WILL CONTRACTORS BE NEXT FOR TIKTOK BAN?

TikTok will now be banned from all federal devices as part of the FY’23 omnibus appropriations measure.  While DOD and parts of DHS had previously banned the popular app from their devices, Congress has decided that the risks associated with TikTok mandate that it be removed governmentwide, except in rare instances.  More than a dozen states have already passed similar legislation.   The primary issues are that the app’s developer has close ties to the Chinese government and collects considerable personal information on its users.  This may enable Chinese officials to gather personal information for intelligence purposes. According to industry experts, the main difference between TikTok and other social media apps is that TikTok is much more driven by user-specific recommendations. “Arguably this would mean that TikTok could be more open to that feed being manipulated to achieve some sinister goal,” said Julian McAuley, a professor of computer science at the University of California San Diego, in a recent National Public Radio story.  It would not be at all surprising to see the government prohibit contractors engaged in any sort of classified or sensitive government work to be prohibited from having TikTok on company, or even employee, devices.  Federal contractors are already prohibited from having certain types of banned IT and telecommunications equipment anywhere in their company via Section 889B regulations.  Similarly, pending Cybersecurity Maturity Model Integration (CMMI) rules require contractor systems to meet specific cybersecurity criteria even when handling Controlled Unclassified Information (CUI).  Cybersecurity, overall, remains a top federal IT priority.  Government contractors may want to be proactive and start banning TikTok use in their company now.  A simple Google search on “TikTok Risks” returned over 28 million hits.  Contractors should consider whether the potential risks could interfere with their government business.