Perhaps you’ve heard the story of the young girl walking along the seashore, who noticed hundreds of starfish that had washed up along the beach with the incoming tide. Knowing they would soon dry out in the hot sun and die, she quickly started picking them up and throwing them back into the sea. One by one, the starfish were returned to safety.
“What are you doing?” inquired a nearby fisherman.
“I’m saving the starfish,” the girl replied proudly. “If they don’t make it back into the water, they will die.”
The fisherman, shaking his head, looked at the girl and said, “You can’t possibly save all these starfish . . . there are so many you can’t even count them!” And then he asked, “What difference can you possibly make?”
The spunky girl, looking down at the sand, picked up another starfish and tossed it into the ocean. “It made a difference to that one!” she exclaimed.
-The Parable of the StarFish
The Federal Government has banned TikTok from all government devices. This was a rare instance of bipartisan cooperation. Both Republicans and Democrats increasingly are realizing the inherent dangers of TikTok to data privacy. TikTok's association with the Chinese Government has always been an issue for many. However, Cybersecurity Experts are warning that the TikTok mobile app is in fact a data collection tool capturing keystrokes and sending them to China. Recently Forbes reported that TikTok was tracking the locations of journalists with ties to China who were in America.
A number of states have banned TikTok from state government devices prior to this Federal ban.
The commentary I am reading is that there is now bi-partisan support for a complete ban on TikTok in the United States. I believe this will be federal law in 2023.
It is estimated that there are 138 million monthly users in the United States. Over 47% of those users are in the 10-29 age group.
Herein lies the problem. Your kids and many of your teachers are using this wildly popular application. It is spying on them and putting them and potentially you at risk.
I know it is like trying to hold back the ocean, but until the Federal Government bans or forces a Chinese divestiture of TikTok, you need to immediately warn your users to get off TikTok and remove the TikTok mobile apps from their mobile devices.
All of your users are using their personal mobile devices to access TikTok. That makes it impossible to use something like Meraki System Manager to track who has this app. My suggestion is to block 100% of the TikTok traffic in your district including all public wireless segments.
You should make it part of your AUP that TikTok apps cannot exist on any device doing multi-factor authentication.
When I look at my kids and say TikTok is bad, I get a blank stare. They don't get it. When I explain the spying and data collection, I get, "Well they probably already have all our information anyway so why does it matter?" In a "you are the product" mobile app world, there is some truth to that. However, this is bigger than, "We know you like Nike footwear and Starbucks and are a gamer". This directly intersects with personally identifiable information and credential theft.
Please do what you can to immediately start spreading the message and making TikTok inaccessible in your districts whether they do what you ask or not.
Hopefully, the Federal Government will provide some national relief to this security situation soon.
Until then start saving as many starfish as you can....
-Scott Quimby, CISSP