The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

There are TikTok bans in nearly two dozen states

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning! Check out this piece by my colleague Tim Craig about former Brazilian president Jair Bolsonaro’s new life — as a Florida man.

Below: The Supreme Court declines to hear NSO Group’s appeal of a lawsuit, and a key House committee that deals with cybersecurity issues gets its chairman. First: 

Inside the state bans on TikTok

The bans keep coming. 

Over a five-week stretch, nearly two dozen state governors and officials have imposed government restrictions of TikTok in their states. Most are Republicans, but a few Democrats are joining them.

The bans range from prohibiting the device on government internet networks to restricting state employees from using or downloading the app on state devices.

Now, Wisconsin Gov. Tony Evers plans to ban the app. He would be at least the second Democratic governor to ban the app on state devices, after Kansas Gov. Laura Kelly announced a ban late last month. It’s not clear what Evers’s ban will look like; his office didn't comment on the specifics of the ban. 

The office of another Democrat, New Jersey Gov. Phil Murphy, also announced this week that state officials banned the app.

The pressure

TikTok faces growing pressure in Washington, where lawmakers last month banned TikTok on federal employees’ government devices.

Here’s more on TikTok and government officials’ concerns with the app from my colleague Shira Ovide, who wrote about the bans last month: “TikTok is owned by a Chinese internet giant, ByteDance. With more than 1 billion users globally, TikTok is (arguably) the first wildly popular app in the United States that comes from a Chinese company. U.S. elected officials and most Americans don’t trust China.”

“U.S. officials have said that because businesses in China are not truly independent from the government in Beijing, Chinese Communist Party officials might force TikTok to hand over data it has collected on American users, or TikTok might use the app to promote Chinese propaganda or censor material that Beijing doesn’t like,” Shira wrote. “TikTok says that U.S. officials have provided little evidence of TikTok being a patsy of Beijing.”

The company is working on a potential deal with the Committee on Foreign Investment in the United States, a secretive, interagency government committee. TikTok has agreed to cut off ByteDance’s decision-making abilities over TikTok’s U.S. operations and agreed to let U.S. authorities veto executives at the company and impose standards for TikTok’s hiring practices, my colleagues reported. But the talks remain unresolved. 

TikTok faces criticism from nonpartisan national security officials. FBI Director Christopher A. Wray has warned about the app, telling a Michigan audience last month that the Chinese government’s ability to control TikTok’s algorithm or collect data for espionage “should concern us.” Some state bans have cited Wray’s concerns as a reason for banning the app.

Other national security officials have been more nuanced. In an October radio interview, Jeremy Fleming, the leader of U.K. signals intelligence agency GCHQ, was asked whether he’d be concerned about children's’ use of TikTok.

“No I wouldn’t,” he said, adding that he’d “speak to my child about the way in which they think about their personal data on their device” because people have to know that “there is no free good here.”

“Make the most of it, make those videos, use TikTok, but just think before you do,” he later said.

Inside the bans

The state bans began on Nov. 29, when South Dakota Gov. Kristi L. Noem (R) announced that she’d ban government officials and contractors from using the app on state devices.

Most of the other states’ bans were announced before Dec. 22, when ByteDance said it fired four employees after finding that they accessed data on U.S. users — including journalists — while trying to find the source of a leak at the company.

(TikTok, for its part, has previously told The Post that the bans “are largely fueled by misinformation,” and that it would be happy to discuss its security practices with state officials.)

Some of the bans are proactive. For example, Pennsylvania Treasurer Stacy Garrity (R) banned the app from being used on her office’s devices and networks. But Garrity’s office noted in a statement that her office had “conducted an internal security review this month and determined that TikTok had not been used on any Treasury-issued devices.”

Other bans appear to impact public universities.

Auburn University and the University of Oklahoma — which combined have around 60,000 students — have banned the app from being used on their internet networks. However, it appears that students can still get around the bans by using virtual private networks or data on their phones, for example.

The keys

Supreme Court rejects NSO Group appeal

The Supreme Court’s decision to not take up NSO Group’s appeal means that WhatsApp can continue with its long-running lawsuit against the Israeli spyware firm, Reuters’s Nate Raymond reports. NSO Group had argued that it deserved immunity from U.S. lawsuits because its clients are foreign governments. 

In November, the U.S. solicitor general’s office argued that the court should reject NSO’s appeal.

In a statement, WhatsApp parent Meta, which also owns Facebook, said that it welcomed the decision. “NSO's spyware has enabled cyberattacks targeting human rights activists, journalists and government officials,” the company said. “We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations.” 

The Knight Institute, which in 2022 filed a lawsuit against NSO on behalf of journalists working for Salvadoran news outlet El Faro, also cheered the decision.

NSO’s lawyer didn’t respond to Reuters’s request for comment.

Rep. Mark Green (R-Tenn.) to chair Homeland Security Committee

Rep. Mark Green (R-Tenn.) previously served on the committee’s cybersecurity panel and he’s introduced cybersecurity legislation, as The Cybersecurity 202 previously reported. Green is a member of the House Freedom Caucus and has hinted about reorganizing the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency plays a key role in the federal government’s cybersecurity efforts, Bloomberg Government’s Ellen M. Gilmer and Emily Wilkins report.

In a statement, Green said that he would prioritize border security, cybersecurity and other areas as chairman of the committee. “We will also work to secure our cyber border,” Green said in the statement. “In 2018, cyberattacks cost the federal government an estimated $13.7 billion, and recently the Department of Justice determined that 80 percent of all espionage cases and 60 percent of all trade secret cases are connected to China in some way. No community in America will be spared if we cannot secure this fourth, deeply vulnerable, border. These are two of the many priorities we will address — and we will not let the American people down.”

Cyber insecurity

Identity thieves bypassed Experian security to view credit reports (Krebs on Security)

San Francisco BART investigating ransomware attack (The Record)

Privacy patch

Researchers could track the GPS location of all of California’s new digital license plates (Motherboard)


  • The Center for Strategic and International Studies hosts an event on government policy relating to open-source software today at 10 a.m.
  • Signal President Meredith Whittaker speaks at a Washington Post Live event today at 1 p.m. 
  • Rear Adm. Michael Studeman, the commander of the Office of Naval Intelligence, speaks at an Intelligence and National Security Alliance event on Wednesday at 9 a.m.
  • Gen. Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, speaks at a public forum on a government surveillance authority on Thursday. April Doss and Christopher Fonzone, the top lawyers at the National Security Agency and Office of the Director of National Intelligence, are also slated to speak at the event, which is hosted by the Privacy and Civil Liberties Oversight Board.
  • Cybersecurity practitioners meet with cybersecurity staffers on Thursday as part of Hackers on the Hill. 

Secure log off

Thanks for reading. See you tomorrow.