Mark Ripper, director of the Department of Technology Services for Carroll County. (above)

by Amanda Milewski, photography by Nikola Tzenov

County and College Bans Use of App

Lip synching and dancing videos? Sounds like fun — sign me up! Many probably had similar thoughts when the TikTok app launched internationally in 2017.

Introduced in its home country of China the year before, TikTok originally started as a short-form video-sharing platform. Today it’s a video service with content for all types of viewers. There are more than a billion TikTok users worldwide and more than 150 million in the U.S. alone.

TikTok is owned by the Chinese company ByteDance, which also operated the AI (artificial intelligence) news aggregation platform Toutiao. The company employs a similar AI platform with TikTok, which identifies a user’s interests and sends additional similar content to their feed.
Most social media apps and some websites operate in the same way — using an algorithm to send you content, products and people to friend or follow, based on what you view.


The danger of TikTok


Not only are apps and websites sending you content, they are also collecting data on you based on what you view and post. Some of that data can include what you engage with, click on, comment on and share; whose profiles and pages you visit; and demographic data such as location, age, gender, language and behaviors.

A primary concern with TikTok is the fact that it is owned by a Chinese company. Because Chinese law allows for the government to demand data from its citizens and companies for use in its intelligence-gathering operations, the data collected from TikTok could be used by the Chinese government.

According to a March 2023 article in Time magazine, the “U.S. intelligence community is concerned about Americans’ data falling into Chinese hands because of the belief that this data could help China conduct influence operations aimed at the American public.” The article says that TikTok’s ability to amplify content directly to millions of American users, including many children and teens, has officials worried that the Chinese state could compel TikTok to covertly influence U.S. citizens.

This concern has led many countries, as well as state and local governments, companies, and schools to ban the use of TikTok on their government-, company-, and school-owned devices. Currently, two countries — India and Pakistan — and 27 U.S. states have banned TikTok.

In its article, Time reports that ByteDance has denied accusations that it has close ties to the Chinese Communist Party (CCP) or that U.S. citizens’ data are at risk. Company leadership says it has invested $1.5 billion dollars to ensure sensitive user data is kept on U.S. soil, cannot be accessed from Beijing, and is subject to U.S. government audits. In March, TikTok’s CEO, Shou Zi Chew, testified at a congressional hearing that user data is secure. But U.S. leaders didn’t buy it.

Carroll County responds

In March, Carroll County banned the use of TikTok on all county-owned devices. The decision was made by the Board of the County Commissioners and was based on actions by a number of states — including Maryland — and the federal government, citing cybersecurity concerns, explained Mark Ripper, director of the Department of Technology Services for the county.

When contemplating the ban, “The county considered if TikTok was used as a county media platform,” said Ripper, “and it was not and never has been.” He also noted that they considered how the ban would impact staff and whether any staff used TikTok as part of their job. He said the county added an exemption for anyone that is required to engage with TikTok as part of their work responsibilities.

Social media and cybersecurity

John Cornfoot, cyber-security manager for Carroll Community College.

Carroll Community College adopted a similar policy regarding TikTok. “The college uses TikTok for marketing purposes only,” noted John Cornfoot, cybersecurity manager. TikTok is permitted on college devices if it has been requested and is used for work purposes only. Users are trained on the risks of using the app and college devices to which the app is downloaded “will not have access to other college resources and are only to be used for their intended purpose,” he continued.

While TikTok has the potential Chinese government connection, it also has the same cybersecurity risks of other social media platforms like Facebook, Instagram, and X (formerly known as Twitter).

According to the National Security Agency, some of those risks include: unauthorized access to data, which can lead to monetary and/or property loss and identity theft; malware-embedded games that can lead to “account takeover, misuse of materials and escalated access to users’ private life”; and sharing of personal information that can open users up to phishing emails (malicious emails purporting to be from a reputable organization), among other things.

“All users of social media do so at their own risk,” asserted Cornfoot. “Some users are very sensitive to what they post, but others are not. Any private information has the potential to fall into the wrong hands. It would be sensible to be cautious about what is posted and how long it remains on [a] profile,” he said.

