The UK government has banned the use of the Gen Z-beloved, China-owned social media application TikTok on government-owned devices with immediate effect, following in the footsteps of its United States and European Commission counterparts.
The ban follows a review of TikTok conducted by the National Cyber Security Centre (NCSC), and was widely anticipated to be imminent in the wake of remarks made earlier in the week by prime minister Rishi Sunak and security minister Tom Tugendhat.
“The government is strongly committed to bolstering our national security to meet the challenges of today and of tomorrow. We take the security of government devices very seriously and we are constantly working to ensure that those devices remain as safe and secure as possible,” said chancellor of the Duchy of Lancaster, Oliver Dowden in a statement to the House of Commons today.
As part of this effort, the NCSC review explored the risks posed by some third-party apps on government devices, in particular TikTok.
“That review has now concluded and it is clear that there could be a risk around how sensitive government data is accessed and used by certain platforms,” he said.
“Social media apps collect and store huge amounts of user data including contacts, user content and geolocation data. On government devices that data can be sensitive, and so today we are strengthening the security of those devices in two key respects,” said Dowden.
“First, we are moving to a system where government devices will only be able to access third-party apps that are on a pre-approved list. This system is already in place across many departments; now it will be the rule across government. Second, we are also going to ban the use of TikTok on government devices. We will do so with immediate effect.”
Dowden said that the ban was a “precautionary move” and that the government was aware that use of TikTok across the Westminster estate is limited, but that to ban it represented “good cyber hygiene”.
He added: “Given the particular risk around government devices which may contain sensitive information, it is both prudent and proportionate to restrict the use of certain apps, particularly when it comes to apps where a large amount of data can be stored and accessed.”
The ban applies to government devices within ministerial and non-ministerial departments but does not extend to personal devices used by government employees, ministers, or the general public. Limited exemptions may be provided on a case-by-case basis, but Dowden did not say what those might be.
Dowden said that, nevertheless, people should practice caution online and carefully consider the privacy policies of social media apps in general.
Responding to Dowden’s statement in the Commons, Labour deputy leader and shadow chancellor of the Duchy of Lancaster, Angela Rayner said: “Once again, the government is late to the game. In August last year, Parliament closed its TikTok account and…in December the US banned TikTok from official devices, and nearly a month ago the European Commission followed suit.
“But on 28 February, the secretary of state for science and innovation [Michelle Donelan] said the app was a matter of personal choice. She said that we had no evidence and that a ban would be very forthright.
“It’s the same pattern over and over again. A government behind the curve with sticking plaster solutions forced to lurch into a U-turn at the last minute. We need a strong, clear-eyed, consistent approach…that ensures that we can protect our national security and put us in a strong position to engage with states such as China where it is in our interest to do so,” said Rayner.
Rayner went on to question why the ban did not go further and only applied to devices owned by central government.
Rashik Parmar, group chief executive of BCS, the Chartered Institute for IT, said that national security concerns around TikTok for politicians and government employees were significant and a ban reasonable, but that the data of individual teenagers was probably not of much concern to the Chinese government.
“It is reasonable to expect that social media linked to a non-allied state should not be on the devices of government officials. Building public trust in technology is vital at this time, when the apps we use every day are so closely linked to geopolitics,” he said.
Lisa Forte of Red Goat Cyber, who sits on BCS’ Information Security specialist group, added: “The ByteDance [TikTok’s owner] policy of harvesting the data you put into the app – personal details, or metadata embedded in videos – is significant for groups of people entrusted with sensitive information on a professional basis.
“The people who should be concerned are politicians, government civil servants, CEOs of tech companies that generate lots of intellectual property [IP], or journalists. So it is right for the UK to look to limit or restrict certain groups having the app on their work phones, as other countries are doing,” she said.
“The individual risk to a random UK teenager is small; the risk to the ordinary person lies not in the data harvesting – which is not unique to TikTok anyway – but more in the manipulation of the algorithm to young people in the UK see certain types of content. There are suggestions that in China the algorithm prioritises educational content whereas in Europe it prioritises dance videos and polarising material.”
Computer Weekly reached out to TikTok but had not received a response at the time of writing. The company has previously said that a ban would be “disappointing”, while the Chinese government has accused the West of being paranoid over its use.