July 11, 2023
Major consultancy firms servicing the Australian government should ban TikTok on work-issued devices to mitigate the risk of foreign interference, espionage and data compromises of sensitive government information.
Following the Australian government’s decision on 4 April to ban TikTok from government devices over national security concerns, I have written to major consulting firms with significant government contracts requesting that they too ban the application from work-issued devices that interface with government clients, or to explain why they chose not to ban TikTok.
I have asked EY, KPMG, Deloitte, Accenture, Boston Consulting Group and McKinsey to clarify their policies regarding the use of TikTok on devices of employees who are working with government clients. On May 9, The Australian Financial Review reported PwC had prohibited the use of TikTok on partner or staff owned devices if the employee was working with federal or state government clients.
Banning TikTok from federal-issued devices was critical to protect government information from serious espionage and data security risks. The decision followed my months-long campaign pushing the government to ban the application – a decision ultimately taken by every one of our Five Eyes partners.
Concerningly, the government direction to ban TikTok from Commonwealth devices does not extend to external government contractors. This creates a loophole where third party devices that have TikTok installed can interface with government information.
This loophole effectively leaves the backdoor open for hostile activity that could expose sensitive Australian government information to foreign interference, espionage and data compromises.
Private firms with significant exposure to government information should comply with Australian government protective security practices, including the Attorney-General’s Department direction on the TikTok application.
While some firms are moving in the right direction, more needs to be done to urgently close this loophole which puts Australia’s national security at risk.
The Coalition is calling on the Albanese government to make clear that suppliers of lucrative government contracts must adhere to robust data security practices to protect government information.
• On 17 June 2022, Buzzfeed published leaks including a number of recordings from TikTok in the United States which revealed US user data was accessible and has been accessed by ByteDance employees in China, contrary to the promises of the company.
• On 27 June 2022, nine Republican Senators wrote to TikTok US seeking clarification about US user data following the Buzzfeed story.
• On 30 June 2022, TikTok US CEO Shou Zi Chew replied to the Senators and acknowledged that “Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data..”
• On 3 July 2022, Shadow Minister for Cyber Security Senator James Paterson wrote to TikTok Australia seeking the same clarifications. TikTok previously assured Australians in a letter to all parliamentarians in July 2020 that Australian user data would be stored in the United States and Singapore and would never be provided to the Chinese government.
• On 12 July 2022, TikTok Australia replied to Senator Paterson’s letter and acknowledged Australian user data is also accessible in mainland China, but continues to deny they would provide that data to the Chinese government.
• On 13 July 2022, Senator Paterson wrote to the Minister for Cyber Security Clare O’Neil urging her to investigate the full range of regulatory responses necessary to protect the private information of Australians who use the platform.
• On 18 July 2022, Internet 2.0 publicly issued a report on TikTok data harvesting that found TikTok checks device location at least once an hour, continuously requests access to contacts even if the user originally denies, maps a device’s running apps and all installed apps, and more.
• On 4 September 2022, it was reported that Home Affairs Minister Clare O’Neil had ordered her department to investigate TikTok’s data harvesting.
• On 26 September 2022, Senator Paterson tabled an Order for the Production of Documents for correspondence between TikTok and the Home Affairs Ministers. The Senate agreed to Senator Paterson’s OPD.
• On 28 October, 7 November, 8 November and 28 November 2022, Senator Paterson questioned government officials about the security of TikTok.
• On 20 October 2022, Forbes published an alarming report that TikTok’s parent company ByteDance planned to use TikTok to monitor the physical location of specific US citizens
• On 21 October 2022, Senator Paterson wrote to the Prime Minister raising concerns about the alarming report in Forbes, and urged the Albanese government to bring forward necessary legislative steps to protect Australians online.
• On 22 December 2022, Forbes reported that ByteDance had confirmed it used TikTok to monitor journalists’ physical location using their IP addresses.
• On 29 December 2022, US President Joe Biden signed a spending bill containing a provision to ban TikTok on all federal government devices
• In January 2023, Senator Paterson launched an audit through Questions on Notice to every federal government and agency asking whether employees were permitted to download TikTok on work-issued devices.
• On 28 February 2023, the White House announced it was giving federal agencies 30 days to remove TikTok from government devices.
• Following a review by Canada’s chief information officer, Canada announced a ban of TikTok from all federal-issued devices on 28 February 2023
• On 6 March 2023, Senator Paterson publicly released the results of his audit which revealed a haphazard and inconsistent approach to banning the app, with many agencies and departments permitting it.
Question Time on 9 March 2023, Senator Paterson asked the Minister representing the Minister for Home Affairs why the Albanese government had not banned TikTok from federal devices. Minister Watt confirmed that the Attorney-General was seeking advice.
• On 16 March 2023, the UK announced a ban of TikTok from all government devices.
• On 17 March 2023, The Age reported on a detailed submission to the Senate Committee on Foreign Interference Through Social Media by Rachel Lee, Prudence Luttrell, Matthew Johnson and John Garnaut exposing the extensive links between TikTok and the Chinese Communist Party, including that ByteDance’s Communist Party secretary is also the company’s editor-in-chief.
• On 17 March 2023, New Zealand announced it will ban TikTok on all devices with access to its parliament by the end of the month.
• On 20 March 2023, The Australian reported Home Affairs Minister Clare O’Neil said any decision to have the app officially deleted would be applied through the Attorney-General’s office.
• On 4 April 2023, the Secretary of the Attorney-General’s Department issued a directive under the Protective Security Policy Framework to prevent the use of TikTok on government devices.
• On 9 May 2023, The Australian Financial Review reported PwC had prohibited the use of TikTok on partner or staff owned devices if the employee was working with federal or state government clients.
• On 24 May 2023, Senator Paterson wrote to major consulting firms with significant government contracts asking them to ban the application from devices of employees working with government clients.