Proton's CEO says a ban on TikTok in the United States is necessary, but the legislation needs tweaks to prevent government overreach.
As a PCMag security analyst, I report on security solutions such as password managers and parental control software, as well as privacy tools such as VPNs. Each week I send out the SecurityWatch newsletter filled with online security news and tips for keeping you and your family safe on the internet.
Full disclosure: I’m not really into TikTok. Like many social media platform early adopters, I created a TikTok account with a catchy username within the first few months of the app’s availability. But I’ve yet to post a video because as soon as the app started gaining popularity in the United States, I began to see warnings from various security experts about the app’s data collection policies.
During the previous presidential administration, lawmakers began discussing a broad ban on TikTok. I looked at TikTok’s many red flags, including spying on journalists, logging all your keystrokes and screen taps, and company engineers repeatedly accessing US user data. I privately agreed that a ban was probably a good idea. Earlier this year, US government agencies banned TikTok on government-issued devices.
After reading the proposed RESTRICT Act(Opens in a new window), I realized that the legislation in its current state gives a lot of power to the executive branch to determine which countries are labeled foreign adversaries, which is not ideal. Andy Yen, Proton’s chief executive officer, recently expressed similar concerns in a blog post(Opens in a new window).
I spoke with Yen via a video call about the RESTRICT Act’s potential for precedent-setting government overreach. Yen pointed out that TikTok and its parent company ByteDance follow the same business model as many American tech companies, such as Facebook and Google.
“These products are not designed with your best interests at heart,” Yen remarked. According to him, the tech industry’s business model relies on using consumer data to generate profits. “If you look at the specifics of what they collect and the things that they are using, yes, there’re a few areas where it’s a little bit worse, but fundamentally, the business model is the same,” Yen concluded.
For US lawmakers, TikTok’s “little bit worse” is the location of its parent company, ByteDance. ByteDance is a Chinese company, so it is subject to China’s national securities laws, which force the company to hand over data at the behest of the government. With US national security in mind, Senator Mark Warner (D-VA) proposed the RESTRICT Act in March of this year.
Yen told me he thinks the TikTok ban should be imposed, just not in its current state. Yes, Yen says, there is potential for government overreach, but it could be worse.
“To be honest, it’s not the worst piece of legislation I’ve seen,” Yen mused. “Compared to say, the Patriot Act, it isn’t that same level of problematic.”
Yen told me that, as written, the RESTRICT Act gives too much power to the US Secretary of Commerce (an unelected member of the executive branch of the US government) to designate countries as foreign adversaries online.
“You probably remember a certain President, President Trump, had a certain disagreement with the country of Denmark over the purchase of Greenland,” he noted. “If you politicize the definition of what is a foreign adversary and you make it the responsibility of an appointee, there are many ways in which this can potentially go wrong because there’s no congressional oversight.”
The second major issue Yen highlights are ambiguous penalties for private individuals outlined in the RESTRICT Act. He says that as written, the bill is unclear regarding what constitutes law-breaking for US citizens. He told me, “If I were to get a VPN and use it to access TikTok, I might be breaking the law.”
Yen said he and his colleagues at Proton “…spoke to Senator Warner just yesterday, and he confirmed that that’s not the intent of this legislation. If that’s the case, why not just make it a bit more clear to remove all doubts?”
The final issue for Yen is the problem the government will have when attempting to enforce the RESTRICT Act if the bill is passed. He told me that the current language in the bill makes it sound like the onus will be on internet service providers to block apps from specific countries, and it’s easy for tech companies to circumvent such restrictions.
To illustrate, Yen presented the following hypothetical scenario: “Let’s say the ISP blocks TikTok’s IP addresses, and TikTok tries to do something clever and begins to circumvent the blocks by changing their IPs. Then are you putting an obligation on ISPs to continue blocking because then the logical conclusion is basically building an American version of the Chinese Great Firewall. So you can see how enforcement of this law, if not properly specified, can easily go wrong.”
Yen proposed two key changes to the RESTRICT Act to make it clearer and more effective:
Members of the US Congress are voted into office by their constituents, while members of the executive branch, such as the Secretary of Commerce, are political appointees. As elected representatives, congressional members are, in theory, less subject to the whims of any one government figurehead. The idea is that with additional voices comes a diversity of opinions, which could prevent location-based online content censorship fueled by one person’s political agenda.
Yen told me that the ambiguous penalties for private citizens and corporations leave the RESTRICT Act open to interpretation by the courts. He says legislation requires specific rules and penalties to have a genuine impact because open-ended interpretations can lead to government overreach. He noted that various sanctions on Russia and Iran have long been in place in American legislation, and those include very specific guidelines for enforcement and penalties for breaking the law.
“For example, you could say that if you’re an app store that serves US customers, then you cannot be allowed to offer TikTok,” explained Yen. “That makes it difficult for American consumers to get access to it. You could also make it illegal for US banks, financial institutions, and payment processors to operate on the banned platform.”
The short answer: It’s up to you. We know that TikTok is collecting data about you, and the app’s parent company is required by law to turn over the collected data to the Chinese government upon request. If you must use the app, I recommend installing it on your private device rather than your work phone to mitigate the potential for widespread exposure in the event of a hack or data breach. People in prominent corporate positions or public figures should probably avoid TikTok altogether.
When I asked Yen if he had any advice for my TikTok-addicted friends and family, he said to stay anonymous on the app. Yen recommended downloading a Proton-owned app such as SimpleLogin or another email alias provider to create fake email addresses you can use when you sign up for apps and social media sites.
Using a fake email address is indeed a good tactic, and one of the many ways to throw off potential criminals while leaving a smaller digital footprint. For more ideas for taking back your digital privacy, check out PCMag’s list of ways to disappear from the internet completely.
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
Advertisement
As a PCMag security analyst, I report on security solutions such as password managers and parental control software, as well as privacy tools such as VPNs. Each week I send out the SecurityWatch newsletter filled with online security news and tips for keeping you and your family safe on the internet.
Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences. Yes, I know the rules of cricket.
Read Kim’s full bio
Advertisement
PCMag.com is a leading authority on technology, delivering lab-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
PCMag supports Group Black and its mission to increase greater diversity in media voices and media ownerships.
© 1996-2023 Ziff Davis, LLC., a Ziff Davis company. All Rights Reserved.
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.