September 5, 2022
PETER STEFANOVIC: Joining us live now is the Shadow Cyber Security Minister, James Paterson. Minister, good to see you. Thanks for your time. We've spoken a fair bit about this over the last, I don't know, year or so, but it's still there, it's still prevalent. So, what do you make of the moves made by Clare O'Neil on this space?
JAMES PATERSON: Peter, I absolutely welcome the announcement from the Minister yesterday that she is seeking advice from the Department of Home Affairs about how to best address social media apps who are based in authoritarian countries like China, which includes TikTok and WeChat and others like Didi, which has also received some coverage in the media today. Because it is a recognition that while there is privacy and cyber security risks with all social media apps, we shouldn't pretend that apps which are located in rule of law, free, liberal democracies like the United States, pose exactly the same risk as those that are located in authoritarian countries like China. Because as we've discussed before, if you are headquartered in China, you, as a company and your employees are subject to China's intelligence and national security laws, and that means that you have to comply with their requests for you to cooperate, and you have to keep that cooperation secret. And now that we know, as we discovered a few months ago, that TikTok Australian user data is accessible and has been accessed in China, that means it does fall into the hands of potentially Chinese intelligence agencies and the Chinese Communist Party and all Australians, and all parents of young children on these apps should be concerned about that. So, I really welcome the fact that the government has acknowledged this problem, that they're seeking advice about it. That is the first step and it's a good step.
STEFANOVIC: What can they do from here, though? What change could be made from it?
PATERSON: Well, there's a full range of possibilities here, Pete. From, at the low end of the spectrum, some regulation around privacy and data storage and access, to the moderate end around regulating for foreign interference risk, to the high end to potentially, if they cannot be successfully mitigated with lower end regulations, banning some social media apps if the risk that they pose to national security is unacceptable. I have to say I am concerned that the Minister, Clare O'Neil, has already pre-emptively and prematurely ruled out this option before she's even seen the advice from her own department. I think she should really wait until she sees that advice and she should be open-minded about what course of action is necessary. We have to keep all the options on the table here. Hopefully these problems can be solved with, you know, targeted regulation. But if it can't be solved, then I think we have to consider all options.
STEFANOVIC: There are a lot of users in Australia though. I mean some kids are spending their whole lives on it. I don't have a TikTok account, but a lot of people are making some pretty good coin out of it. So, so getting rid of the app entirely, you'd have to think that it's not going to happen.
PATERSON: Well, Peter, it's precisely because there are so many uses on Australia that we need to take this really seriously. That's 7 million Australians whose data is being harvested and potentially stored and accessed in China. That's 7 million Australians whose biometric information is being collected and stored. That's 7 million Australians who are able to be influenced covertly by foreign interference campaigns which TikTok makes absolutely no effort to eradicate, absolutely no effort to identify, absolutely no effort to disclose or be transparent about. So, that's exactly why we do need to take it seriously, simply because there are so many people on it and because so many of those people are young.
STEFANOVIC: So, what kind of, for those who are watching now, what data are they taking that people might not be aware of?
PATERSON: Well, one of the alarming reports that came out recently was a piece of analysis by a firm called Internet 2.0, which is an Australian based firm. And they found that TikTok was collecting a range of information that was really strictly not necessary for the operation of the app, including regularly pinging the location of the device in which the app is installed regularly, seeking to access the full contact book of users of that device, even doing things like trying to map out all the other apps on the phone, on the device, and checking all the WiFi's that the phone had previously logged in to. And this extraordinary level of data collection. Another report found that the in-app browser in TikTok, so if you click on a link within TikTok, that that in-app browser was potentially recording every single keystroke that you then entered into that in-app browser and that there was no way to get out of that TikTok ecosystem into a normal browser like Safari or another one. And what that means is that if you entered a password in or a credit card in while you're in that TikTok ecosystem that that could be stored and accessed by TikTok, including by its employees in China. I mean, these are deeply disturbing revelations about the security practises of this company, and we need to take it very seriously.
STEFANOVIC: Fair enough too. James Paterson, always good to have you on. We'll talk to you soon.
ENDS
