FBI Director warns of potential Chinese gov’t exploitation of TikTok
Jonathan Greig November 15, 2022

FBI Director warns of potential Chinese gov’t exploitation of TikTok

FBI Director warns of potential Chinese gov’t exploitation of TikTok

The director of the FBI warned Congress on Tuesday about the ways the Chinese government may weaponize the popularity of social media giant TikTok in its favor.

FBI Director Christopher A. Wray appeared alongside Department of Homeland Security Secretary Alejandro Mayorkas and National Counterterrorism Center Director Christine Abizaid to testify at a House Homeland Security Committee hearing on worldwide threats. 

The hearing ranged from fiery discussions about the southern border to issues surrounding cybersecurity. Rep. Diana Harshbarger (R-TN) focused her questions on TikTok, which is currently being reviewed by the Treasury Department’s Committee on Foreign Investment in the U.S. (CFIUS) over potential national security concerns

Harshbarger asked Wray whether the FBI has been involved in the review and about the agency’s view of the app’s safety. 

“We do have national security concerns from the FBI’s end about TikTok. They include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices which gives the opportunity to potentially technically compromise personal devices,” he said.

Wray pledged to give more details but said he preferred to do so in a classified briefing. He did note that the FBI Foreign Investment Unit is working with CFIUS on the review. 

Harshbarger and Wray spoke at length about a recent 60 Minutes piece that highlighted the massive differences in how TikTok operates in China compared to elsewhere. 

Wray said the app was a “threat to our youth online” and said the concern around it was illustrative of how the Chinese government uses its laws as a weapon against companies. 

The FBI director claimed that under Chinese law companies are “required to essentially do whatever the Chinese government wants them to, in terms of sharing information or serving as a tool of the Chinese government.”

“That’s plenty of reason by itself to be concerned.”

TikTok spokeswoman Brooke Oberwetter told The Record that they cannot comment on the specifics of their discussions with the U.S. government but said the company is “confident that we are on a path to fully satisfy all reasonable U.S. national security concerns.”

Mayorkas grilled on cybersecurity

Mayorkas was pressed on several issues related to the Cybersecurity and Infrastructure Security Agency (CISA), which operates within DHS. 

He kept many of his answers vague but made sure to tout CISA’s partnerships with the private sector and the recently published cyber performance goals.

He was asked about the timeline for when CISA will publish rules detailing how critical infrastructure companies and operators should report breaches. A spending bill signed into law by President Joe Biden earlier this year included a measure giving CISA up to two years to publish an interim cyber incident reporting rule, as well as an additional 18 months to issue a final rule.

Mayorkas would not give a timeline for the rules but noted that they have created a council and are working with other agencies in the U.S. and internationally to harmonize potential requirements. Monday was the deadline for private industry comments about the potential rules. 

Rep. Yvette Clarke (D-N.Y.) asked whether the Cyber Safety Review Board – which recently finished its review of the Log4j controversy – would be authorized by Congress considering it was created through a Biden executive order. Mayorkas said that DHS supports the authorization of the review board but would not say what it will focus on next.

The head of DHS also faced questions from Rep. Andrew Garbarino (R-N.Y.) about a “Continuity of the Economy” plan, which will address how the American economy would be “restored” in the event of a cyberattack. 

The fiscal year 2021 National Defense Authorization Act requires the president to submit a plan by Jan. 1, 2023. Two weeks ago, Garbarino sent a letter to the White House demanding more information, and he said he has not heard from CISA or DHS about what the plan may entail. Mayorkas said he had no information and that he would follow up on the issue after looking into it. 

CISA did not respond to requests for comment. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.