Not sure what you men by "neither TT nor their contractors have taken steps to assure the public." If Project Texas were to be completed, and it has not/not been completed, even though the security professional tech bros at CFIUS think it is a sound technical solution, then TT would be in a position to explain it to the public. Without a…
Not sure what you men by "neither TT nor their contractors have taken steps to assure the public." If Project Texas were to be completed, and it has not/not been completed, even though the security professional tech bros at CFIUS think it is a sound technical solution, then TT would be in a position to explain it to the public. Without a full approved mitigation strategy, this cannot happen, which is not at all surprising. In the meantime, people on TV everyday are citing 2 or 3 year old examples of people in China having access to data, well duh, Project Texas was not in place 2/3 years ago and would need to be completed before the controls were in place. Has any other social media company even contemplated setting up such as system? The answer of course is no, so if you really cared about insider jobs and user data, then you would be advocating for a US data security law and equal treatment of all social media companies. The Aurora intrusions as you may or may not recall, was an insider job. On the locational data, are you serious arguing that the CCP is interested in tracking the movements of teenagers making videos on Tiktok? The IC concern about data hoarding is based on mirror imaging and in any case, the concern is way overblown, as Mueller addresses nicely in the IGP piece. US government workers probably should not be using TT or ANY social media, and that has already happened to a large degree because of rules against government workers using TT on their work phones. The idea that the CCP is going to hoard data on teenage video influencers for some future nefarious purpose is just not the way the real world works, trust me, I did that too....
1. Do we have any public comment by CFIUS on this other than they would act as overview? None of this seems practical
2. Is there anything codified in law or practice that would make one think that the CCP would operate differently than the 2-3 year old documents? I would rather have a public record for the work that TikTok did to close these specific requisition pathways, rather than assuming a lift and shift will do that work.
3. I gave Signal as an ideal example of a communication platform. For social media, definitely would agree that substantial data protection reform would be ideal over litigating individual platforms. But where that is not available, might as well hold documented avenues of espionage to scrutiny.
4. Do you have any proof of the motivational aims of a political entity that harvested hours of global internet traffic for the purposes of mass collection, via CT's misadvertisements 2015-2017? I don't think it is necessary to demonstrate this, mass collection as an activity is self-propagating, and that seemed to be our takeaway with the US as an operator, so I don't see why this wouldn't apply elsewhere.
5. What source talks about Aurora as though it was a single insider? The MFE side of the story I always heard was that it was credential harvesting followed by pivot to a subversion instance that wasn't locked down, but you do you.
6. Is there a reason you try to characterize TikTok logging and metadata solely as influencer content? It's 16th on Alexa, around LinkedIn and Reddit. There's considerable traffic data by virtue of this alone.
1. CFIUS is very good at implementing mitigation plans, and Treasury does not enter into them unless they are enforceable. Lots of good firms around the Beltway to help. Most of the Project Texas tech leaders are former USG officials who understand the issues better than anyone in Congress or who has not actually looked at the details of the secure enclave. 2. This is Bytedance , not "CCP". Bytedance is a private sector company, that has one subsidiary that includes a small shareholding by the government. This does not have anything to do with TikTokUS, which is a separate corporate entity. There should be information about the corporate structures of Bytedance and TikTokUS if you know where to look. And yes, the world is quite different than 2-3 years ago. Plus, the controls that a full up Project Texas would provide, would ensure that there were mechanisms for monitoring access, etc. it is not that hard to implement access controls. In any case, the past examples were all completely understandable, as engineers in China obviously maintained some access to data outside China, this is typical for all multinational corporations, and the examples the media gave were pretty lame, and almost certainly funded by TT US rivals. Always know your sources and their motivations as a security professional. 3. Not sure what "documented avenues of espionage" you are referring to. There have been none in the case of TIkTokUS. And the way to address concerns again, is via Project Texas, secure enclave, third party audits. No other social media company is doing this. 4. The CT diversion was never proven to be deliberate, and was much more likely the result of misconfigurations at the router level. In any case, there are lots of other ways to collect this kind of information, and other governments may also be interested, ask the USG, or Google Echelon. 5. I know all the details about Aurora, but will not talk about them in this context, very different issue, and clearly a high value target, unlike TT videos. 6. Have you ever used the app? Or know people who are using it for 5 hours a day? Social media in general turns out to be pretty weak gruel either for understanding who matters, or targeting disinformation. People tend to stay in their information bubbles, and are also sensitive to information they are not interested in. TT users are probably even more sensitive to this, given how good the algorithm is. Given the many many other sources of data that would be more interesting, if I were a security professional, i would not approve any effort to use TT for anything serious, understanding who uses the platform and for what. Pretty good idea to start there before worrying about "insiders."
