By Marci DeVries-Todtz, Fraud Sniffr
The wildly popular social media venue TikTok has been ordered by Donald Trump to sell to a United States company due to privacy concerns regarding US citizen data being harvested by the Chinese government.
Many users of TikTok (or parents of users) probably wonder “What’s the big deal.” The service is primarily populated with short dance videos that seem of no real consequence. And I will tell you for sure that the issue is not the content of the dance videos. The concern is that the Chinese government may have been generating a database of TikTok users’ Gait Analysis.
A quick primer on Gait Analysis – the way people move (walking, running, standing) is so consistent and identifiable that it is widely considered as unique as a fingerprint. A person cannot consistently mask the way that they move because it is a part of their neurological system. By measuring components of a person’s gait, Gait Analysis software can identify people from up to 50 meters (165 feet) away, even with their back turned or face covered. This can fill a gap in facial recognition, which needs close-up, high-resolution images of a person’s face to work. It is a way of recognizing a person’s identity without their cooperation.
According to the Associated Press, the Chinese government quietly rolled out Gait Analysis in 2018.
Enter TikTok, a dance platform. TikTok captures data from millions of videos as well as unpublished “drafts” of videos where people move more causally. The platform has access to capture smiles, gait, and a wide variety of movements which can then be attached to known identities and catalogued. This is the core of the issue.
President Donald Trump ordered TikTok’s sale to a US company in August 2020 in order to keep data about Americans in America. The most likely buyer seems to be Microsoft, a company that has long history of data capture, storage and analysis within American law. Should the sale go through, a change in ownership should offer a significant level of protection for new TikTok users.
However, the transfer of data from Chinese to American companies will only offer real identity protection if Microsoft fully discloses how they intend to use the data and how long it will be stored. The new GDPR and California Consumer Privacy Act (CCPA) will have major roles in forcing this disclosure, and prior to the sale, the acquiring company should publicly disclose their measures for complying with these mandates.
In reality, once people started posting their lives online a Pandora’s box of privacy issues opened so widely that the idea of privacy essentially no longer exists. Legislators are now facing a ‘whack-a-mole’ of how to manage the usage of peoples’ biometrics in sanctioned and unsanctioned entities. Stay tuned, this party is just getting started.