One of the biggest stories in tech policy, right now, is that governments all over the world are banning TikTok on government devices. There are concerns about Chinese state access to the information on those devices, and on wider systems, enabled by TikTok’s background software.
As always, I Have Opinions on this, and for good reason.
First off, I’m personally familiar with the paranoia that China creates: after all, as a university student in the 90s, in Washington DC, I interned for Republicans. (Look, they paid twice as much as Democrats, and there’s only so much spaghetti a young woman can eat.) Those people saw an international global conspiracy in every corner hot dog vendor. I’m not joking. I was paid better-than-spaghetti money to spend 20 hours a week scouring Lexis/Nexis databases to find the evidence they needed to support the conclusions they’d already arrived at, and to stand at the fax machine doing the “fax blast”, sending out the pundits’ weekly digest of their enlightened opinions on the imminent Chinese menace to every journalist and policymaker they’d ever encountered, whether those people wanted those enlightened opinions or not.
25 years later, in a very different world, that’s not to say that there isn’t a real and valid political problem now, and there isn’t a real risk building for the future balance of power. And that’s not to say that there aren’t valid issues about Chinese state access to Douyin assets.
But there’s something I find frankly bizarre about a grand global panic, caused by one single app, whipped up by people who might just want to pause and think about things closer to home:
specifically, in their home.
For one simple example, I wonder if anyone – politician, staff, or pundit – who has railed against TikTok, as a cipher for grand global geopolitics, has ever checked the privacy settings on their Samsung TV.
As I have to do every bloody time there’s a firmware update and the privacy settings reset, necessitating two hours of manually opting-out of several hundred adtech vendors, all default opted in by both consent and legitimate interest, including this one:
That’s Yandex, the Russian company, with an active surveillance beacon in your living room, double opted-in, for ten years.
Here’s a longread on Yandex, in Wired, and how their relationship with the Russian government has changed in recent years, specifically in the past twelve months, and very much without their consent or in their legitimate interest.
And if you want to read that, here’s the consent dialogue on Wired, detailing the hundreds of trackers they use to monitor your reading of that article about a company which has a tracker in your living room.
Now, I’m not picking on Wired here – I love it! I subscribe to the paper magazine and read it in the garden! I stream the podcast! But: this is the business model of much of modern journalism.
So I’m going to use them as an example. Let’s review what the back-end technology on that site, and on your smart telly, is doing.
Technology which has absolutely nothing to do with the delivery of ads:
- Storing and accessing information on your devices, such as what other apps you use and who is in your contact lists
- Using precise geolocation data to determine where your devices are, by the metre
- Actively scanning your devices for identification, meaning who you are identifiable to your device
- Matching and combining on- and off-line data sources, meaning linking your device characteristics to external databases, provided by largely unregulated data brokers, with information about your offline life
- Linking different devices, meaning noting what else is on your network (phones, laptops, smart speakers, IoT devices, etc) and who else uses that same network – say, your family on your home wifi or your teammates in your office; with the same scanning of those devices
- Receiving and using automatically-sent device characteristics for identification, meaning a constant exchange of data to make sure you are still you
And only after all of that, the adverts and the adtech tracking.
Now think of that in the context of a government employee who is using a device to read a news story. Or stream a cheeky episode on their lunch break. Or do pretty much anything in the year 2023.
Need a visual example? Here’s a tree graph showing a popular UK newspaper’s surveillance footprint. (It takes a while to load. You’ll see why.) That is par for the course: to deliver ads, they also deliver a payload of device identification, scanning, and surveillance.
Even on government devices.
That’s assuming a public sector employee even has one, and isn’t using a personal device. You should never assume that.
In fact, talk to any given network administrator and they’ll probably tell you that they are far more worried about online newspapers, and their device surveillance engines, violating their systems’ content security policies tens of thousands of times per hour, than they are about a vast Chinese conspiracy to surveil your team via drain cleaning videos.
But not only do politicians not have a problem with the device surveillance engine which powers everything we read and every programme we watch:
they bend over backwards to work within that system; to the extent that the Conservatives have made policy announcements behind newspaper paywalls, monetised for the newspapers’ profit with over a thousand device surveillance trackers (as detailed above).
And all of a sudden these same policymakers care about one company potentially installing the exact same surveillance that has never once bothered them anywhere else, tens of thousands of times a day;
except when they’re railing against the popups which tell them that both state and private surveillance of their devices, and teams, and homes, and families, is happening, right in front of their faces.
If only they cared about what happens in their own homes as much as they do about courting headlines, and feeding the beast in the process.
This suggests that a UK data company sold a list of visitors of opposition sites from a Russian data broker via a subsidiary of a US data broker.
AiData, the Russian data broker, is still in operation. Like its US/EU counterparts, it claims to have data on the whole population. pic.twitter.com/nqEyBUi43W
— Wolfie Christl (@WolfieChristl) June 14, 2023
For those who don’t see what I was getting at in this post, please consider one simple word: