TikTok has sparked concerns not only among governments worldwide, but also among the general public over the issue of data privacy.
As governments focus on national security threats, there is also growing public concern regarding the potential impact of the application on young people.
A significant majority of TikTok users in Malaysia fall within the age range of 18 to 34, comprising over 70 per cent of the total user base.
PART 1: TikTok in Malaysia: A national security threat?
In the final instalment of a two-part series, academics and CyberSecurity Malaysia speak to the New Straits Times on whether Malaysia should follow in the footsteps of some countries in banning the app, as well as whether TikTok is being unfairly targeted due to its ownership by Beijing-based ByteDance Ltd.
CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab, Institute of Strategic & International Studies (ISIS) Malaysia senior analyst Farlina Said and Universiti Malaya Faculty of Computer Science and Information Technology Deputy Dean (Research) Associate Professor Dr Ainuddin Wahid Abdul Wahab weighed in on the matter.
SHOULD MALAYSIA BAN TIKTOK?
Farlina believes there may be value in prohibiting certain apps on the devices of government officials, as their work demands high confidentiality.
However, she said, any approach taken by Malaysia should be technology-neutral and based on a thorough risk assessment.
"If there is extreme confidence in the application's access permissions, data management and assurance that cybersecurity practices would guarantee no unwanted access and leakages, then the trust in such applications can be high. Thus, access to the app can be based on that trust."
Amirudin did not discount the possibility of Malaysian TikTok users being at risk, especially civil servants and lawmakers.
He, however, said fully banning app was an "extreme measure" that did not meet international human rights standards.
"Under international human rights law, blocking an entire service or application is not regarded as necessary and proportionate, and has been declared unlawful in several instances."
Instead, he said government offices and state offices could implement policies and procedures around the use of social media apps like TikTok on official devices.
"This may include restrictions on which devices can be used to access the app, guidelines on what types of content can be posted or viewed, and regular security training for employees.
"Furthermore, it would be beneficial to increase user awareness among employees and publish advisories, as well as best practices to guide them on engaging with TikTok ethically and responsibly."
Amirudin also stressed the need for regulators and policymakers to implement measures to ensure the app was being used responsibly and ethically.
He emphasised a targeted and evidence-based approach to policy-making for the government to balance the need for cybersecurity and privacy with the potential impact of a TikTok ban on individuals and businesses.
"An in-depth analysis of the potential risks and benefits must be undertaken, and the effects on individuals, communities, and the broader economy must be thoroughly evaluated.
"The concerns that need to be weighed include freedom of expression, economic impact, the impact on users, national security concerns, and the risk of retaliation."
Amirudin highlighted the specific concerns of TikTok vis-a-vis the Malaysian context, which include privacy and security concerns, inappropriate content, addiction and mental health, cultural concerns related to the 3R (Race, Religion, Royal), misinformation and propaganda, as well as fake news — particularly those related to the 3R.
Therefore, he said, local TikTok users must remain aware of these potential threats and take steps to safeguard their privacy and well-being while using the app.
"This could include adjusting privacy settings, limiting the time spent on the app, and being mindful of the content they consume and share."
Ainuddin said the government should ban or limit access to TikTok only if it had valid reasons and justifications.
"However, selective banning (for civil servants or educational institutions) may not work since enforcement poses a significant challenge.
"We must not blindly follow other countries' actions without proper justification."
He also said the government should focus on monitoring possible issues that could arise from TikTok usage, rather than targeting individual users.
"When we talk about national sovereignty, TikTok might be dangerous as it allows anyone to share their thoughts or ideologies, regardless of whether they may be inappropriate for certain cultures or countries.
"Social media is a world without boundaries, but in reality we are not," said Ainuddin, who is also Associate Editor of the Elsevier Journal of Information Security and Applications,
THE RISKS AND COSTS OF A TIKTOK BAN AND ALTERNATIVE APPROACHES
Ainuddin said that while there might be concerns for businesses that heavily rely on the app for marketing campaigns, there were other social media platforms available as alternatives.
Given that TikTok has proven to be an effective marketing platform, he believes it may be necessary for boosting the economy.
"The best approach is to educate users on how to stay safe online.
"Data privacy is crucial, but we need to recognise that most of the data is voluntarily provided by users who should already be aware of the consequences of sharing their lives on social media."
He suggested that businesses and educational institutions make use of policies that can be tailored according to the organisation's needs and culture.
"Technology will keep evolving. Avoiding it may provide short-term benefits, but in the long term, we still need to deal with it. So, use it wisely.
"Yes, deleting TikTok may help, but we need to realise that if someone downloaded our content during its availability, there's not much we can do.
"To be safe on TikTok, either avoid it or use it wisely. Know what to share and the effect of sharing the content."
Meanwhile, Amirudin said banning built distrust among countries and companies, and such an act risked significantly impacting politics, the economy and society.
He also pointed out that while a ban could limit the amount of personal information collected and shared by the app, it would also limit the ability of marginalised communities to share their stories.
"Additionally, a ban could limit the ability of activists and advocates to raise awareness and mobilise support for their causes."
Amirudin said users should instead be vigilant of the potential threats and adhere to security best practices while using TikTok.
It's also essential to stay informed about the latest security and privacy risks associated with TikTok and other social media platforms, and to take appropriate action to protect sensitive information, he said.
"Regular patches and upgrades must also be in place to prevent potential cyberattacks on official devices.
"In addition, the TikTok account must be protected by adhering to a strict password management policy, as many cyber-attacks are exploiting weak credentials nowadays.
"Also, have regular communications with the local TikTok provider on any concerns and report any suspicious activities concerning the app."
Instead of implementing a TikTok ban, he said policymakers could consider alternative approaches such as increased regulation and oversight, promoting competition in the social media industry, and incentivising companies to prioritise user privacy and data protection.
