Earlier today it was announced that WhatsApp, popular for its encrypted messaging service, is filing a lawsuit against the Indian government over new laws that will apparently “fundamentally undermine people’s right to privacy.” The new laws will essentially break end-to-end encryption on its platform—which keeps communications on the app private and inaccessible to outside parties.

The new laws were passed in February and were due to come into effect on 15 May 2021. Once in action, 400 million Indian users who use the Facebook-owned messaging service will instead have their messages stored in a “traceable” database, giving the government the power to identify and take action against any person sending content that is ruled “unlawful.”

However, encryption is not just used for ‘unlawful’ activity, protecting encryption is also about protecting democracy. The legislation may also impact innocent Indian citizens. WhatsApp has stated that tracing messages would be ineffective and susceptible to abuse—forcing the handing over of the names of people who shared something they didn’t create meaning innocent people may be caught up in investigations. The company filed a lawsuit to the Delhi courts on 26 May 2021, on the basis that the new laws are unconstitutional and essentially a violation of Indian citizens’ rights to privacy.

A statement issued online by WhatsApp about its stance on traceability said, “WhatsApp deployed end-to-end encryption throughout our app in 2016, so that calls, messages, photos, videos, and voice notes to friends and family are only shared with the intended recipient and no one else (not even us).”

The statement continued: “Traceability is intended to do the opposite by requiring private messaging services like WhatsApp to keep track of who-said-what and who-shared-what for billions of messages sent every day. Traceability requires messaging services to store information that can be used to ascertain the content of people’s messages, thereby breaking the very guarantees that end-to-end encryption provides. In order to trace even one message, services would have to trace every message.”

This is not an isolated incident. The legal battle is just another example of tech companies, which have seen a huge growth in Indian users over the last decade, clashing with the Indian government using heavy-handed measures in an attempt to regulate the online sphere. 

Indian Prime Minister, Nadendi Modi, and his government have already pushed for censorship on Twitter when they demanded the site to remove anti-government tweets related to the farmer’s protests earlier this year.  Likewise, the government has attempted to remove recent tweets in relation to India’s handling of the COVID-19 pandemic. Facebook and Instagram have also been requested to remove anti-government posts concerning COVID-19. These actions are reportedly on the basis that they could cause “panic” however, only some of these requests have been approved.

TikTok, the short-form video app that’s reached more than 2 billion downloads in April 2020 has become the number one social network for gen Z. And while there are a lot of issues with TikTok, from its racist content moderation to its compliance in spreading hate and violence in India, the app has an even bigger problem it won’t be able to avoid soon: its ties to China. We look at the short-form video app and the data privacy problems it represents to explain to you why you should be wary of what you post on it.

TikTok originated as Musical.ly, a very similar app where young teens would post short videos of themselves lip-synching to accelerated pop songs, which was launched in 2014. After a few years of success, Musical.ly was bought by the Chinese internet company ByteDance in 2017 and relaunched as TikTok. In August 2018, ByteDance migrated all the Musical.ly accounts over to TikTok, allowing the app to start with an already impressive number of users (around 680 million monthly active users).

Since then, TikTok just kept on growing, making ByteDance the world’s most valuable startup, estimated to be valued at $110 billion. Over the past two years, TikTok has become the defining social media app of gen Zers around the world.

Technically, TikTok is owned by the Chinese company ByteDance, not China nor its government. But this question is understandable considering the app has been accused of censoring content that mentioned topics sensitive to the Communist Party of China.

It all started with an investigation published by The Guardian in September 2019, which revealed leaked documents that showed TikTok instructing its moderators to censor videos that mentioned topics such as the Tiananmen Square protests, the Tibetan independence, the religious group Falun Gong, and many others—in short, any topic considered sensitive by the Chinese government.

The Guardian’s investigation was conducted after the Washington Post noticed that a search for Hong Kong-related topics on TikTok showed zero content about the ongoing pro-democracy protests. This topic, which was highly covered on other social media platforms at the time, clearly seemed to be censored on the Chinese-owned app.

In October 2019, Senator Marco Rubio called for an investigation into whether TikTok poses a national security risk to the US. In a letter addressed to US Department of Treasury Secretary Steven Mnuchin, Rubio wrote “These Chinese-owned apps are increasingly being used to censor content and silence open discussion on topics deemed sensitive by the Chinese Government and Community Party. The Chinese government’s nefarious efforts to censor information inside free societies around the world cannot be accepted and pose serious long-term challenges to the US and our allies.”

Shortly after this, two other US senators followed suit. Senators Chuck Schumer and Tom Cotton called for a “rigorous assessment” of the potential national security risks of TikTok by US intelligence officials. Both expressed concern that the app could be a target of foreign influence campaigns like those during the 2016 election and made the point that Chinese companies are required to adhere to Chinese law, which grants the government a worrying access to the data of private companies.

The letter addressed to acting Director of National Intelligence Joseph Maguire read “Without an independent judiciary to review requests made by the Chinese government for data or other actions, there is no legal mechanism for Chinese companies to appeal if they disagree with a request.”

These three demands were finally heard in November 2019, when the federal Committee on Foreign Investment in the United States (CFIUS), which investigates potential national security implications of foreign acquisitions of US companies, announced it would be launching a review of ByteDance’s acquisition of Musical.ly.

