June 4, 2024 By Jennifer Gregory 3 min read

President Joe Biden signed a bill on April 24, 2024, giving Byte Dance, the Chinese parent company of TikTok, two options: sell TikTok within nine months or face a ban on the app in the United States.

The bill comes after years of concerns that the app increases cybersecurity risk. In March 2024, the House passed a bill banning TikTok, but it was not passed by the Senate. However, in April, Speaker Mike Johnson included the House TikTok bill into a $95 billion foreign aid supplemental plan.

DoD details TikTok cybersecurity concerns

An April 2024 release from the Department of Defense details the federal government’s reasons for putting a ban into action. John F. Plumb, the Assistant Secretary of Defense for Space Policy and Principal Cyber Advisor to the Secretary of Defense, describes TikTok as a potential threat vector to the United States. Unlike American-based social media platforms, the Chinese government states that they will touch data from the platform at any time. According to Plumb, China has used its cyber capabilities to steal sensitive information, intellectual property and research from U.S. public- and private-sector institutions, including the defense industrial base, for decades.

“Chinese cyber intrusions are the most prolific in the world. In crisis, PRC [China’s] leaders believe that achieving information dominance will enable them to seize and keep the strategic initiative, disrupt our ability to mobilize, to project and sustain the joint force and to ensure the PRC’s desired end state,” Plumb said.

Additionally, the concern has increased due to the large number of people using the application. Every day, 150 million users access the app, which equates to one-third of adults and one-sixth of kids. In addition to entertainment and funny videos, many people use TikTok for news and product endorsements, which means the app has a wide influence on users. Army General Paul M. Nakasone, Commander of U.S. Cyber Command, Director of the National Security Agency and Chief of the Central Security Service, said the wide usage provides a foreign nation with a platform for information operations and surveillance and raises concerns in regards to who controls that data.

Review threat detection & response solutions

What happens next with the bill

The bill faces significant challenges, including legal challenges, anti-trust hurdles and public backlash. According to experts, the ban could take years to go into effect if it does. Additionally, questions remain about the FTC’s ability to be involved in the approval of a sale of the company.

Shou Zi Chew, TikTok’s CEO, stated that the company would begin legal challenges to the bill. In a TikTok post, Chew said, “Make no mistake, this is a ban, a ban on TikTok and a ban on you and your voice… We are confident, and we will keep fighting for your rights in the courts. The facts and the Constitution are on our side, and we expect to prevail.” He went on to tell users to share stories about how TikTok impacts their lives to showcase exactly what they are fighting for.

As the bill is written, it will not be illegal for U.S. citizens to have the TikTok app on their phones or to use the social media platform in the country. However, people will no longer be able to download the app from the United States. According to Time, users will still be able to use the app but will not be able to update the app with new versions, security patches and bug fixes, which means that the app will eventually not be usable or secure. While it may be possible to perform these functions over a Virtual Private Network, there are questions about this workaround.

Although a bill has been signed, it will not take effect for at least nine months from now. United States users can still download the app in the country without issue. However, TikTok users should continue to monitor the progress and news regarding the bill.

More from News

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today