The decision of the Australian government to ban TikTok on devices issued to employees is a recognition of the dangers to national security posed by the app. For millions of people worldwide, TikTok is a popular social media site that allows them to upload their favourite video clips. Ranging from just three seconds to ten minutes, the videos are shared by a multitude of people each day, of which 40 per cent are aged 16 to 24. In addition to individuals sharing their activities, the platform is used by businesses to promote their products.

Unknown to the vast majority of people who use TikTok, the platform collects almost everything they store on their mobile phone or similar device. When obtaining the app, most users skip over the pages of terms and conditions. If they had bothered to wander through the legalese, they would have discovered that they had agreed to sharing almost everything they had engaged on their device.

TikTok collects a vast range of information from the mobile phones of its users. There is a suite of general data, such as personal details including name, age, username, password and the user’s phone number and location. Then there is more detailed information including the content of messages as well as when they were sent and read and by whom. Videos, images and texts on the user’s clipboard are also collected.

Thirdly, there is information that few would have thought about: purchase details, including credit card numbers used for payment, and other billing and shipping information. Information about activities on other websites and apps and products and services purchased can also be collected, as well as file names and types.

Finally, TikTok is able to collect information on keystroke patterns and related rhythms, the IP address, time settings, biometric information including voice and faceprints and cookies. Even data embedded in images can be collected and used by TikTok.

TikTok therefore has available to it not just the user’s identifying data, but the actual digital usage and patterns of usage. If this data was securely stored and protected from scrutiny and interference by others, it might be acceptable. But the reality is far different.

In testimony before a US congressional committee last week, the chief executive of TikTok Shou Zi Chew of ByteDance, the company that owns TikTok, admitted that some personal data of Americans was subject to Chinese law. His insistence that this would change is worthless, as the CCP regards data, like any other property, as ultimately subject to the regime’s control. As the FBI Director Chris Wray has said, ‘the difference between the private sector and the public sector… is nonexistent in the way the CCP operates’.

In July 2022, TikTok admitted in a letter to Senator James Paterson that Australian user data is accessible in mainland China which is a problem because China’s National Intelligence Law requires Chinese people and companies to assist its intelligence agencies and to keep that assistance secret.

Equally the insistence that TikTok is not owned or controlled by the Chinese government ignores the same fact. The operation is connected to servers located in China. Independent research reveals that the company has close connections with the regime. It is why agencies such as the UK National Cyber Security Centre have warned about the use of Tik Tok on devices used by government officials, including members of parliament. Bans have been established in a number of countries including the UK and France.

Access to the data allows TikTok to target individuals based on their patterns of usage, preferences and interests. This has potentially far-reaching consequences for the conduct of elections in democratic nations. The FBI Director confirmed recently that the Chinese government has the ability to control the software of millions of devices with the TikTok app. A Radio Free Asia report in August 2022 revealed that PLA-created videos on how to organise riots had been distributed via Tik Tok to Americans likely to participate in Black Lives Matter and Antifa protests

The Chinese regime has already been accused of interference in the political process in various democratic nations. Revelations discussed previously in this column about CCP interference in the Canadian elections – initially rejected by Prime Minister Trudeau – are now being investigated. Trudeau has announced the appointment of a special investigator to determine if a public inquiry is necessary. A Canadian parliamentarian has resigned from Trudeau’s Liberal party caucus after being accused of involvement in Chinese political interference.

Closer to Australia, the outgoing president of the Federated States of Micronesia, David Panuelo, claimed in a letter to the nation’s congress that China had committed espionage in Micronesian waters, bribed local politicians and attempted to undermine the nation’s sovereignty. It follows claims of CCP bribes to Solomon Islander politicians.

The Inter-Parliamentary Alliance on China – an international cross-party group of legislators working towards reform on how democratic countries approach China – said three weeks ago it, ‘was deeply troubled by reports of cyber-attacks on politicians and others strongly linked to the government of the People’s Republic of China.’

‘These attacks form part of a well-established pattern of intimidation and infringement of personal liberty by entities controlled by PRC state organs. Attacks on foreign legislators merely serve to illustrate the depths to which the Communist party of China will sink to exert control and suppress dissent, extending even to foreign nationals.’

‘This form of cyber intimidation is not new. Diaspora groups no longer living in China have suffered severe and sustained cyber-attacks and related transnational repression for years.’

The Centre for Cyber Security Belgium has linked China-sponsored hackers, named ‘APT31’, as being most probably behind the cyber ‘spear phishing attack’ on prominent Belgian politician Samuel Cogolati. The cyber-attack occurred around January 2021 when he wrote a resolution to warn of ‘crimes against humanity’ against Uighur Muslims in China.

Cogolati was drafting the resolution when he received an email from a fake news organisation claiming to have information on human rights abuses in China. The email attack he received was in the form of a spear phishing campaign, in which an attacker designs an email to target a specific group of victims. Cogolati vowed to shed full light on the extent of China’s cyber-attacks against Belgium. A Belgian parliamentary hearing in May 2021 with Uighur victims had to be postponed after the parliament was shut down by a mass cyber-attack.

Cyber-attacks on the Australian parliament have been documented previously, as has an attack on the emails of Western Australian parliamentarians. The CCP use of TikTok is another instrument in its hybrid war on the West.