This week our Congress is crafting legislation to remove TikTok from our lives. It is as misplaced as Nancy Reagan’s “Just Say No to Drugs” campaign — and perhaps as empty a gesture. Yes, there are real issues with all that social media metadata ending up on some Chinese hard drive, and the notion that ByteDance can separate its US operations and clouds from Chinese ones shows how little our lawmakers understand technology.
Instead, I would like you to think about the following companies: Nio, Inceptio, XPeng and Zeekr. Ever heard of any of them? They are all major Chinese EV companies, and all of them pose a much bigger threat to our data privacy and national security than TikTok. By way of reference, China has hundreds of car makers, and they are all obligated to transmit real-time data to their government. Now they want to sell them here and are doing road tests.
Last fall, another bipartisan group of lawmakers sent letters to these and other Chinese EV makers, wanting to get more transparency about the data they collect on their cars . I haven’t seen the responses, but guess the truthful answer is “we collect a lot of stuff that we aren’t going to tell you about, and we have to share it with the CCP.”
Last week, the Commerce Department issued its own request and asked for public comments as part of its role to consider its own series of regulations. The department is investigating the risks of EV and other connected vehicles on national security and potential supply chain impacts of these technologies. Interestingly, it is finally acting on a Trump Executive Order. Another bipartisan effort. The document linked above asks for a lot of details about obvious data collection methods. If I were running a Chinese car company, I would think about designing systems that would be less obvious. One of the things these Chinese car makers are quickly learning is how to become better software companies, thanks to the Tesla business model. (Tesla also makes and sells its cars in China BTW.)
While there are hundreds of millions of TikTok US users, some of whom are adults, the threat from car metadata is much more pernicious, especially when it could be paired with phone location data from passengers sitting in the same vehicle. What they both have in common is that all this data is being collected without the user’s knowledge, consent, or understanding who is actually collecting it.
Those phones have been recording our movements for quite some time, without any help from China. There are so many stories about tracking the jogging routes of US service members at foreign military bases, or tracking a spouse’s movements, or figuring out where CIA employees stop for lunchtime assignations near Langley, etc. But that pales in comparison to what a bunch of CPUs and scanners sitting under the hood can accomplish on their own.
Remember war driving? That term referred to someone in a car with a Wifi scanner who could hack into a nearby open network. That seems so quaint now that a car could be doing all the work without the need for an actual human occupant. I guess I will go back to watching a few Taylor vids on TikTok, at least until the app is removed by Congress. In the meantime, you might want to review your own location services settings on your phones.
David Strom's Web Informant 
This has been festering for a while. As you know DJI drones cannot be used by the US government, but that didn’t stop DJI from being the bestselling drone company on the planet!
This problem is easily solved if Congress tackles the data privacy problem as a whole. Why is it OK for GM to crawl through our usage patterns? And who will regulate that?
In fact GM already has mentioned a cabin camera AI algorithm that can detect drunk driving (for sure doable), who holds that data? How is it transmitted to law enforcement. This slope is way slippery, which is why Congress is like the proverbial deer in the headlights.
Thanks Tim. Another reader points out this NYTimes article where GM is sharing driving data on its connected cars with insurers.
I don’t think it’s one or the other, I think it’s both. TikTok is a long term play to destroy our minds and culture, and so far it’s working quite well for the Chinese. For evidence, consider that China doesn’t allow its people to use TikTok- the app is much different AND has user/time constraints on it. To me, we are and have been at war with China (and Russia and Iran and North Korea for that matter), but the war(s) are being fought on different fronts than the battlefield- cyber, bioterrorism, data (as a currency) and social media, to name a few. You correctly point out the EV risk and you’re right– I think a broader, more holistic/strategic industrial policy needs to be implemented– AND FAST!
I was beaten to the punch about the recent NYT article which details all the data collected by US car manufacturers, then provided to insurance companies, who jack up insurance rates if they do not like the driving patterns in the data. Now I have to look at the used car I bought a year ago to see if the previous owner unwittingly consented to have driving data collected. And my wife needs to be aware of this when she shops for a car to replace her Subaru with 190,000 miles. Privacy is not the concern of auto manufacturers, same as the rest of IoT!
If US tech companies cannot operate in China why should Chinese tech companies operate in USA?
Equal playing field.
And coincidentally, over at Dark Reading is this piece on connected car threats.