March 7, 2023
Nearly half of federal government agencies have now banned the use of popular app TikTok while the Albanese government awaits further security advice in the wake of bans overseas by Australia's closest allies.
A Canberra Times analysis of 137 federal agencies and entities can reveal TikTok is prohibited on mobile devices across at least 66 workplaces with others signalling they were in the process of reviewing whether staff should access the app.
It comes as pressure mounts on the federal government to address the app's cyber risks as Home Affairs Minister Clare O'Neil awaits imminent department advice on social media platforms.
Treasurer Jim Chalmers last week said the advice from national security agencies on TikTok hadn't changed despite bans on government devices in the European Union, Canada and US.
Concerns have been raised about whether users' location and contact data are accessible by the Chinese government through the app's parent company, the Chinese-owned ByteDance.
Liberal senator James Paterson, who released his own survey on Monday showing 25 agencies had prohibited TikTok's use, is calling for government-wide ban on all federal government devices, adding that Australia is " falling dangerously behind" other countries.
Experts also warn the app's algorithms could be manipulated to push narratives through amplifying specific content.
Drawing on responses to The Canberra Times from agencies and answered questions on notice, the analysis shows whether a public servant would, or would not, be able to use TikTok depending on where they worked.
Some departments, like Prime Minister and the Cabinet, Education and Agriculture, outright banned downloading the app with smaller portfolio agencies also being prohibited due to their reliance on the department's ICT arrangements.
But nearly one in five of the agencies surveyed allowed staff to download and access the app on work devices.
Of the 16 federal departments, just three - Industry, Infrastructure and Veterans' Affairs - allow the app to be installed on work devices.
Four agencies - Australian Institute of Health and Welfare, Bureau of Meteorology, Comcare and the Department of Veterans' Affairs - said they were actively in the process of reviewing whether the app should remain accessible.
The bureaucracy's restrictions come after US President Joe Biden issued a new directive to all US federal agencies giving them 30 days to delete the app from government devices.
Ms O'Neil said she will consider the recommendations of a review being prepared by the Home Affairs Department
It's expected to be handed to the minister's office later this month.
Meanwhile, the Attorney-General's Department, who is the policy owner for the federal government's cyber risk approach, said its role wasn't to determine the rules for other agencies.
"In accordance with the Protective Security Policy Framework, each agency deploys restrictions to its ICT solutions and services that are consistent with its business requirements, risk settings and security policy," the department responded in a question on notice.
Senator Paterson said exceptions could be granted for agencies, like Tourism Australia or the National Gallery of Australia, who used the app for marketing or outreach purposes but central advice was necessary.
"It doesn't have to be a government-wide ban but at the moment, there's no clear direction centrally from government," Senator Paterson said on Monday.
"It appears that individual departments and agencies are making their own decisions about that. And it's not clear that that's informed by the best advice and that they're considering that advice."
A TikTok spokesperson said it was aware the federal government restricted the use of TikTok on work devices but added it applied to other social media apps.
"As a global company, we are not unique in how we operate. Some of the best-known and trusted Australian companies, including banks and telcos, openly state in their privacy policies that they share Australian user information with employees and third parties around the world, including China," the spokesperson said.
"These organisations often collect sensitive data like financial information, medical records, legal information and more. The TikTok app collects less data than many popular mobile apps.
"Our community's safety and privacy is our top priority, and we continue to be diligent in ensuring we meet, or exceed, the data security standards applied to companies that operate in Australia."
The ban on some public servants using the app on work devices is not new.
The ABC first reported in early 2020 that TikTok was not allowed to be installed on Defence Department devices.
The restriction was extended to staff at the Home Affairs Department the following year.
Questions on notice to Senator Paterson last month revealed a number of agencies have since applied their own bans on staff downloading the app to work phones, citing technology policies and risk assessments.
Australian Strategic Policy Institute China analyst Fergus Ryan says it's time for the government to issue a sector-wide direction given the risks posed.
"I think there should be a uniform rule about this," Mr Ryan told The Canberra Times.
"It doesn't really make sense to me why there would be such a patchwork approach to the problem."
TikTok was revealed to have been spying on a Forbes journalist in December after she published a series of exposes on the app.
The company fired US and Chinese employees, who had improperly attempted to use the journalist's IP address to ascertain which sources she had been meeting with.
Mr Ryan said it showed the same could be done for bureaucrats.
"There's plenty of evidence to demonstrate Beijing's insatiable thirst for data to compile from, [including] various instances of hacking, of databases, data sets that can be used for intelligence and security purposes," he said.
But cyber security expert Vanessa Teague says the focus should be more broadly on all Australians, whose personal data is at risk.
"I think anything that is gathering up massive quantities of data about lots of Australians is a potential national security risk," Dr Teague said.
"This whole engine of privacy breach and manipulation - which we think of as a great thing for Western capitalism - is actually a really bad thing.
"Maybe it's a good thing if the idea that it's all going back to China suddenly wakes us up to what a bad thing it is across the board."