Not sure what you men by "neither TT nor their contractors have taken steps to assure the public." If Project Texas were to be completed, and it has not/not been completed, even though the security professional tech bros at CFIUS think it is a sound technical solution, then TT would be in a position to explain it to the public. Without a full approved mitigation strategy, this cannot happen, which is not at all surprising. In the meantime, people on TV everyday are citing 2 or 3 year old examples of people in China having access to data, well duh, Project Texas was not in place 2/3 years ago and would need to be completed before the controls were in place. Has any other social media company even contemplated setting up such as system? The answer of course is no, so if you really cared about insider jobs and user data, then you would be advocating for a US data security law and equal treatment of all social media companies. The Aurora intrusions as you may or may not recall, was an insider job. On the locational data, are you serious arguing that the CCP is interested in tracking the movements of teenagers making videos on Tiktok? The IC concern about data hoarding is based on mirror imaging and in any case, the concern is way overblown, as Mueller addresses nicely in the IGP piece. US government workers probably should not be using TT or ANY social media, and that has already happened to a large degree because of rules against government workers using TT on their work phones. The idea that the CCP is going to hoard data on teenage video influencers for some future nefarious purpose is just not the way the real world works, trust me, I did that too....
1. Do we have any public comment by CFIUS on this other than they would act as overview? None of this seems practical
2. Is there anything codified in law or practice that would make one think that the CCP would operate differently than the 2-3 year old documents? I would rather have a public record for the work that TikTok did to close these specific requisition pathways, rather than assuming a lift and shift will do that work.
3. I gave Signal as an ideal example of a communication platform. For social media, definitely would agree that substantial data protection reform would be ideal over litigating individual platforms. But where that is not available, might as well hold documented avenues of espionage to scrutiny.
4. Do you have any proof of the motivational aims of a political entity that harvested hours of global internet traffic for the purposes of mass collection, via CT's misadvertisements 2015-2017? I don't think it is necessary to demonstrate this, mass collection as an activity is self-propagating, and that seemed to be our takeaway with the US as an operator, so I don't see why this wouldn't apply elsewhere.
5. What source talks about Aurora as though it was a single insider? The MFE side of the story I always heard was that it was credential harvesting followed by pivot to a subversion instance that wasn't locked down, but you do you.
6. Is there a reason you try to characterize TikTok logging and metadata solely as influencer content? It's 16th on Alexa, around LinkedIn and Reddit. There's considerable traffic data by virtue of this alone.
1. CFIUS is very good at implementing mitigation plans, and Treasury does not enter into them unless they are enforceable. Lots of good firms around the Beltway to help. Most of the Project Texas tech leaders are former USG officials who understand the issues better than anyone in Congress or who has not actually looked at the details of the secure enclave. 2. This is Bytedance , not "CCP". Bytedance is a private sector company, that has one subsidiary that includes a small shareholding by the government. This does not have anything to do with TikTokUS, which is a separate corporate entity. There should be information about the corporate structures of Bytedance and TikTokUS if you know where to look. And yes, the world is quite different than 2-3 years ago. Plus, the controls that a full up Project Texas would provide, would ensure that there were mechanisms for monitoring access, etc. it is not that hard to implement access controls. In any case, the past examples were all completely understandable, as engineers in China obviously maintained some access to data outside China, this is typical for all multinational corporations, and the examples the media gave were pretty lame, and almost certainly funded by TT US rivals. Always know your sources and their motivations as a security professional. 3. Not sure what "documented avenues of espionage" you are referring to. There have been none in the case of TIkTokUS. And the way to address concerns again, is via Project Texas, secure enclave, third party audits. No other social media company is doing this. 4. The CT diversion was never proven to be deliberate, and was much more likely the result of misconfigurations at the router level. In any case, there are lots of other ways to collect this kind of information, and other governments may also be interested, ask the USG, or Google Echelon. 5. I know all the details about Aurora, but will not talk about them in this context, very different issue, and clearly a high value target, unlike TT videos. 6. Have you ever used the app? Or know people who are using it for 5 hours a day? Social media in general turns out to be pretty weak gruel either for understanding who matters, or targeting disinformation. People tend to stay in their information bubbles, and are also sensitive to information they are not interested in. TT users are probably even more sensitive to this, given how good the algorithm is. Given the many many other sources of data that would be more interesting, if I were a security professional, i would not approve any effort to use TT for anything serious, understanding who uses the platform and for what. Pretty good idea to start there before worrying about "insiders."