March 20, 2024
Rules around handling apps that may pose national security risks will not be finalised until later this year despite calls to protect Australians amid concerns over the capacity of popular Chinese-owned platforms such as TikTok and Temu to harvest the data of users.
The Home Affairs Department is developing a framework to address “vendor-based national security risks” that will go to the Government for consideration in the second half of 2024 and has brought forward a review of the data broker ecosystem.
Shadow home affairs minister James Paterson said the test of the new policy would be whether adequate protections were afforded to Australian consumers.
“It is welcome the Albanese Government is finally contemplating the serious national and cyber security risks presented by high-risk vendors from authoritarian countries,” said Senator Paterson, who is also the Coalition’s cybersecurity spokesman.
“But these threats have been obvious since the wide deployment of risky products like CCTV cameras, drones and software in government agencies was exposed.
“The true test of this new policy will be whether any action is taken to protect Australians using apps like TikTok, as our allies are seeking to do.”
The US House of Representatives last week passed a bill that would force ByteDance to sell TikTok or be banned — and in Australia, the opposition has called for the country to copy the US if a ban is enforced.
The Home Affairs Department is also developing a voluntary cybersecurity code of practice for app stores and app developers that is being co-designed with the industry — although a timeline for the code’s introduction has yet to be determined.
“The concerns about the security of Australians’ data on apps are well-known and are not limited to one platform,” a Home Affairs spokesperson said.
“While these measures are under development, the Department of Home Affairs is continuing to assess Australia’s security policy settings to ensure they remain fit for purpose against known and emerging threats.”
The Federal Government has banned bureaucrats and politicians from having Tiktok on government-issued devices due to the security risk from the breadth of data it can access but has not moved on any other apps.
Australian Strategic Policy Institute senior analyst Fergus Ryan said the main risks of TikTok were the app’s capacity to manipulate political discourse in Australia and that its Chinese-based developers could access the data of Australian users.
“There are communist party committees embedded in the company [ByteDance],” he said.
“The founder of ByteDance has stated publicly and plainly it’s his intention to use ByteDance apps to further the propaganda goals of the Chinese Communist Party.”
In 2018 ByteDance founder Zhang Yiming said the company would deepen “cooperation with authoritative [official party] media, elevating distribution of authoritative media content, ensuring that authoritative [official party] media voices are broadcast to strength”.
Mr Ryan said Chinese national security laws required companies, including TikTok owner ByteDance and Temu owner PDD Holdings, to cooperate with CCP security agencies while prohibiting them from publicly disclosing whether they had accessed the data.
“So when TikTok says we have never handed any data over to the Chinese state we can’t really trust that,” he said.
“They would legally not be able to talk about it.”
Former ByteDance executive Yintao Yu alleged the company had what was known as a “superuser” or “god” credential that allowed a special committee of CCP members to view all the data collected by its apps, in filings in the San Francisco Superior Court. ByteDance dismissed the claims as “baseless”.