Another approach could be to address the underlying concerns around national security and data privacy through diplomatic negotiations with China, where TikTok's parent company was based, Amirudin added.
THREAT TO YOUNG USERS
An intriguing conspiracy theory suggests that TikTok — described as "digital opium"— exists to make people outside of China "dumber", while the domestic version, Douyin, is intended to make domestic us-ers smarter.
Farlina noted that technology has the power to reshape the way the current generation thinks.
The issue in a conspiracy theory such as that, she said, was the bias feeding the algorithms that could skew experiences online.
"There is the possibility that such biases are organic, but there can also be biases fed by misinformation and disinformation or are deliberately manipulated, and are not caught by the platform.
"These could ask platforms to play the role of arbiter as they balance freedom of speech with censorship and generating greater content."
Ainuddin, on the other hand, suggested that describing TikTok as making people "dumber" might not be the most appropriate way to articulate the issue.
He explained that increased app usage, particularly on social media platforms, might impact users' cognitive function and social skills.
"App technology today often emphasises quick response times, which can lead to impatience in the real world where instant responses are not always possible.
"Furthermore, our medium of communication has also changed, with digital platforms becoming the major way of communication.
"Less talking and physical communication can make people appear less intelligent in a way."
Therefore, Ainuddin said, it was essential to balance the use of the app with other activities to maintain cognitive and social development.
Amirudin highlighted several potential risks associated with using TikTok, including exposure to malicious content, harmful or inappropriate content, cyberbullying and grooming, vulnerabilities in the app that could be exploited by attackers, and the risk of data breaches.
"It is, therefore, important for users to be vigilant of these potential threats and to take steps to protect their privacy and wellbeing while using the platform."
KHAIRY: TIKTOK IS BEING TARGETED
Khairy Jamaluddin, a visiting senior fellow at the ISEAS-Yusof Ishak Institute in Singapore, briefly touched on the scrutiny facing TikTok in his Keluar Sekejap podcast recently, where he characterised the issue as a facet of a technological and geopolitical war.
The former science and technology minister acknowledged the importance of investigating the potential misappropriation of user data from social media.
"This is a serious matter, as seemingly trivial videos on platforms like TikTok can reveal valuable insights into a user's thoughts, and such data can be manipulated and used to influence a person's behaviour through algorithms."
Khairy, however, suggested that the criticism of TikTok in the United States might be influenced by its status as a Chinese-owned company.
He said this in reference to the congressional hearing in March, where TikTok chief executive officer Shou Zi Chew was questioned by US lawmakers, in which he found one question by Congressman Richard Hudson to be particularly strange.
Hudson had asked Chew, a native of Singapore, if TikTok had access to the home Wi-Fi network and if it was possible for the app to access other devices on that network.
Khairy also said TikTok "has done all it can to ensure users' data can't be accessed by China."
"ByteDance has said it is making a conscious effort to ensure that the data is secure. So, this is a commitment given by TikTok.
"I think Americans have made up their minds. They just want to ban TikTok or force ByteDance to sell TikTok to a US company. The crown jewel of TikTok is the algorithm.
"But there is a ban on technology export in China. So, China will not allow ByteDance (to sell TikTok).
"If we are worried about data obtained by TikTok, then we should be worried about data obtained by Meta, Alphabet, Google, or Facebook.
"It's the same. But in this case, because it's China, (they claim it's linked to) Chinese Communist Party. This is the Cold War all over again."
China had, in 2020, issued new restrictions or bans on tech export, which required companies to seek government approval — a process that can take up to 30 days.
China's Commerce Ministry spokesperson, Shu Jueting, recently said China would "strongly oppose" a forced sale of TikTok.
CALL FOR REVIEW: PDPA 2010
In the wake of this issue, Khairy called for the review of Malaysia's Personal Data Protection Act (PDPA) 2010, noting that the law only regulates the processing of personal data in commercial transactions, unlike similar laws in developed nations.
He cited the European Union General Data Protection Regulation (GDPR), dubbed the strongest privacy and security law in the world, as an example.
The GDPR protects the personal data of EU citizens and affects any organisation that stores or processes their personal data, even if it did not have a business presence in the EU.
"Here, we are witnessing a technology war between the US and China and accusations that each is trying to use personal data to produce algorithms that can influence our behaviour.
"I think it's time that we review our PDPA as well," Khairy said.
TIKTOK VS META AND OTHER PLATFORMS
Amirudin said while other social media platforms such as Facebook, Instagram, and Twitter have faced data privacy and security concerns, they are not specifically tied to a foreign government.
He also highlighted TikTok's algorithmic recommendation system and data collection practices, which have been scrutinised due to concerns about the potential for algorithmic bias and the amplification of harmful content.
"This has raised concerns about how this data is being used and whether it could be accessed by third parties."
Farlina noted that news coverage tends to focus on the widespread use of trackers and the depth of insight these apps provide when talking about the risk associated with the platforms.
Each platform, she said, could have nuanced differences based on the logic or social layers, such as the algorithms' intuition, the amount of data collected, and who had access to the platform.
"While Facebook and Google try to limit their data collection to non-sensitive information, trackers can still capture sensitive data.
"Transparency and choice are important. It's critical that users know what data is being collected and can opt out."
Ainuddin said in terms of collecting data, TikTok was the same as Facebook, Instagram, and Twitter.
"Compared with other social media platforms, TikTok content can be viewed without registration by non-members. This may introduce cybersecurity concerns."
Ireland's National Cyber Security Centre director Richard Browne recently said TikTok did not differ in lots of ways from many social media applications, but the app had "extremely high permissions".
"It is on the very high end, if not the highest end, in terms of the amount of user data it collects."