Those who were anticipating a disruption of WeChat and TikTok got some good news over the weekend.
On Sunday, a judge in San Francisco temporarily blocked a ban on the communications and social-media app WeChat ordered Friday by President Donald Trump. A separate administration order banning the video-sharing service TikTok from app stores was delayed by a week after the Chinese owners agreed under pressure from Washington to sell an ownership stake to several U.S. companies.
But if the bans on TikTok and WeChat are reimposed, the U.S. will quickly learn that it will take more than a White House order to make them stick. And while the bans were ordered in the name of national security to block Chinese government entities from using them against Americans, they could actually create security problems of their own.
WeChat is a vital service for many Chinese-speaking Americans who keep in touch with friends and family overseas, and it’s unreasonable to expect passive compliance during a global pandemic. In the event of a ban, the apps would remain available in app stores outside the U.S. Motivated users have already begun using virtual private networks to redirect internet traffic through an international router, making it appear as though the user is accessing content from a different geographical location.
While a VPN can circumvent location-based restrictions, widespread use leads to a new set of security concerns. There are hundreds of different VPN services, and many of the free providers make money by collecting and selling data accumulated by tracking all the internet traffic that the user was trying to keep private. The most popular providers are headquartered outside of the Five Eyes surveillance alliance (Australia, Canada, New Zealand, the U.K. and the U.S.) to avoid government data requests.
It’s bad enough when big tech companies harvest sensitive information; it’s even worse if the data is held by a sketchy service provider on a foreign server. The fact that VPN servers filter private communications make them a prime target for hackers — even reputable VPN providers have been attacked.
Another possible outcome is that after an app is removed from official app stores, users will try to obtain new versions through a non-official storefront, a process known as side-loading. This presents security risks as well — both Apple and Google screen for security exploits before listing an app in their stores, but unofficial sites provide no such protections.
Epic Games learned this lesson the hard way in 2018, when the company removed the wildly popular social game Fortnite from the Google Play Store to avoid Google’s 30 percent take on app purchases. The company encouraged players to instead download it from the Epic Games website. Immediately, dozens of impostor sites sprang up offering fake apps filled with spyware.
TikTok’s collection of user data might be a legitimate U.S. national security concern given the relationship of Chinese companies to their government, but at least there is some degree of accountability. Just wait until there are millions of young people running malware-infested apps. Trying to side-load sanctioned apps is like trying to get a drink in the Prohibition era, when nobody could know whether that bottle of moonshine was diluted with paint thinner or some other poison.
TikTok has over a hundred million users, many of whom are young and ambivalent toward the current U.S. administration. The war on drugs should teach that any attempt to prohibit a popular and addictive activity sends the illicit thing underground while encouraging shady enterprises to spring up.
The best way to discourage undesirable behavior is not through authoritarian measures, but to foster competing alternatives.
For example, it’s possible that the decline in teenage drug use in recent decades has not been due to criminalization, but because young people have found social media to be an effective anti-drug. And maybe the current popularity of TikTok is due to the fact that schools are closed, shopping malls are dead, sporting events are cancelled and people are socially isolated.
Even if the proposed bans on TikTok and WeChat never materialize, the threats may have already been sufficient to prompt users to develop a backup plan.
The Trump administration has expressed concern about the data-security protocols of gaming companies involving WeChat’s owner Tencent Holdings Ltd., and China is putting together its own list of unreliable entities. It’s good for individuals to have control over their devices, but potentially bad for national security.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the editor responsible for this story:
Jonathan Landman at firstname.lastname@example.org