Microsoft TikTok Privacy Concerns

Ascannio / (Licensed)

Will TikTok just become U.S. spyware instead?

Microsoft has a history of working with the government for surveillance.


Andrew Wyrich


Posted on Aug 10, 2020   Updated on Jan 27, 2021, 3:41 am CST

While data privacy, security concerns, and potential links with the Chinese government have been levied against TikTok, its potential new owner, Microsoft, also a history of partnering with the government.

President Donald Trump and his administration have been signaling about a possible ban of TikTok for weeks, citing national security concerns that have been raised by lawmakers since last year. TikTok is owned by China-based ByteDance, and the country has a history of forcing tech companies to hand over user data, often without transparency.

On Thursday night, Trump pushed things in motion by signing an executive order that would effectively ban the popular app in the U.S. unless it’s sold to Microsoft.

TikTok has defended itself against any kind of link between the company and the Chinese government, asserting that U.S. user data is stored within the country.

However, despite this push back—a flurry of activity this month led to speculation Microsoft would be interested in buying TikTok.

Microsoft confirmed that it was exploring a potential acquisition, adding that any conversations with TikTok would need to be wrapped up by Sept. 15—aligning with a 45-day deadline the Trump administration imposed on a deal getting done.

While many lawmakers—including Sen. Lindsey Graham (R-S.C.) and Sen. Marco Rubio (R-Fla.) cheered the move to have TikTok be owned by an American company, that’s part of the problem. Microsoft has it’s own history of cooperating with the U.S. government.

Initial reports about documents leaked by Edward Snowden, the NSA whistle blower, implied that Microsoft and other tech companies granted unfettered access to data about customers. However, the companies denied such statements. They insisted that they only complied with subpoenas and in 2016 Microsoft and other companies pushed for customers to be able to be notified when their data is being monitored by the government. The suit was dropped after changes to the Justice Department’s policy that limited the use of gag orders for companies to notify users of the government accessing data in the cloud.

PRISM was a collaboration between U.S. intelligence agencies like the NSA, and FBI that allowed for them to gather and search Americans international communications on major tech platform, like Microsoft. The program has been met with intense scrutiny since being unveiled by leaked documents from Snowden.

Microsoft was one of several companies that told the New York Times in 2013 that they did not give the government wholesale access to its servers, but instead responded to specific court orders.

But, it’s exceedingly common for tech companies to respond to requests for data from the U.S. government. For instance, Microsoft says from July to December last year it received 4,315 requests from the U.S. government regarding 12,993 accounts or users. Around 15% of those requests were for “content,” which the tech giant gave an example as: “the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive or other cloud offerings such as Office 365 and Azure.”

Microsoft said it declined nearly 13 percent of the requests from the U.S. Microsoft explains that when challenging a request for information, it can range from telling them they were unable to produce the information required, or it can challenge the request in court.

But being a U.S. citizen using a platform owned by a U.S. company means that the government has an easy path to access your data if they consider your behavior suspect, even if companies do fight back.

Over the same period, TikTok said recently it complied with 82 of 100 requests from the United States for information about accounts. It also said it complied with one request from the U.S. to remove an account.

While Microsoft has denied accusations of deep and unfettered access by the government—it notes on its requests disclosure page that a warrant is required before it considers handing over data—it’s been much more upfront about its willingness to partner with law enforcement for surveillance purposes.

Microsoft has built a massive surveillance apparatus in a partnership with the New York Police Department (NYPD). The Domain Awareness System (DAS) has the ability to monitor CCTV cameras throughout the city, scan license plates, and compare data captured by cameras with non-NYPD databases.

As part of the partnership, the NYPD gets a 30 percent cut of revenue from sales of the system to other customers by Microsoft.

The tech giant also has partnerships with police surveillance vendors and departments, which have recently drawn ire from its own employees.

Any tech company’s history of cooperation with the U.S. government should give people pause before cheering a possible TikTok acquisition, Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project (STOP) told the Daily Dot in a recent phone call.

“I see a lot of the push back against TikTok’s Chinese ownership as privacy nativism. We are quick to point out the potential privacy costs of social media networks when they are owned by Chinese firms, but when U.S. firms engage in nearly identical practices, we suddenly go mute,” Cahn said.

Cahn continued:

“People talk about the way the platform could collaborate with the Chinese government, and that’s quite concerning. But we also know we’ve had mass data collection programs here in the U.S. for years where U.S. social media companies have complied.”

When Secretary of State Mike Pompeo first floated the idea of a TikTok ban, many people online highlighted that U.S. companies scoop up exorbitant amounts of data on users and work with the government in numerous ways.

But Microsoft hasn’t been without it’s own instances of handling data that irked users.

Last month, LinkedIn—which is owned by Microsoft—was caught up in a similar privacy issue that TikTok was.

As one Twitter user noted, LinkedIn was copying the contents of a clipboard after every keystroke. The company said the issue was a bug, according to ZDNet. Following the issue coming to light, a New York iPhone user sued the company.

TikTok, along with other apps, was also called out for doing the same thing, and later said it was removing the feature.

In 2016, the Electronic Frontier Foundation accused the company of sending an “unprecedented amount of usage data” back to itself, including location data, voice input, text input, and websites visited.

Microsoft responded by letting users have more control over what is collected, according to Fast Company.

Beyond potential links to the Chinese government, much of the criticism levied at TikTok has revolved around the amount of data it collects on its users. ProtonMail, the popular encrypted messaging service, called TikTok’s data collection “extreme” in a recent analysis.

However, experts have pointed out that other popular apps also collect reams of data on its users, oftentimes in pursuit of profit.

Given the nature of social media, it’s unlikely Microsoft would change the amount of data TikTok collects—meaning the only discernible change would be the origin of the country that owns the company.

In fact, as the Washington Post reported, a major reason for the tech giant being interested in the app may be to harvest video data to feed artificial intelligence.

While Microsoft does not have the same history of selling user data as other companies do, Cahn pointed to Microsoft’s collaboration with the NYPD to build DAS as one reason not to be celebrating a potential acquisition—surveillance in other instances are part of its overall revenue.

STOP was one of 18 advocacy groups to call on Microsoft to end its partnership with the NYPD in the wake of protests against police brutality and racism bringing up questions about law enforcement’s use of surveillance technology.

“It seems very clear that Microsoft has been willing to profit off of American’s privacy … and to build the apparatus of mass surveillance. I don’t see how anyone should feel reassured to see them taking the helm of this social media company,” Cahn said. “It’s not that Microsoft is uniquely bad, it’s that all these tech companies are equally as dangerous from a privacy perspective.”


Share this article
*First Published: Aug 10, 2020, 7:00 am CDT