TikTok is now banned on devices owned by the City of Aurora and on personal devices that are used to access the city’s networks. But the city council's decision also raised concerns that the recent furor surrounding TikTok could foster xenophobia, and that it does not address the full scope of potential cyber threats posed by media platforms.
The Aurora City Council approved a resolution Monday that bans TikTok and other platforms from its parent company on city-owned devices. People who use personal devices to access city networks cannot have the app on those devices either. Councilmember Alison Coombs dissented.
The resolution has two goals, its sponsor Councilmember Dustin Zvonek said. The first aim is to address the bipartisan concern about potential national security threats posed by TikTok, which is owned by the Beijing company ByteDance. Banning TikTok does not solve all cyber security threats, which is why the resolution also asks the IT department to evaluate other platforms for similar risks and come forward with recommendations for addressing those, he said. City staff will be in charge of implementing the ban, Zvonek said.
Chief Information Officer Scott Newman told city council the resolution would provide additional tools for the IT department to create a “more rigorous program around evaluating threats as they emerge.”
“The risk landscape changes on a daily basis, from all kinds of actors,” Newman said.
Chief Information Security Officer Tim McCain concurred that there has been some concern about using certain social media vendors for public or government entities. Those concerns are sometimes regarding government-backed media companies or companies located in countries that have strained relationships with the U.S., he said.
“This is not our silver bullet, but this is something that will help enable us as a security organization to better risk quantify the various vendors that we use. In this regard, at least based off of the risk of geo-political issues or locations that could impact the vendor’s ability to service our constituents and our employees, or worse, provide a security and privacy risk,” he said.
Councilmember Alison Coombs, who attended the city council meeting with her baby, proposed amendments to the resolution that would have removed references to TikTok and replaced them with general references to social media, websites or other internet services that are a cyber-security risk.
Her worry was that focusing on TikTok was too narrow, she said, adding that “there are other threats to safety, security and data.” Coombs later said she has similar security and privacy concerns with other platforms and their owners — naming Meta — that she does with TikTok.
Coombs also proposed removing references in the resolution to China and the nation’s communist party.
“We can focus on the safety and security of our city without saying, ‘We are not going to allow any devices where the employer or any technology where the employees are affiliated with the communist party,” she said.
If the city made the same statements about white nationalist group the Proud Boys, or other groups that are a potential security risk, she said, it sets a precedent “where we are starting to make our security policy based on politics instead of the security risks.”
City staff told Coombs the amendments would not interfere with accomplishing the resolution’s cyber-security goals. Mayor Pro Tem Curtis Gardner pushed back on that stance, saying that the phrasing of one amendment Coombs proposed could lead to forcing the deletion of other apps, such as Facebook, because anything connected to the internet can be a cyber-security risk. Coombs’ amendments failed in a 4-6 vote.
One public speaker called the resolution “a waste of time.”
Zack Heaton works as a senior support engineer and on cyber security software. The level of sophistication a cyber attacker would need to leverage TikTok as a mass collection tool is possible but highly unlikely, he said. An example of more prevalent risks to the city’s cyber security are phishing scams, he said, urging public education about cyber security as opposed to a debate about TikTok alone.
“This ban would be addressing only about 5% of potential attacks,” he said.
Heaton is not a fan of TikTok either, he said, but pushed for legislation that took a broader approach and supported Coombs’ suggestions.
Heaton also worried the resolution’s wording could spark xenophobia and hatred toward the Asian community. By narrowing the focus to China, the ban ignores the numerous other countries that also have an adversarial relationship with the U.S. and conduct cyber attacks on America, he told The Denver Gazette.
“You’re also going to spin up a lot of unnecessary hate,” he said.
Coombs said she, too, had concerns that the resolution’s language toward China and the communist party invoked “Red Scare rhetoric.”
Zvonek does not share Heaton's concerns, he said. He has emphasized the bipartisan concern about TikTok in Washington D.C. and said: “TikTok presents a unique threat” specifically because of its ties to the Chinese government — a viewpoint Mayor Mike Coffman echoed in the meeting.
During debate, Zvonek called TikTok a threat because of “the potential influence of the Chinese government” and the risk the Chinese government could attempt to use the platform for spying on Americans.
The resolution does allow considering exceptions to the ban for a small number of city employees, who must receive approval from the IT and city manager’s offices. Exceptions would most likely be for law enforcement use, Zvonek said.
Interim Chief of Police Art Acevedo was not asked to speak about the resolution during its passage but told The Denver Gazette he considers it a starting point.
“We may be better served to go back and revisit it, in terms of expanding it to any company that’s exploiting or misusing the data for the advantage of a foreign nation,” Acevedo said.
The threat “goes well beyond China,” he said, naming countries such as Iran, Russia and North Korea as additional nations that pose a cyber security threat to the U.S. Nations hostile to the U.S. also engage in disinformation campaigns meant to divide the American public across multiple platforms, he said. Acevedo served on homeland security councils through multiple presidential administrations.
“This is not the only platform that we need to worry about,” Acevedo said.
