from the treating-the-symptoms,-not-the-disease, dept
U.S. consumers face a parade of major privacy and security problems. Poorly secured routers, Internet things devices with zero privacy and security safeguards, major telecom network vulnerabilities, a massive unaccountable adtech and telecom hyper-surveillance apparatus (often unaccountably linked to government), all operating in a country that can’t seem to pass a privacy law for the Internet era because Congress is too corrupt.
Yet for whatever reason, the press and broader discourse remains singularly focused on…TikTok. For example, Buzzfeed released a report recently noting that “engineers in China” (read: at Beijing-based TikTok owner ByteDance) had repeated access to U.S. user TikTok data, contrary to a lot of ByteDance and TikTok promises that U.S. user data is stored in the U.S.
To be clear, this is dumb and bad. TikTok officials had testified before Congress that a “world-renowned, US-based security team” employed by the company strictly decided who got access to said data. It generally blows up a lot of the superficial promises the company has made as it tries to untangle itself from ByteDance and fears of Chinese intelligence agencies exploiting the app’s popularity.
Criticizing a company for being full of shit is fine. Countless companies all over the world are immensely full of shit when it comes to largely performative privacy practices. But for whatever reason we seem singularly obsessed with TikTok, and the singular threat the company poses to planet Earth. In a way that drowns out the broader issues and context.
But these stories always operate in a weird, contextual vacuum. One where the entirety of global technology markets aren’t a privacy shit show and user datasets of all kinds aren’t bouncing around the ether. This is Buzzfeed’s analysis, for example:
Lawmakers’ fear that the Chinese government will be able to get its hands on American data through ByteDance is rooted in the reality that Chinese companies are subject to the whims of the authoritarian Chinese Communist Party, which has been cracking down on its homegrown tech giants over the last year. The risk is that the government could force ByteDance to collect and turn over information as a form of “data espionage.”
Here’s the thing. The global adtech, telecom, and app privacy space is an absolute clown show, with just an endless parade of hardware/software/service companies over-collecting user location, financial, behavioral, and other data from every device you use, and selling access to it to a massive roster of random shitheads all over the planet.
The U.S. has no privacy law for the Internet era. The FTC is too understaffed and underfunded (by design) to tackle privacy seriously. We talk a lot about privacy but we do very little about abuses, because hyper-collection of data is simply too profitable to too many individuals and industries.
As a result, if you were to take a giant, patriotic hammer to TikTok and smash it into a million patriotic little pieces, it would prove irrelevant in the larger scheme of things. Chinese intelligence officials (just like any other government) have unchecked access to just an unlimited trove of various datasets gleaned from no limit of poorly secured and monitored hardware, apps, and services.
Buzzfeed at least introduces this concept later on its its story (most outlets don’t), but immediately dismisses the point to try and argue that TikTok could be used for mind control:
Project Texas’s narrow focus on the security of a specific slice of US user data, much of which the Chinese government could simply buy from data brokers if it so chose, does not address fears that China, through ByteDance, could use TikTok to influence Americans’ commercial, cultural, or political behavior.
Again though, numerous apps all over the world are routinely exploited all the time by a wide variety of bad actors to push problematic propaganda (take a look at your MAGA Uncle’s Facebook feed sometime).
But the press likes to single out TikTok’s shitty privacy and security standards — and the data TikTok collects — as somehow unique. Usually because it’s Chinese. In response to the news, outlets like Mashable even went so far as to try and suggest that this all somehow means that the Trump administration was right to repeatedly and singularly freak out about TikTok:
That means some signs are now pointing to former President Donald Trump potentially being correct in his assessment of the app when he said in an August 2020 executive order that TikTok’s “data collection threatens to allow” China to “access to Americans’ personal and proprietary information.” TikTok repeatedly said it has never and would never share U.S. user data with the Chinese government.
That introduces the other problem: nearly all of our “solutions” to the TikTok problem are always weird and performative. The Trump administration didn’t give a flying shit about any of a million other consumer and privacy issues, but was breathlessly concerned about TikTok. Their solution? Some dumb cronyism that attempted to offload the entire successful company to his friends at Walmart and Oracle.
The Trump GOP wasn’t actually worried about TikTok user privacy. They’d shown zero indications they were concerned about consumer privacy more broadly. They saw a Chinese company that was successful and wanted it, and used xenophobia to try and get it. Far too many press outlets ignorantly conflated this with a good faith effort to genuinely rein in Chinese intelligence or fix U.S. privacy problems.
More recently, TikTok and officials (and by proxy the press) have made a big deal about how much of TikTok’s data will now reside at Oracle — a company with some of the sleaziest lobbying practices in tech — that actively lobbies against any kind of privacy oversight, and whose CEO recently got all hot and bothered about the prospect of ending U.S. democracy. This is, I’m told, a “fix.”
Again, none of this is to defend the shitty Chinese government or TikTok’s shitty and performative privacy practices. The Chinese government is a violent hyper-surveillance and censorship shit show in a way that exceeds even America’s grandest ambitions on this front.
But there’s a much broader problem here. Namely that the entire adtech, telecom, and privacy space is an unaccountable dumpster fire. The singular fixation on one app by one company because it’s Chinese (gasp), and the xenophobic hysteria and half-cooked solutions that follow, are just kind of… dumb? And in many cases, driven by competitors who couldn’t care less about privacy anyway.
If you’re going to hyperventilate about U.S. consumer privacy, at least hyperventilate in proper context.