Why you should care
Personal data of police officers in Chinese hands could compromise security.
In July, an entire SWAT team of police in the north Indian state of Uttar Pradesh was transferred from their posts. Their transgression? The five police officers had filmed slow-motion action shots of themselves strutting purposefully toward the camera, cocking their guns and pretend-firing at invisible bad guys, using the video-sharing app TikTok. Staged against a high-voltage song, the cringe-inducing yet entertaining video went viral. Who could resist watching cocky cops making a spectacle of themselves while trying to look cool? But the top brass wasn’t amused. “We do not sanction unprofessional display of weapons and grotesque caricaturing of police,” the state police said in a statement.
Yet the SWAT team is hardly alone. India’s states and cities are grappling with a spree of police officers and other government employees who’ve shared videos of themselves, in uniform or while they are at work, on TikTok over the past few weeks. Launched in the country last August by China-based startup ByteDance, the app allows users to make and share videos of themselves against short audio bytes, often movie dialogue or songs. Available in 15 Indian languages, the videos are addictive to shoot and to share. Within a year, TikTok has gained 200 million users in India, of which 120 million are active every month. That’s sparking concerns — and pushback from India — over a lack of discipline within law enforcement agencies and around the security of information gleaned by the Chinese firm from its users.
In July, 24-year-old police constable Arpita Chaudhary in northern Gujarat was suspended after a 15-second TikTok video she made of herself lip-syncing to a Hindi song and dancing in the police station became a hit among her 16,000-odd followers. Things became even more embarrassing for the state force when a TikTok video surfaced of Manjita Vanzara, the 30-year-old assistant commissioner of police who had investigated Chaudhury. A constable in a women’s police station in Ahmedabad filmed herself dispensing cheeky one-liners. A junior officer in the city of Vadodara was moved from crime detection to traffic after a video of him, in uniform, lip-syncing inside the police station went viral.
If these vital details could be reaching China, then it is obviously a serious issue.
Amit Jaju, cybersecurity expert
A government-run hospital in Hyderabad has suspended two doctors for filming a TikTok video while at work. Four nurses in Malkangiri in the eastern state of Odisha have been asked to go on leave after they used the app to shoot a video in their hospital. And Delhi police in July launched a probe against two female constables after a video of them lip-syncing came to the attention of their superiors.
“Making these videos during work will distract them from discharging their duties,” says Anil Mittal, Delhi Police spokesperson.
Concerns over TikTok aren’t limited to India. Last year, Indonesia banned the app, accusing it of pornography and blasphemy. In February, the United States charged TikTok with collecting personal data of children under the age of 13 without the consent of their parents. The app has been fined $5.7 million by the Federal Trade Commission. In the United Kingdom, TikTok is under investigation for using personal data of young users. And last week, a lawyer filed a case at Lahore High Court seeking a ban on TikTok in Pakistan, citing that it is a source of pornography and vulgarity.
— Saurabh Trivedi (@saurabh3vedi) July 27, 2019
But India’s worries — and so its response — is unique. No other country has had to deal with such widespread concerns related to TikTok within the government, and in particular among law enforcement officers. After the instances in Gujarat, the state’s top cop, Shivanand Jha, had to issue a memo asking that all police personnel “not indulge in any act that would attract public criticism and tarnish the image of a disciplined police force.”
And the viral nature of TikTok videos, coupled with the security concerns because of the China link, make this about more than a bunch of stiff collars clamping down on some harmless fun, say cyber experts. In parliament, Shashi Tharoor, an MP from the opposition Congress party, alleged last month that ByteDance was illegally collecting data through the TikTok app and sending it to the Chinese government. Right-wing economic groups close to the ruling BJP have accused the app of “anti-national” activities, and the government of Prime Minister Narendra Modi has expressed its concern by seeking more details about the app from ByteDance.
ByteDance has dismissed the accusations, arguing that TikTok doesn’t operate in China — where it is in fact banned, and where the company runs a separate app called Douyin. In July, ByteDance sought to further assuage concerns. The company said that “in recognition of India’s efforts to frame a new data protection legislation,” it will establish a data center in India instead of saving user data in third-party servers in the U.S. and Singapore. With 637 million internet users, India is a critical market for the app. In April, the Madras High Court in the southern state of Tamil Nadu banned the app for a week based on a lawsuit that argued TikTok was “degrading culture.” ByteDance said it lost $500,000 each day in potential new users during the brief ban.
But those assurances aside, an app installed on a phone with requisite permissions can access “location, phone records, messages, contacts and other sensitive information,” says Amit Jaju, an independent cybersecurity expert. Apps like TikTok that allow users to log in through other social media accounts could grab data from those platforms too. “If these vital details could be reaching China, then it is obviously a serious issue,” Jaju says.
Sandeep Sengupta, another cybersecurity analyst, cautions that once an app has access to one’s location, it can be used for surveillance. “If the app can read your One Time Password [used for digital transactions], then your banking transactions can be accessed,” he says. “If the app seeks permissions for your microphone, it can listen to everything around you.” That makes TikTok particularly dangerous for people in the business of security, with their proximity to confidential information, in the eyes of many experts and, increasingly, the government.
The Indian government can ask mobile app stores to remove TikTok. But these stores, says Jaju, will evaluate the app’s security risks on their own before agreeing to any demand to discontinue a popular service. The government could ask telecom operators to disable the IP address of TikTok. But that would impact their business and go against the concept of net neutrality. Finally, the government could ask TikTok not to operate in India. But the firm could respond that it has no way of identifying the nationality of users.
Ultimately, say cybersecurity experts, the only meaningful restrictive step India can take is to enforce strict regulations barring the app’s use by officers in the police, army, other law enforcement and military agencies, and by government officials. “But the government wakes up only when something goes wrong,” Sengupta says. It’s all rather amusing until the right information falls into the wrong hands.
Umesh Kumar Ray is a freelance writer and a member of 101Reporters.com, a pan-India network of grassroots reporters.