Louisiana bans TikTok on state networks and devices. Will it make any difference?

This story is republished from Louisiana Illuminator. Read the original article.

Fueled by concerns of state data falling into the hands of Chinese communists, Louisiana has enacted a ban on the use of TikTok on state-owned networks and devices.

Cybersecurity experts aren’t convinced the threat is real, with some saying the new law will not have the intended effect.

House Bill 361, sponsored by Rep. Daryl Deshotel, R-Marksville, bans use of the popular social media application on all state-owned devices and state-administered networks, including college campus Wi-Fi.

Deshotel pitched his bill as a needed security measure, pointing to FBI Director Christopher Wray’s warning earlier this year that China could use the app to control data from U.S. consumers, control software and drive political narratives.

“This is a tool that is ultimately within the control of the Chinese government, and … it screams out with national security concerns,” Wray told the U.S. Senate Intelligence Committee in March.

Will the Ban Make Things Safer?

Probably not, experts say.

The wording of Deshotel’s proposal is very particular: “The Office of Technology Services shall develop a policy… to prohibit the use of any covered application on any computer, device, or network owned or leased by the state.”

The language prohibiting the “use” of the app, rather than the app itself is important. The original fiscal note for the bill, which at that point would have required the removal of TikTok from all state devices, listed the cost for software required to keep the app from being downloaded would cost the state $15 per month per device.

The bill was later amended because of that cost.

Even if someone is unable to use an app, its presence on their phone still gives the app access to some of the user’s data, said Golden Richard, an LSU cybersecurity professor.

James Lewis, a technology policy expert with the Washington, D.C.-based Center for Strategic and International Studies, agrees with Richard’s assessment.

Even if the app isn’t used, it would continue to be updated when the smartphone connects to an outside network and pose a risk to the user’s personal data, Lewis said.

“That’s basically a third party being able to put software on your phone,” he said.

In an interview, Deshotel dismissed the experts’ concerns, saying his primary goal was to protect state-owned networks from the Chinese government.

But banning all devices connected to the network from using TikTok isn’t necessary to achieve that, Lewis said, because the app doesn’t have the ability to take over a network.

“If TikTok is used to steal credentials, then you could affect the network… I haven’t heard of any instances of that happening,” Lewis said.

Even if the app could steal someone’s credentials, Lewis said it would only pose a risk if the device belongs to a network administrator or another user who has access to control the network.

“If you’re a person in the building, they could use it to collect information on you… but it doesn’t give you automatic privileges,” Lewis said.

Does TikTok Pose a Threat to Louisiana?

Milton Mueller, a cybersecurity policy researcher at Georgia Tech, says no.

“Some people are trying to sort of promote the foreign policy agenda by stigmatizing an app, a private company’s app, because the private company is based in China,” Mueller said.

Mueller said arguments of those who want to ban the app don’t hold water, such as the possibility user data could end up in the hands of the Chinese.

“What might be sensitive data depends on who it is and what they’re doing,” Mueller said. “I think you don’t need to ban TikTok as an app or even keep it off of all government phones unless the people using it are in sensitive positions.”

But to those people who work in intelligence or military positions, TikTok is no more a threat than any other social media app, Mueller said.

Plus, the idea that the ban should apply to college students is “stupid,” he added.

“What’s the danger?” Mueller said. “What do they think is going to happen with a college student making a video or looking at videos in a dorm room?”

Lewis said that while the state might have the authority to ban TikTok on campus Wi-Fi, the measure doesn’t actually do much to reduce risk.

Mueller also questioned the suggestion that China is using TikTok to influence American elections. He and his colleague, Karim Farhat, debunk this claim in a study published by Georgia Tech’s Internet Governance Project,

“Retooling the algorithm to recommend the messages of the Chinese Communist Party in defiance of user preferences would undermine the very thing that makes TikTok popular,” the pair wrote. “The app would gradually lose its audience, and with it, its effectiveness as a vehicle for influence operations. (Chinese Communist Party) propaganda is not what the vast majority of TikTok’s user base wants to see.”

TikTok was banned on devices in the Secretary of State’s office, which oversees elections in Louisiana, effective Dec. 19.

That led Commissioner of Administration Jay Dardenne to recommend that Gov. John Bel Edwards ban the app on executive branch networks and devices.

Dardenne, who previously served as secretary of state, said election security concerns alarmed him, and he wanted to protect state networks as well. Dardenne said he did not consult with any cybersecurity experts before making his recommendation to the governor.

What About Personal Data?

TikTok, like other social media apps, collects personal user data, but research indicates it’s largely for commercial purposes, although Richard said that information could be useful if the user is a person of interest to the Chinese government.

“It’s not unreasonable to be concerned about TikTok, but you have to be respectful of the limits of the First Amendment and free speech,” Lewis said. “TikTok, hilariously enough, is protected speech.”