The Problem the US TikTok Crackdown and Kaspersky Ban Have in Common

On July 20, the United States Commerce Department will ban new sales of popular antivirus software made by Moscow-based Kaspersky Labs. The move comes just two months after US president Joe Biden signed a law that will effectively ban the social media app TikTok in the US if its Chinese parent company doesn’t sell it off. The US government banned federal use of Kaspersky antivirus software in 2017, but as the US-Russia relationship has further deteriorated and the Kremlin has exerted more stringent control over the Russian tech sector, US officials have remained concerned about the potential for the Russian government to weaponize Kaspersky software.

In its campaigns to ban these pieces of foreign software as a matter of national security, though, the US government is setting a precedent that undermines tenets of a free and open internet in which users can access any information and software they choose.

“The risks to US national security addressed in this Final Determination stem not from whether Kaspersky’s products are effective at identifying viruses and other malware, but whether they can be used strategically to cause harm to the United States,” the Department of Commerce wrote last week. Commerce Secretary Gina Raimondo told reporters on Tuesday that this is the first time the US Commerce Department has banned the sale of a cybersecurity product.

Kaspersky, naturally, countered that it believes the Commerce Department “made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.” The company added that “Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies.”

TikTok, meanwhile, has sued the US government, claiming that the potential ban of its app violates the First Amendment. The lawsuit points out that US lawmakers are forcing TikTok’s China-based parent company, ByteDance, to sell TikTok to a company headquartered in the US based on “the hypothetical possibility that TikTok could be misused in the future, without citing specific evidence.”

Unlike TikTok, a social media app that is built as a forum for discourse and can be downloaded for free, Kaspersky’s antivirus product is paid software that is granted deep system access to monitor customers’ devices and networks. Where TikTok’s software is contained by the mobile operating systems it runs in, scanners like Kaspersky are given free rein by design, adding to cybersecurity concerns.

“The apps are fundamentally different,” says Patrick Wardle, a longtime Mac security researcher. “If a person of interest had Kaspersky antivirus and TikTok on their device, Kaspersky is probably the bigger problem, because it can give its developer unfettered access to the device. A mobile app like TikTok runs in an app sandbox and really can’t do much beyond you granting it access to specific data like your contacts.”

Source link