While the proposed U.S. ban of the social media app TikTok may seem novel, its actually just the most recent high-profile incident in a string of cases of countries banning products or services over alleged cybersecurity concerns. The authors have studied more than 75 such events involving more than 31 countries going back almost 20 years. They suggest that the current trend should worry any business with an international scope, and suggest thatbusiness executives need to not only follow the best practices to improve the cybersecurity of their digital product and services, they must also prepare for political risks. Managers, as well as consumers, may encounter extreme disruptions to international trade.
Earlier this summer, the U.S. government announced it was considering banning Chinese social media apps, including the popular app TikTok. In August, President Trump signed two executive orders to block transactions with ByteDance, TikToks parent company, and Tencent, which owns the popular messaging service and commercial platform WeChat, andanother executive orderrequiring ByteDanceto sell or spin off its U.S. TikTok business within 90 days, as well as to destroy all its copies of TikTok data attached to U.S. users. As companies including Microsoft, Walmart, and Oracle have expressed interest in buying the app,TikTok is suing the U.S. government, accusing the Trump administration of depriving it of due process.
The proposed ban, according to the Trump administration, is intended to safeguard the privacy of U.S. citizens and shield data about them and government officials from the Chinese government. Trumps August 6 executive order claims TikTok could allow China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage. But, is TikTok really a threat? And if it is, what are the possible consequences of these actions by the U.S.?
As researchers who have studied similar bans on technologies, we believe that this chain of events could have sweeping impacts on the business community, which will likely not be confined to the tech sector.
If data collection by a company with overseas connections comprises a threat, there are threats all around. The data that TikTok collects pales in comparison to, say, what most American tech companies (as well as banks, credit agencies, and hotels) collect, both visibly and less so. Many institutions that collect sensitive data have already been hacked it is estimated that there is a cyber attack every 39 seconds and much of that information is for sale on the Dark Web. If the Chinese government wanted the kind of information TikTok could collect, it could be obtained in many other ways.
What will likely prove a more pressing threat to U.S. customers is much more low-tech: Setting a precedent of banning everyday technologies could quickly spiral out of control and seriously disrupt almost all international trade.
While the case against TikTok may seem novel, its actually just the most recent high-profile incident in a string of cases of countries banning products or services over alleged cybersecurity concerns. In our research, we have studied more than 75 such events involving more than 31 countries going back almost 20 years, though most occurred in the past five years. For example, in 2017, Germany bannedMy Friend Carly a doll from the U.S. that you could talk to you because the conversation was processed by servers in the U.S. In 2016, Russia blocked access to LinkedIn, stating that LinkedIn refused to store personal data of Russian users in Russia. In 2017 U.S. blocked the Russian security company Kaspersky over its alleged ties to the Russian government.
These cases build on a trend of high-profile bans, such as when China blocked Facebook, Twitter, and Google (2009), and when BlackBerry was banned or threatened with a ban in India, Pakistan, Saudi Arabia, and United Arab Emirates (2010).
Because any product that contains a computer or service that uses a computer nowadays just about everything can introduce cybersecurity risks, the frequency and impact of these events is increasing. (My electronic toothbrush has a computer in it and is connected to the Internet.) Examining the millions of lines of software or firmware in these products and services is not currently feasible, therefore decisions are made based on the perceived risks, which can be impacted by factors such as trust and capability to manage cybersecurity risks. There have been restrictions imposed on products and services as diverse as: medical devices, videoconference services, software products, security software, social media, security cameras, banking IT systems, drones, smartphones, smart toys, online content services, satellite communications, AI software, and financial services such as international fund transfers and payment systems.
According to the Organization for Economic Cooperation and Developments Digital Trade Service Restrictiveness Index, 13 of the 46 majority economies have increased their digital trade restrictions between 2014 and 2019, while only four countries reduced their restrictions.
In general, there are four strategies for managing risks: accept, avoid, mitigate, and transfer. There aremany practical options that countries and companies can adopt to manage cybersecurity risks from cross-border digital products/services. Unfortunately, banning products is becoming increasingly common and doesnt appear to be a particularly sustainable strategy.
The proposed ban reinforces a growing belief that America is no longer the leading guarantor of global business, but rather a potential threat to it a notion that is profoundly reshaping the world economy and threatening American businesses. TikTok and WeChat both have massive user bases (800 million and close to 1.2 billion, respectively). Removing WeChat from the Apple Store could cause Apples iPhone sales to fall by around 30% according to one prominent analyst. In an August call with White House officials, more than a dozen major U.S. multinational companies raised concerns that banning WeChat could undermine their competitiveness in the Chinese market.
The second-order cost of sabotaging the international business environment with these policies could be much higher:86% of companies in the U.S.-China Business Council have reported experiencing negative impacts on their business with China. The biggest impact was lost sales because customers shift their suppliers or sourcing due to uncertainty of continued supply. Companies worried about a U.S. ban may just initiate aDe-Americanization plan to remove or replace U.S. components in their products and supply chains. For example, in February 2019, WorldFirst, a U.K-based international money transfer service that many big Amazon sellers relied on, closed its U.S. business as a precursor to its acquisition by Chinese-based Ant Financial. This was considered the only way to avoid U.S. regulators blocking the deal over national security concerns. On the other hand, the Chinese company Hikvision found alternatives to most of its U.S. components so that being added to the U.S. trade blacklist had a limited impact on its business.
