(Tom: I received this in an emailed newsletter. No shortage of risks in a digital world. Seems the old saw “knowledge is power” cuts both ways. [Pardon the pun.])
ByteDance is a China-based tech company. They own several smartphone apps but are best known as the parent company of TikTok.
Now, I don’t have to tell you about the dangers of TikTok, there has been plenty written and recorded about that.
Yet, ByteDance and any tech company operating in China have to face new challenges in the way they handle cyber security.
China has imposed a law that requires tech companies to report software flaws to the government.
Companies must report the flaw within 48 hours, and it has to be reported before it’s fixed (there is an obvious sinister intent to this law, which I’ll talk about in a moment).
In the case of ByteDance, the company provided the government with “super user” credentials, giving the government unlimited access to user data.
Which means, the Chinese government was able to collect the data of any and all U.S.-based users, estimated at over 150 million U.S. TikTok users.
There is a lot more to this law than meets the eye. So, here are a few reasons why this law could affect users in the U.S.
State-sponsored hacking:
There is (obviously) a reason the government wants the information on the flaw before it’s fixed…
It allows government hackers to get into the database and extract data. This is especially scary for foreign-made software.
And as you’ve already seen, it’s not just Chinese citizens that will be compromised.
The Chinese government could infiltrate the software and its users who could be anywhere in the U.S.
So, if you use any software that is made in China you should pay close attention if the company is ever hacked.
If there is a security flaw it’s not just hackers you need to worry about, you have to assume the Chinese government has the data as well.
Collected vulnerabilities:
It’s no secret that the Chinese government has massive cyber hacking operations.
While the Chinese hackers are good at what they do they aren’t perfect.
But now they’ll have access to the latest security flaws from tech companies around the world.
By getting information on security issues that tech companies are facing, the hackers are essentially being given blueprints for hacking operations in the future.
So, if there was a hacking method the Chinese hackers missed or overlooked, they would learn about it from the tech companies being forced to self-report.
Foreign companies also comply:
There are plenty of U.S. companies that have offices and operations in China.
But even though these companies are not based in China they are still required to follow the law – it’s the cost of doing business there.
There have been reports that some foreign tech companies have already started complying with the law.
They’ve had to open their software to the Chinese government and its hackers, these companies have no choice unless they want to leave China.
Which means, even if a company is based in the U.S, it still may be forced to share security flaws with the Chinese government or be shut out of doing business there.
This intrusive Chinese law, and forced compliance, requires you to be even more vigilant when it comes to your security online.
That’s why I continue to use a simple, proven method to keep my personal and private information shielded from prying eyes and hackers.
Jason Hanson
Editor, Black Bag Confidential