WASHINGTON, May 26, 2023 — With lawmakers ramping up their rhetoric against TikTok, industry and legal experts are divided over whether a ban is the best solution to balance competing concerns about national security and free speech.

Proponents of a TikTok ban argue that the app poses an “untenable threat” because of the amount of data it collects — including user location, search history and biometric data — as well as its relationship with the Chinese government, said Joel Thayer, president of the Digital Progress Institute, at a debate hosted Wednesday by Broadband Breakfast.

These fears have been cited by state and federal lawmakers in a wide range of proposals that would place various restrictions on TikTok, including a controversial bill that would extend to all technologies connected to a “foreign adversary.” More than two dozen states have already banned TikTok on government devices, and Montana recently became the first state to ban the app altogether.

TikTok on Monday sued Montana over the ban, arguing that the “unprecedented and extreme step of banning a major platform for First Amendment speech, based on unfounded speculation about potential foreign government access to user data and the content of the speech, is flatly inconsistent with the Constitution.”

Thayer contested the lawsuit’s claim, saying that “the First Amendment does not prevent Montana or the federal government from regulating non expressive conduct, especially if it’s illicit.”

However, courts have consistently held that the act of communicating and receiving information cannot be regulated separately from speech, said David Greene, civil liberties director and senior staff attorney at the Electronic Frontier Foundation.

“This is a regulation of expression — it’s a regulation of how people communicate with each other and how they receive communications,” he said.

Stringent regulations could protect privacy without suppressing speech

A complete ban of TikTok suppresses far more speech than is necessary to preserve national security interests, making less intrusive options preferable, said Daniel Lyons, nonresident senior fellow at the American Enterprise Institute.

TikTok is currently engaged in a $1.5 billion U.S. data security initiative that will incorporate several layers of government and private sector oversight into its privacy and content moderation practices, in addition to moving all U.S. user data to servers owned by an Austin-based software company.

This effort, nicknamed Project Texas, “strikes me as a much better alternative that doesn’t have the First Amendment problems that an outright TikTok ban has,” Lyons said.

Greene noted that many online platforms — both within and outside the U.S. — collect and sell significant amounts of user data, creating the potential for foreign adversaries to purchase it.

“Merely focusing on TikTok is an underinclusive way of addressing these concerns about U.S. data privacy,” he said. “It would be really great if Congress would actually take a close look at comprehensive data privacy legislation that would address that problem.”

Greene also highlighted the practical barriers to banning an app, pointing out that TikTok is accessible through a variety of alternative online sources. These sources tend to be much less secure than the commonly used app stores, meaning that a ban focused on app stores is actually “making data more vulnerable to foreign exploitation,” he said.

TikTok risks severe enough to warrant some action, panelists agree

Although concerns about suppressing speech are valid, the immediate national security risks associated with the Chinese government accessing a massive collection of U.S. user data are severe enough to warrant consideration of a ban, said Anton Dahbura, executive director of the Johns Hopkins University Information Security Institute.

“Will it hurt people who are building businesses from it? Absolutely,” he said. “But until we have safeguards in place, we need to be cautious about business as usual.”

These safeguards should include security audits, data flow monitoring and online privacy legislation, Dahbura continued.

Thayer emphasized the difference between excessive data collection practices and foreign surveillance.

“I think we all agree that there should be a federal privacy law,” he said. “That doesn’t really speak to the fact that there are potential backdoors, that there are these potential avenues to continue to surveil… So I say, why not both?”

Lyons agreed that TikTok’s “unique threat” might warrant action beyond a general privacy law, but maintained that a nationwide ban was “far too extreme.”

Even if further action against TikTok is eventually justified, Greene advocated for federal privacy legislation to be the starting point.  “We’re spending a lot of time talking about banning TikTok, which again, is going to affect millions of Americans… and we’re doing nothing about having data broadly collected otherwise,” he said. “At a minimum, our priorities are backwards.”

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, May 24, 2023 – Debate: Should the U.S. Ban TikTok?

Since November, more than two dozen states have banned TikTok on government devices. Montana recently became the first state to pass legislation that would ban the app altogether, and several members of Congress have advocated for extending a similar ban to the entire country. Is TikTok’s billion-dollar U.S. data security initiative a meaningful step forward, or just an empty promise? How should lawmakers navigate competing concerns about national security, free speech, mental health and a competitive marketplace? This special session of Broadband Breakfast Live Online will engage advocates and critics in an Oxford-style debate over whether the U.S. should ban TikTok.