Business executives need to realize that in addition to following the best practices to reduce the perceived cybersecurity risks from their digital product/services, preparing for political risks is also necessary. TikTok implemented several practices to mitigate the risks, including: storing U.S. user data in the U.S. and backing it up on Singaporean servers, blocking access to its data from its mother company ByteDance, hiring an American CEO and operations team, beefing up its lobbying team, withdrawing from Hong Kong based on the concerns over Chinas new national security law, launching a transparency center for moderation and data practices in Los Angeles, banning political and advocacy advertising from its platform, and setting up a global headquarters outside of China. TikTok and its employees are preparing to battle the ban in separate lawsuits.
Though these practices have not yet helped TikTok to void the ban, they will probably be major arguments in its lawsuit against the U.S. Furthermore, these practices may be important directions that all companies might need to follow for doing international business in the new normal to address concerns over cybersecurity risks.
In reality, banning is more likely to increase not reduce risk, because it builds up distrustamong countries and companies. Other countries may retaliate by banning U.S. companies and the situation could rapidly spiral.
In recent years, governments have tried to increase their ability to access the data contained on these devices and services. For example, WhatsApp advertises that it secures your conversations with end-to-end encryption, which means your messages and status updates stay between you and the people you choose. But, several times, most recently in October 2019, the U.S., UK and Australia have applied pressure on Facebook to create backdoors that would allow access to encrypted message content. So far, Facebook and WhatsApp have refused. If such backdoors are allowed and become commonplace, then every Internet-connected device will essentially be a spy device and likely be banned by every other country.
The abuse of national security threat is snowballing and leading to an escalating trade war that could disrupt world trade. We saw a similar situation caused by the Smoot-Hawley Tariffs in the 1930s. The goal was to protect U.S. farmers and other industries that were suffering during the Great Depression by raising tariffs and discouraging import of products from other countries. But, not surprisingly, almost all of the U.S. trade partners retaliated and raised their tariffs. That resulted in U.S. imports decreasing 66%and exports decreasing 61% making the Great Depression much greater. In general, there are rarely winners in trade wars, and probably not in cyber trade wars.
Acknowledgement: This research was supported, in part, by funds from the members of the Cybersecurity at MIT Sloan (CAMS) consortium and the MIT Internet Research Policy Initiative. Both authors contributed equally.
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020
- The 6 key races you haven't heard of that may help decide how we secure our elections - POLITICO - September 30th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - Unica News - September 30th, 2020
- Study finds over 4-in-10 WFH employees in SEA find it hard to switch-off after work - Backend News - September 30th, 2020
- 5 Ways to Secure Your Home Network - The Good Men Project - September 29th, 2020
- How To Make Peace With Your Internet Passwords - Forbes - September 29th, 2020
- Five Types of Cyber Security for Organizational Safety - Analytics Insight - September 29th, 2020
- Internet of Things (IoT) Security Market Competitive Research and Precise Outlook 2020 to 2027 - The Daily Chronicle - September 29th, 2020
- IT Security Spending Market Analysis highlights the Impact of covid-19 (2020-2026) | Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - September 29th, 2020
- Schrdingers Web offers a sneak peek at the quantum internet - Science News - September 29th, 2020
- Counter-Terrorism: Raiders Of The Lost Cache - Strategy Page - September 29th, 2020
- Trending 2020: Internet of Things (IoT) Security Market Analysis, Size, Trends and Forecast to 2025| Cisco Systems, Intel Corporation, IBM Corporation... - September 29th, 2020
- IoT coffee machine hacked to demand ransom - IT PRO - September 29th, 2020
- Show me who bans TikTok and I'll show you your (future) allies | TheHill - The Hill - September 27th, 2020
- Lokibot keylogger infections are growing across the internet - Komando - September 27th, 2020
- Evasive Malware Threats on the Rise Despite Decline in Overall Attacks - Infosecurity Magazine - September 27th, 2020
- Internet of Things Security Market size, development, key opportunity, application and forecast to 2026 | Check Point Security Software Technologies,... - September 27th, 2020
- Fears mount over Russian and Chinese hackers targeting the 2020 U.S. presidential election - CNBC - September 27th, 2020
- Internet of Things (IoT) Security market to Witness Increase in Revenues by 2016-2028 - Crypto Daily - September 27th, 2020
- How to leave no trace on the internet when using a VPN? - Techiexpert.com - TechiExpert.com - September 27th, 2020
- 2020 Demand In Internet of Things (IoT) Security Market By Key Types, Regions, Countries, Top Companies Competition, Consumers, Import-Export Forecast... - September 27th, 2020
- How the Pandemic Pushed a Generation of Americans to Discover the Perks (and Risks) of Online Banking - NextAdvisor - September 27th, 2020
- IT Security-as-a-Service Market 2020 By Manufacturers, Regions, Type And Application, Forecast To 2025| Blue Coat, Cisco, IBM, Intel Security,... - September 27th, 2020
- APT groups actively target Linux-based workstations and servers - Backend News - September 27th, 2020
- Critical steps for securing cyberspace - Microsoft on the Issues - Microsoft - September 27th, 2020
- Proven ways to stay ahead of configuration drift - ITProPortal - September 27th, 2020
- Global Embedded Security For Internet Of Things Market 2020 Trends Analysis and (COVID-19) Effect Analysis | Key Players Market With COVID-19 Impact... - September 27th, 2020
- Internet of Things (IoT) Security Technology Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19... - September 27th, 2020
- REMOTE WORKING: PROGRESS AND PERILS - Forbes Africa - September 27th, 2020
- Avoid scam 'DMV' websites | Sedona.Biz - The Internet Voice of Sedona and The Verde Valley - Sedona.biz - September 27th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020