OSINT and TikTok: Striking a Balance between Intelligence Gathering and Privacy Protection
The US government has been pressing down hard on the Chinese-owned social media company TikTok, raising many questions over intelligence gathering and privacy protection.
The major defence that has kept the US government from banning TikTok is human rights and civil liberties.
Over the past few weeks, news of a threatened TikTok ban has taken over the internet. The US government has been pressing down hard on the Chinese-owned social media company, and the issue has raised many questions all over the internet. The back and forth between TikTok and the US government has delivered more memes than questions. This article will give answers to as many questions as it can.
Well, to properly understand the situation, we need to understand the root of the case: open source intelligence (OSINT):
Open-source Intelligence (OSINT)
Open-source intelligence can be traced back to a simpler time of intelligence gathering. OSINT only began to experience real growth with the introduction of the internet and social media. This was a real revolution in the way information was gathered, analysed, and used. The longer the internet stayed, the more data it had and the more intelligence there was to gather. The increasing use of open-source software and technologies has made OSINT a critical tool for data and intelligence gathering.
Open-source technologies have become a trend among tech companies. Open-source technologies are software programs that make their development, extension, and passion public for anyone to see and copy. Open-source technologies, unlike closed/proprietary software, encourage a community where developers can grow by having access to already successful program databases.
OSINT is a technology that takes advantage of open-source platforms. In simple terms, OSINT can be described as a system for extracting valuable information from publicly available sources. Open-source intelligence analysts use various methods to scan the wide open-source web for very specific information.
With OSINT being at the centre of TikTok’s recent drama, its cons have been put in the spotlight, especially the risk of a data breach. Making a database open source puts users at risk. Internet users with their private information on these networks are at risk of a data leak or a security hack.
However, apart from leaking your personal data to the Chinese government, OSINT is also put to good use. By making valuable information available for law enforcement and intelligence agencies, open-source information has been cogent in a number of criminal investigations. The investigation of the January 6 insurrection and the Boston marathon bombers was heavily powered by open-source intelligence.
It is worth mentioning that not only social media platforms have open-source codes and are vulnerable to OSINT; companies like OpenAI, GitHub, and Launchpad also participate in open-source.
So why is TikTok under the radar? Well, many countries have rules that guard people’s privacy and guide how open-source information is used. In the US and many other countries around the world, private information on open-source databases can only be made available under certain circumstances. However, China doesn’t have these. The rules guarding open-source information in China simply state that information be made available to the Chinese government upon demand. This also means that TikTok, as a Chinese company, is obliged to turn over their user data to the Chinese government (including non-Chinese users).
So far, TikTok has assured that user data is safe with them, but the US government still has to be sure of where their allegiance lies.
TikTok and Surveillance
Since its introduction into the global market, TikTok has faced major controversy over its data collection practices. In late 2019, Donald Trump made the first move to ban TikTok in the US. Over the past few weeks, Biden's administration has also attempted to ban TikTok.
But why? Firstly, in about 5 years since TikTok went global, it has amassed a community of over 1 billion active users worldwide, with 150 million of those users being from the US. Like every other social network, TikTok collects a lot of data from its users. This includes information that users willingly provide, like publicly posted images and videos. But there is also data collected in the background, like location, device information, IP addresses, and browsing history. Apps use data like this to personalise user content and enhance their time on the app.
What makes TikTok different from other social media networks?
It has a Chinese affiliation. While TikTok collects as much data as any other social network, the main concern is what it does with this data. TikTok's parent company, Bytedance, is a Chinese company. And because China demands unrestricted access to the information of internet users in their country, there is the potential that TikTok can be obliged to submit the data of its users (even the non-Chinese) to the Chinese government. Giving China access to the private data of TikTok's 1 billion users poses a security risk to many nations in the world.
While TikTok denies such activity, leaks and employee interviews say otherwise. Even Bytedance once admitted to using TikTok to track users' personal locations in real time.