All social media sites have the potential to be goldmines for those with ill intentions — hence the term “data mining.” Even the most innocuous posts can unwittingly provide information to those looking to exploit it.

Some of this information can include an individual’s date of birth, gender, address, contact information, birth name, email address, schools attended, and the time and location of a post. Why does it matter if someone can see when and where a post was made? It may inform someone that you are out of town, which means your home may be empty, and potentially vulnerable.

“As cybersecurity professionals, we are well aware of technological controls to keep us safe and alert us to attempts to break into our systems,” Cornfoot said. He explained that social engineering — manipulating, influencing, or deceiving a user to gain control over their computer system or to steal personal and financial information — is a constant concern. “The way human beings succumb to influence is a great worry. Social engineering plays into our psychology and we can unwittingly divulge information to our enemies. If we ‘volun-tell’ our personal data, regardless of the platform, we are making it easier for social engineers to trick us,” Cornfoot said.

Eldersburg mom Tara Battaglia says she bases her family’s social media rules on her children’s age and maturity level.

No one is more vulnerable on social media than children and teens. Some of the nuances of sharing personal information may not be readily apparent given their age and inexperience.

Much has been studied and reported on the emotional and psychological impacts of social media such as cyberbullying, anxiety, depression, increased loneliness, fear of missing out, and decreased well-being and life satisfaction, for instance. But children and teens also are at risk for the same cybersecurity issues as adults and are often easier targets.

Many parents solve the issue by not giving their child a cellphone until they are mature enough to understand the risks. But because social media is available on computers, which underage children often need for schoolwork, others have a “no social media” policy to address the problem altogether.

But what if you have children in a wide range of ages and you want to teach them to be smart about social media use when they are mature enough to use it? The “no social media” policy might be difficult to enforce across the board.

Eldersburg resident Tara Battaglia, member of the Board of Education, said she has navigated these social media issues with her three children who are now a college student, a high-schooler, and an elementary-schooler.

“Each of my children is different,” she noted. Her oldest didn’t have a cellphone until she was 13 and was not permitted to use social media until she was in high school. Then she was only allowed on Facebook.

“Our middle child didn’t get a cell phone until eighth grade and was permitted to be on Instagram once in high school,” Battaglia said. She said that she has his Instagram account set to send her an alert every time he posts so she knows what he is posting and when.

The elementary-schooler has no phone or social media. She does play games on a tablet, on which Battaglia has disabled chats. When someone tried to chat with the child, Battaglia removed the game. It seems that the parental control settings are not always foolproof.

And although the college freshman is technically an adult, Battaglia said that they “continue to have discussions about the appropriate use of social media.”

So what’s a user to do?

There are numerous ways to stay safe online and still be a savvy social media consumer.

The National Security Agency recommends a number of “countermeasures,” to help individuals safeguard their digital identities.

Countermeasures they recommend include:

Use the most up-to-date version of a social media app, which often includes increased security;
Frequently review privacy settings on your and your children’s devices, particularly after an update in case they were reset;

Protect location data by limiting what photos are posted and disabling location services on the device and/or the app;

Verify requests from “friend” accounts are legitimate and do not accept friend requests from people you don’t know;

Refrain from posting sensitive/personal information or from taking online “surveys” in which you may share information that could be used to compromise accounts and reset passwords (birthday, high school mascot, maiden name, etc…);

Be aware of virtual and physical surroundings, and if you must connect via public access, use a virtual private network (VPN) to encrypt web traffic; and

Secure and strengthen passwords and use a different password for each online account; and where possible, use multi-factor identification.

“Awareness campaigns are the way forward,” said Cornfoot. “Cybersecurity modules are included [at Carroll] when staff and students are onboarded.” Students have cybersecurity training as part of their new student orientation and agree to follow and sign the college’s Standards of Student Conduct, which includes behavior online, he explained.

It is much easier to be proactive and prevent a data breach or an identity theft rather than deal with what can be the far-reaching and long-ranging aftermath. Carroll technology services director Ripper affirmed that the county’s TikTok ban was undertaken proactively and as a cautionary measure even though the app had been downloaded on “less than six” county devices. “The Department of Technology Services is always aware and monitoring systems for concerns and acting accordingly,” he concluded.