While the specifics of the investigation are kept secret, a source familiar with the matter told the New York Times that the US government had evidence of TikTok sending US user data to China. TikTok denied these allegations. In October 2019, the company published a blog post titled Statement on TikTok’s content moderation and data security practices which stated that it keeps all US user data in the US, along with using a backup server in Singapore. TikTok also precised that none of it is subject to Chinese law.

“Let us be very clear: TikTok does not remove content based on sensitivities related to China. We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period. Our US moderation team, which is led out of California, reviews content for adherence to our US policies – just like other US companies in our space,” reads the statement.

TikTok has said the lack of political content on the social media app is only related to its audience’s interests and demands. According to the app, TikTokers mainly use it for positive and joyful entertainment rather than politics. But as we’ve seen in India for example, the app’s content regulation (or lack of) resulted in the spread of racist and violent messages against specific groups.

TikTok’s moderation guidelines faced further scrutiny in November 2019 when it suspended student Feroza Aziz’s account for posting a 3 videos about the Chinese oppression of its Uighur Muslim population. TikTok claimed it did not suspend Aziz’s account for its content but said instead her videos were removed due to a human moderation error.

Just after that, the German publication Netzpolitik leaked some of the app’s moderation guidelines that showed moderators are instructed to label any political content as either “not recommended” or “not for feed,” meaning videos can’t show up on a user’s For You page or will be more difficult to discover in TikTok’s search.

While the app’s moderation guidelines seem to have slightly changed over the months, TikTok still presents problems in the way it regulates content. In TikTok’s early days, censorship was strong as the app attempted to keep the content ‘light and fun’. As the platform started taking off in new markets, it said it began working to empower local teams. And yet, still to this day, many videos are being censored for what seems to be the wrong reasons.

Remember when everyone freaked out after it was revealed that the ageing app FaceApp was based in Russia? People were worried the user data the app collected could be used for other purposes. And although it should be said that perhaps it is time we all start worrying about the many apps we use on a daily basis, not just the ones based in China and Russia, well TikTok should be first on that long list.

A 2017 Chinese law requires Chinese companies to comply with government intelligence operations if asked, which means that companies based in China can do close to little should the government request to access data.

Keeping this in mind, another problem appears. Should the Chinese government get access to TikTok’s user data, it remains unclear exactly what the Chinese Communist Party might do with it. As analyst at the Australian Strategic Policy Institute Samantha Hoffman told The Verge “China collects bulk data overseas and then uses it to help with things that relate to state security like propaganda and identifying public sentiment to understand how people feel about a particular issue. It’s about controlling the media environment globally. Once you have control, you can use it to influence and shape the conversation.”

It is known that China holds great control over what its citizens can (and cannot) access online. So, what if it had the chance to control other countries’ content? Could it then also influence and shape the conversation? That’s exactly why TikTok’s owner company ByteDance being China-based is a problem—for the US but also for other countries.

While this might sound like another conspiracy theory to some, history has shown us that the Chinese government doesn’t always mobilise its forces to harm freedom of expression straight away. Instead, it waits until something threatening happens to take actions.

In March 2020, Reddit user Bangorlol made a comment in a TikTok thread where he claimed to have successfully reverse-engineered the app and shared what he learned about the Chinese video-sharing social network. He strongly advised people to never use the app again, warning them about TikTok’s intrusive user-tracking and other issues.

According to Bangorlol, TikTok would be collecting information about its users including the apps installed on their phones, any information about their own network, locations and more. This recent claim could confirm older ones made by US college student Misty Hong in December 2019.

Hong had filed a lawsuit against TikTok for allegedly transferring her private data to servers in China. Data included users’ locations, ages, private messages, phone numbers, contacts, genders, browsing histories, phone serial numbers and IP addresses. Though a previous version of TikTok’s privacy policy stated that user data could be sent to China, the suit alleges that the company did so even after that policy changed.

Hong also claimed that she downloaded the app in 2019 but never made an account. Instead, she said the app automatically created one for her by using her phone number and creating a file of videos that she never posted, including a scan of her face. TikTok would have then transferred that information to two servers in China, bugly.qq.com and umeng.com, the former of which is owned by Tencent, owner of the Chinese social network WeChat, and the latter is owned by Chinese e-commerce giant Alibaba.

Back to 2020 and ByteDance has slowly started shifting TikTok’s power away from China.

At the end of May 2020, ByteDance announced that Disney’s Kevin Mayer would become TikTok’s new CEO in a move to shift its centre of power away from China. The company also transferred global decision-making and research capabilities out of its home country, expanded TikTok’s engineering and research and development operations in Mountain View, California, by hiring more than 150 engineers there according to Reuters.

These changes came at a time of heightened tension between the US and China over trade, technology and the COVID-19 pandemic, as well as the intense scrutiny of TikTok.

Although ByteDance has recently made a series of moves to transfer TikTok’s centre of power away from China, it could still be forced to sell off the video-sharing app. In 2016, when the dating app Grindr was sold to the Chinese company Kunlun, CFIUS then determined in March 2019 that its ownership caused a national security risk. In March 2020, Kunlun sold Grindr for about $608.5 million to San Vicente Acquisition.

As the world awaits for more changes in TikTok’s content moderation approach as well as its Chinese ownership, there’s only one thing you can do as a user in order to protect your personal data: review the app’s privacy policy. Stopping yourself from using the app completely might also help, but we won’t ask that of you.