The Australian government has banned TikTok from all public service devices, claiming the app poses “significant protective security risk” to the Commonwealth.
Attorney-General Mark Dreyfus announced on Tuesday he had authorised a mandatory direction to ban the TikTok social media app from any device issued by a Commonwealth department or agency.
State and territory governments are expected to also enact the same ban, while a number of high-profile politicians have said they will ditch the app entirely.
TikTok Australia management has claimed it was not informed about the ban before it was reported in the media, and denied claims it poses a security risk to the government.
The Australian government’s move now means that all of the Five Eyes nations have enacted similar bans on TikTok.
Australian Computer Society (ACS) President Dr Nick Tate welcomed the announcement from the government.
“It is heartening to see the government acting promptly on the advice of cyber security experts and our intelligence agencies,” he said.
“The security implications of TikTok on government and personal devices has been a concern for some time so it is important to be taking proactive steps.
“As we have seen over the past year, cyber security is a critical and rapidly evolving field and at ACS we are working with government agencies and ministers to ensure Australian data is kept as secure as possible.”
TikTok is owned by China-based company ByteDance. The concerns around its use centre on China’s National Intelligence Law, which requires all organisations and citizens to “support, assist and cooperate” with national intelligence efforts and to “protect national intelligence work secrets”.
The presence of this law has sparked fears that Chinese authorities could demand access to the data of TikTok users from around the world.
Ban incoming
Dreyfus said he authorised the ban following advice from intelligence and security agencies, and that it would be made through the Protective Security Policy Framework.
He said the ban would come into effect “as soon as practicable”, and that exemptions will be assessed on a case-by-case basis.
The ban applies only to Commonwealth-issued devices, and does not extend to the personal devices of public service workers or the general public.
The government order states that the presence of the TikTok app on government devices “poses a significant protective security risk to the Commonwealth”, and that Commonwealth entities must now prevent the installation of the app and remove it from existing government devices, unless there is a “legitimate business reason”.
These legitimate business reasons include if TikTok is needed to achieve a work objective, to conduct compliance and regulatory enforcement, or to reach a target audience for marketing or public relations.
Exemptions for these reasons will be approved by the Chief Security Officer, and a range of mitigations will need to be in place, including the use of a separate, standalone device and generic email addresses.
A number of state and territory governments have already announced that they will be following the Commonwealth orders, while Victorian Premier Daniel Andrews will also delete his popular TikTok account entirely.
Last to act
Australia is the last of the Five Eyes nations to enact such a ban on TikTok, after the United Kingdom and New Zealand made similar moves last month.
TikTok Australia’s general manager Lee Hunter has said the company was not informed of the ban before it appeared in the media on Tuesday morning.
“We’re extremely disappointed with this decision,” Hunter told ABC Radio.
“In our view this is driven by politics and not by fact. And we’re also disappointed with the fact that TikTok and the millions of Australians who use it every day will find out about this decision through the media, despite repeated efforts from our end.”
The ban has been welcomed by the Opposition, with shadow Cyber security Minister James Paterson criticising the government for waiting on the ban after he raised concerns in July last year.
“If the government acted when I first called for them to do so, Australia would have led the world tackling this cyber security threat, as we did when in August 2018 when we banned Huawei from our 5G network,” Paterson said.
“Instead, we are the last Five Eyes member to act.”
The Greens have criticised the ban, saying that it signals the start of an “endless game of online whack-a-mole” that misses the big risk.
“We’re in a data security and privacy crisis and we’re fixated on one platform,” Greens digital rights spokesperson David Shoebridge said.
“Banning TikTok from government devices is a publicity stunt which masks the fact our data is being exploited by every corporation that can get its hands on it.”
In other TikTok news, the company has been fined $23 million (12.7 million pounds) after the UK Information Commissioner’s Office found it had breached data protection laws by using the data of children aged under 13 years of age without parental consent.