OSINT and TikTok
Over the years, TikTok has become a very efficient OSINT tool. While TikTok is a private platform, most of the data generated—videos, pictures, comments, and profile updates—is publicly available. This means that the data from over 1 billion users is made available and can be accessed whenever necessary. OSINT intelligence analysts can analyse this data and spot patterns of potential threats. They can even discover information that is relevant to ongoing investigations.
And with these opportunities, user information is still protected by national data and privacy protection laws. Even TikTok has terms of service that prohibit illegal document scraping and immodest use of OSINT.
With the wealth of data on TikTok, it opens a wide window of opportunities for open-source intelligence. However, it is handicapped by its challenges. The major challenge is the legal and ethical considerations of how it handles user data.
Protecting Civil Liberties and Human Rights
The major defence that has kept the US government from banning TikTok is human rights and civil liberties. The first move to ban TikTok by the Trump administration was blocked by a federal judge, who considered it "arbitrary and capricious." Judge Nichols believed that Donald Trump did not consider better alternatives before deciding to get rid of the app entirely.
On the contrary, Biden's administration is making a more calculated move towards regulating TikTok's data sharing policy. Considering that the major caveat with TikTok's operation is its Chinese roots and parent company; the US Congress is giving Bytedance the option to sell TikTok to a US company or halt operations in the United States.
In the past, social media companies have had controversies around how open-source information is handled. Facebook and Instagram have both been legally investigated over data privacy and security. However, these companies never faced a national ban threat. Why? These are American companies, legally bound by American data protection laws.
Many consider this a better approach than ultimately proposing a ban and depriving people of their rights and freedoms. The US Congress is picking the best option available to them: preserving human rights and liberties while ensuring that TikTok respects the privacy and freedom of its users.
Data Privacy and OSINT Regulation
In this age of surveillance, there are roles that we can all play to ensure OSINT is applied only for the right reasons. OSINT tool users, OSINT investigators, tech companies, and users all have responsibilities for data safety.
- OSINT investigators and tech companies should adhere to legal standards while collecting and using individual data. Respect for individual privacy and data protection laws should be prioritised in open-source practices.
- Governments all over the world should do better at strengthening data protection policies. The US is making admirable steps in this direction, and others are implored to follow. These laws should be enforced to hold tech companies accountable for how they analyse and use users’ private information. This requires that governments and law enforcement agencies work hand in hand to bring cyberattackers and trespassers to justice.
- Subsequently, this requires transparency and accountability from tech companies. Users of these open-source networks should be aware of how much of their information is actually public. This would prevent scenarios like location tracking and audio recording. The law should require that companies disclose their open-source practices and should also make government data publicly available.
- Users of open-source networks can also do well to protect themselves. Tech companies constantly dish out software updates with security patches. This helps users stay ahead of cyberattackers. When a user fails to make the update, they are susceptible to cyberattacks and OSINT risks.
Regulating open-source intelligence and ensuring that it is used for best practices is not the job of a person or a body. It requires a collective effort to ensure that data protection laws and guidelines are followed by all.
Conclusion
Open-source intelligence has always been a security concern around the world. The case with TikTok is just one of many OSINT-related threats across many platforms. Zoom out a bit. and you'll see that the case between the US government and TikTok goes beyond technology and international politics. It raises a question about the ethics and values backing the companies that hold the information of billions of users. Any company that provides a platform for users to interact is expected to protect and guide the privacy of these users.
This is why a human rights-based approach is recommended for the use of open-source intelligence. Respect for data privacy can help maximise the use of OSINT. Also, social media platforms like TikTok would be a safer place for people’s information. Proper OSINT regulations would improve the benefits of open-source networks while minimising their risks.
The goal should be to empower and encourage more people to use technology. And to do this, values like privacy and transparency should be upheld. Sooner or later, tech companies and judicial systems worldwide will work to regulate the use of OSINT. Only then can the internet be a safe place for people to interact without fear of data or privacy breaches.