Is our new TikTok Taoiseach a threat to national security?
Cyber-security experts have warned against the Chinese app. Where does that leave Simon Harris, asks Adrian Weckler
Twelve months ago, Ireland’s National Cyber Security Centre (NCSC) said that using TikTok, the Chinese-owned social media app, on government and public sector devices was a serious risk and shouldn’t be done. “There are risks in a pure cybersecurity sense that the user data that is being collected may be made available to other governments,” said Richard Browne, the director of the NCSC.
“It is also a case that the data might be exfiltrated via the application, which we also can’t rule out.”
But Ireland’s new Taoiseach likes using TikTok. A lot. He has a big audience there — almost 100,000 followers.
In the week when he became Ireland’s most powerful person, he TikTokked from the Taoiseach’s office, surrounded by all sorts of sensitive information. Is he wrong to do so? Or if not, is it a signal that our national cyber-security agency’s advice on TikTok
is irrelevant and outdated?
The use of the platform by very high-profile officials in power is “questionable”, says Conor Flynn, chief information security officer at Waystone and one of Ireland’s most senior IT security experts.
“With TikTok, it’s not so much the risk of individual data exfiltration, but more strategic stuff, like information that’s sensitive to international negotiations.”
However, Flynn pointed out that the explicit advice from cyber-security chiefs was “not totally prescriptive”, allowing for exceptions where “there is a particular business case” for using TikTok.
A government source said on Friday that the Taoiseach has “carefully considered” the security implications of his use of TikTok and believes he is in compliance with the cyber rules.
This may be because he is using a secondary, personal phone to record and publish his videos.
Technically, using a non-work issued, personal phone could fall outside the explicitly worded rules relating to “public-sector devices”. But that wouldn’t mean it’s safe from data collection interference.
“It could still be a source of data leakage or information about the individual that could be used by third parties, whether state-sponsored or not,” said Brian Honan, owner of BH Consulting and a former special adviser on cyber security to Europol’s Cyber Crime Centre.
“It could be used to track where the individual is, and maybe what other apps they update, including what phone they could be using. Anybody who is a high-profile individual in politics would need to be very focused on what apps they install.”
The Sunday Independent asked whether the Taoiseach uses TikTok on a government-issued device or his own personal one, but the question was not responded to.
In 2018, sensitive information about the location and personnel of US military bases was given away through individuals using the Strava fitness app.
In recent days, iPhone-maker Apple has notified a number of its users their devices were being targeted by a “mercenary spyware attack”, typical of attempts to hack specific journalists and politicians.
“This attack is likely targeting you specifically because of who you are or what you do,” Apple said.
Previously, high-profile activists, journalists and politicians have been subject to sophisticated spyware attacks using state-backed software such as Pegasus, developed by the Israeli-based NSO Group.
Simon Harris is not the only Irish politician to use TikTok, with Michael Healy-Rae, junior finance minister Neale Richmond and several Sinn Féin TDs all using the platform as an effective way to communicate with prospective voters, particularly younger ones.
Neither is Harris the only European leader to do so, with French president Emmanuel Macron — who arguably holds one of the most sensitive positions in European geopolitics — regularly sending TikTok videos to his four million followers, despite France having a ban on “recreational” apps such as TikTok and Instagram on public-sector work phones.
So if this many senior political figures are using the Chinese platform, does it make a nonsense of our cybersecurity agency issuing warnings regarding TikTok?
The Sunday Independent asked the NCSC whether its advice had changed since last year, or whether using “personal” devices, not apparently covered by the wording of the original warning, might also constitute a risk.
“The NCSC recommendation states that there are a relatively small number of users that require access to these apps in order to carry out their duties — such as for individual users who need to use TikTok to communicate with the public,” said a spokesperson for the Department of the Environment, Climate and Communications, which represents the NCSC.
It added that “workarounds for this scenario” are outlined in separate guides available to public-sector department heads.
In this context, the Taoiseach may be exploiting the wriggle room offered in being someone who “needs to use TikTok to communicate with the public” and can’t rely on bolshy, troublesome professional media organisations.
The relative lack of outrage over the potential of senior figures such as the Taoiseach to weaken national security may be supported by a dearth of hard evidence that TikTok has been directly responsible for any actual spying, beyond Western security agencies’ vague warnings.
So it may perhaps be that the rules against senior officials using TikTok are turning out to be a little bit like Ireland’s law against using electric scooters — they’re generally banned, but nobody does anything if they’re actually used.
IPAV chief executive Pat Davitt said these costs are relevant for landlords carrying out maintenance or repaying loans on properties. “The CSO determines the official measure of inflation in Ireland. It is a very important benchmark for the rental industry and we believe this is what the Housing Minister should insist is the basis for determining whether or not a rent increase should apply,” he added. “The HICP is not the appropriate method to calculate rent increases because of its exclusions of some very important items impacting landlord costs.”
He said the continued use of the HICP would pose a risk to the sector, with those who are locked in to rent pressure zone rates that are below current market levels more likely to leave a sector already blighted by a shortage of properties.
“Short-term this will incentivise private landlords to continue to exit the rental market. Longer term it is going to result in a lack of maintenance of such properties, as has been the international experience,” Mr Davitt said.
The RTB said any potential changes to the method of calculating rent changes will require a legislative amendment and is a matter for the Housing Minister and the Oireachtas.
The Department of Housing said a rental market review is due to be published before the end of June.
“The review contains no plans to migrate from HICP to the consumer price index as a measurement for rent increases in an RPZ,” a department spokesman said. “The linkage with HICP aims to safeguard continued investment in the sector by existing and new landlords to deliver the requisite supply of high-quality rental accommodation while protecting against a significant increase in rental inflation in the coming years as the labour market rebounds.”
A relatively small number of users require access to these apps to carry out their duties