Panelists

Pro-TikTok Ban

• Anton Dahbura, Executive Director, Johns Hopkins University Information Security Institute
• Joel Thayer, President, Digital Progress Institute

Anti-TikTok Ban

• David Greene, Civil Liberties Director and Senior Staff Attorney, Electronic Frontier Foundation
• Daniel Lyons, Nonresident Senior Fellow, American Enterprise Institute

Moderator

• Drew Clark, Editor and Publisher, Broadband Breakfast

Anton Dahbura serves as co-director of the Johns Hopkins Institute for Assured Autonomy, and is the executive director of the Johns Hopkins University Information Security Institute. Since 2012, he has been an associate research scientist in the Department of Computer Science. Dahbura is a fellow at the Institute of Electrical and Electronics Engineers, served as a researcher at AT&T Bell Laboratories, was an invited lecturer in the Department of Computer Science at Princeton University and served as research director of the Motorola Cambridge Research Center.

Joel Thayer, president of the Digital Progress Institute, was previously was an associate at Phillips Lytle. Before that, he served as Policy Counsel for ACT | The App Association, where he advised on legal and policy issues related to antitrust, telecommunications, privacy, cybersecurity and intellectual property in Washington, DC. His experience also includes working as legal clerk for FCC Chairman Ajit Pai and FTC Commissioner Maureen Ohlhausen.

David Greene, senior staff attorney and civil liberties director at the Electronic Frontier Foundation, has significant experience litigating First Amendment issues in state and federal trial and appellate courts. He currently serves on the steering committee of the Free Expression Network, the governing committee of the ABA Forum on Communications Law, and on advisory boards for several arts and free speech organizations across the country. Before joining EFF, David was for twelve years the executive director and lead staff counsel for First Amendment Project.

Daniel Lyons is a professor and the Associate Dean of Academic Affairs at Boston College Law School, where he teaches telecommunications, administrative and cyber law. He is also a nonresident senior fellow at the American Enterprise Institute, where he focuses on telecommunications and internet regulation. Lyons has testified before Congress and state legislatures, and has participated in numerous proceedings at the Federal Communications Commission.

Drew Clark (moderator) is CEO of Breakfast Media LLC. He has led the Broadband Breakfast community since 2008. An early proponent of better broadband, better lives, he initially founded the Broadband Census crowdsourcing campaign for broadband data. As Editor and Publisher, Clark presides over the leading media company advocating for higher-capacity internet everywhere through topical, timely and intelligent coverage. Clark also served as head of the Partnership for a Connected Illinois, a state broadband initiative.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTube, Twitter and Facebook.

See a complete list of upcoming and past Broadband Breakfast Live Online events.

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.   

WASHINGTON, May 16, 2023 – Sector specific agencies, federal departments responsible for infrastructure protection activities in a designated critical infrastructure sector, are prepared to address cybersecurity concerns across various industries, said witnesses at a House Energy and Commerce Committee hearing on Tuesday. 

Malicious actors are targeting U.S. infrastructure, said witnesses. In 2021, President Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020. 

In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

The Administration for Strategic Preparedness and Response addresses increasingly sophisticated and frequent attacks on hospital and public health centers by providing each hospital with personalized and specific instruction on mitigation and disaster response best practices. 

Cyberattacks on hospitals have a negative effect on the surrounding area similar to that of a natural disaster, claimed Brain Mazanec, deputy director of the Office of Preparedness at ASPR. There have been more than double cyber-attacks on hospitals from 2016 to 2021, he said. 

The Environmental Protection Agency is responsible for addressing water system cyberattacks, said David Travers, director of Water Infrastructure and Cyber Resilience Division at EPA. The EPA’s Evaluating Cybersecurity guidance is intended to assist states with building their own secure systems for water and sewer systems.  

It is essential that sector specific agencies develop strong relationships with sectors under their jurisdiction well before disastrous incidents occur, said Puesh Kumar, director of the office of cybersecurity at the Energy Security and Emergency Response at the Department of Energy. 

The Energy and Commerce Committee also participated in a markup of the Energy Emergency Leadership Act Tuesday which would amend the Department of Energy Organization Act to elevate the leadership of the DOE’s emergency response and cybersecurity functions. 

“Establishing assistant-secretary leadership at the department will reflect the importance of managing this threat,” said Subcommittee on Energy, Climate, and Grid Security Chair Jeff Duncan. 

The Act passed on unanimous vote to report to the full committee without amendment. 

Duncan also emphasized the importance of a strong domestic supply chain, calling for a “‘Made in America’ system for nuclear fuel” in order to “give the domestic industry the market certainty they need to invest and build out the necessary infrastructure.”

On June 27, Broadband Breakfast’s Made in America Summit will examine energy infrastructure and international supply chain issues in depth.