn’t mean there aren’t tough challenges ahead in regulating digital platforms based in China, the United States, or anywhere else.

As the TikTok and WeChat stories unfold—and no one should expect a permanent resolution anytime soon—policymakers, technologists, and citizens should look beyond this chaotic start to the deeper, unresolved questions. Now is the time to develop comprehensive policy tools that protect privacy and national security from threats foreign and domestic.

Similarly, if the Trump administration were truly serious about stopping malign actors from abusing personal data from US-based users, or serious about stopping foreign intelligence agencies from gathering massive datasets describing US society, they would go to the root of the problem: an app economy that collects and monetizes as much data as companies can manage.

TikTok and WeChat critics cite the way the apps collect location data, device identifiers, social connections, browsing histories, and more to argue that the Chinese government could use this data in some kind of machine-learning-driven analysis down the road. Cutting off the apps’ access to US-based users, they say, would shield the country from Chinese intelligence—all while protecting US citizens’ privacy.

Now is the time to develop comprehensive policy tools that protect privacy and national security from threats foreign and domestic.

Not so fast. In a 2018 study, Oxford scholars analyzed data flows coming out of almost 1 million apps on the US and UK Google Play stores. They found that the median app sent user data to five tracking companies, and 17% of apps sent data to more than 10 trackers. More than 90% of apps analyzed sent data to a US-based company, while 5% sent data to a China-based company. Granted, these numbers only capture the data’s first stop after our smartphones. Some of the data siphoned to advertising networks and trackers is for sale, and both sellers and buyers can be hard to track down.

It’s not as if the US government is unaware that companies based outside China—including those in the United States—could potentially misuse this kind of data store. The Cambridge Analytica scandal, which largely revolved around data obtained from the US tech giant Facebook, showed that the 2016 Trump campaign was well aware of how digital data could be used for political influence.

Nor are authorities blind to the other ways Chinese intelligence is thought to obtain mass data about Americans. Chinese hackers are suspected in the hack, revealed in 2015, of a poorly secured US Office of Personnel Management database, as well as breaches at Anthem health insurance, Marriott hotels, and the credit agency and data broker Equifax.

The true scandal is not that the Chinese government might exploit personal data—a well-documented and unsurprising move from a major intelligence apparatus. It’s that doing so is so easy for them and many others, and will remain so even if TikTok and WeChat are banned.

That said, the Trump administration’s attempts to ban TikTok and WeChat were a mess. They suffered from the administration’s typical erraticism as Trump, a beleaguered incumbent, tried to be seen as tough on China after weak results from a costly trade war. Moreover, they do almost nothing to address the very real privacy and security risks of corporate data exploitation run amok.

There is an upside, however, to all the attention people are paying to the administration’s claims. These would-be bans might finally drive US citizens and institutions to demand comprehensive privacy and data governance. People rightfully concerned about potential foreign threats online should unite to take on the broader challenge.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *