It's not TikTok, it's Congress

Pundits and politicians are blaming TikTok and other tech-based companies for problems that are actually caused by political incompetence.

It's not TikTok, it's Congress
Photo by FLY:D / Unsplash

Do I think TikTok is a potential threat to Americans? Probably.

Do I think any of the things that Congress and state governors are doing will fix the problem? Nope, not even close.

TikTok is not the problem; Tiktok is just one of many symptoms of the problem.

TikTok is not the problem, it's a symptom of the problem.

To actually fix the problem, U.S. lawmakers need to author and pass a bill I'd call "THE DATA SOVEREIGNTY ACT OF 2023".

The Problem is Much Bigger than TikTok

It rarely occurs to Americans that there is a global dependence on American technology — and that many countries are understandably uneasy about that.

For instance, operating systems are most crucial software in the world because most software needs an operating system to run on. And guess what? Operating systems like Microsoft Windows, Google Android, ChromeOS, Apple iOS, MacOS, Linux, Unix — they are all made in America.

If you think Americans are uncomfortable that TikTok might spy on them, how do you think people in China, Russia, Iran, North Korea, etc. feel about American operating systems potentially spying on them?  

Right now politicians are flexing because TikTok is based in China, but believe it or not, TikTok has not been as sloppy and remiss with user data as American social media companies have been.

Believe it or not, TikTok has not been as sloppy and remiss with user data as American companies have been.

Facebook alone has had 19 major data breach incidents that put user data in the hands of anyone in the world. And if you add up all the user accounts affected by them, the total is in the billions. If you were a citzen of China, Russia, and even Canada, how would you feel about these events?

As indignant as U.S. lawmakers want to be, the truth is TikTok is no where close to being the villain that American social media companies have been for more than a decade.

As indignant as U.S. lawmakers want to be, the truth is TikTok is no where close to being the villain that American social media companies have been for more than a decade.

Every American social media company has a history of data breaches and misuse. And every American operating system has had vulnerabilities that expose user data to anyone in the world capable of getting it.

The problem is far bigger than TikTok, so let's stop pretending TikTok is the only bad guy. Let's stop treating the symptoms, and so something about the actual disease.

Let's stop pretending TikTok is the only bad guy. Let's stop treating the symptoms, and so something about the actual disease.

The Real Solution is Data Sovereignty

So far all of the bills and rhetoric regarding TikTok have been all sizzle and no steak.

The only solution to the global problem of data misuse is internationally recognized data sovereignty.

By law, all software — including operating systems, internet routers, productivity software, gaming software, social media platforms, money transfer software, etc. — should keep all data in the country the data originated in.

When data does cross international borders, it must do so according to the conditions of treaties the nations have agreed to for data exchange.

Ideally, most (if not all) countries would sign onto the same treaty — say "The Global Data Exchange Treaty of 2023". But one size doesn't fit all. Some countries will want their own rules for the data generated in their country — data concerning their residents and citizens.

And that's their right as a sovereign nation.

Just as international and domestic laws govern the travel of people between countries, the travel of their data between nations likewise needs to conform to international laws.

The Obstacle: American Politics

It is glaringly obvious that data sovereignty is the right approach for protecting nations and their individual citizens, nevertheless, the status quo in the tech industry will likely misrepresent data sovereignty and fight it — and you can understand why.

Tech companies would have to spend a lot of money reengineering their products to conform to data sovereignty laws. And they would have to set up data centers in every country that uses their product (unless a data exchange treaty allows otherwise).

Consequently, big tech could conceivably deploy armies of lobbyists — and spend heavily in campaign contributions — to influence both major political parties away from data sovereignty.

This would result in politicians giving voters the appearance of addressing the problem with symptomatic treatments, rather than actually trying to heal the metastasizing cancer of international data misuse.

But a data sovereignty act, with its accompanying data exchange treaties, would do a LOT more than just fix TikTok, Facebook, Instagram, YouTube, etc. Data sovereignty also addresses most scams and ransomware.

The Death of International Phone and Text Scams

Nearly all ransomware, phone scams, text scams, phishing, etc. comes from bad actors outside the United States. They operate with impunity because they are extremely hard for the U.S. to find and prosecute.

Data sovereignty done right would virtually (pun intended) stop ransomware, phone scams, text scams, phishing, etc. from outside the United States.

For example, right now companies in India, Russia, etc. buy up thousands of U.S.-based phone numbers, and use those numbers to robocall Americans.

A Data Sovereignty Act would require all U.S.-based phone numbers to be owned by individuals and companies with physical addresses in the United States. Those numbers must also be secured by valid credit cards so fines can be levied and paid. And cards on file would be required to be robo-tested periodically to assure they are still valid. The moment a card stops being valid, it would be blocked by all telecom companies in the U.S. so the phone number would be useless in the United States.

Moreover, a person in America with a social security number (or an organization in America with an IRS EIN) must be on file as the responsible party for each telephone number, so that the U.S. has someone to prosecute should a number be used for illegal activity.

Bam! Suddenly spam and scam phone calls and text messages are pretty much history.

And this is not just a matter of convenience; lives depend on this.

On March 29, 2023, hoax calls from outside the United States were made to 13 different schools in Utah claiming students had been shot and the gunman was still on campus.

Chaos ensued. Law enforcement responded and evacuated schools. Children, parents, teachers, staff and administrators were terrified.

And some of those people were also armed.

In a state of heightened alarm, there is a possibility that someone could get hurt or killed.

This could be solved, if we could just get politicains to act.

The Death of Ransomware

For the last 12 years and in all 50 states, ransomware attacks close schools, postpone chemotherapy, sideline ambulances, shut down hospitals and medical clinics, derail national supply chains for gas, oil, and food — while Republicans and Democrats in office ignore the problem.

In Alabama, ransomware hackers shut down hospital computers in an extortion attempt. Because hospital computers were down, a team delivering a baby did not know the baby's vitals. Had the computers worked, the team would have known the umbilical cord was wrapped around the baby's neck and they would have performed a c-section to save the baby.

Since they did not know, the baby was born with severe brain damage due to lack of oxygen, and died after it was born.

You could argue that ransomware killed that infant, but I would say Congressional neglect did.

You could argue that ransomware killed that infant, but I would say Congressional neglect did.

Ransomware has actually always been fairly simple to solve; the problem is our elected officials have just been too distracted and incompetent to fix it.

Ransomware has actually always been fairly simple to solve; the problem is our elected officials have just been too distracted and incompetent to fix it.

The first ransomware attack happened in 1989 when a guy mailed infected floppy disks to attendees of a conference. The software was effective enough, but the payments were easily tracked back to him. He was arrested, and other would-be extortionists got the message.

Enter bitcoin, the currency of crime.

During the Obama administration, the rise of cryptocurrency enabled extortionists to get paid without getting caught. Accordingly, ransomware attacks on Americans and American organizations — especially from overseas — spiked.

During the Trump administration, ransomware attacks leaped 1,100%, yet no one in office did anything substantive — including during the two years when Republicans controlled the White House, the Senate, and the House.

During the Biden administration a ransomware attack on the Colonial Pipeline in May 2021 shut down one of the largest and most vital oil pipelines in the U.S. for six days, destabilizing oil prices and forcing President Biden to declare a state of emergency.

While authorities did some impressive forensic work and recovered about $2.3 million of the $4.4 million in bitcoin that was paid as a ransom, the USA never really took preventative action to protect American national security going forward in terms of ransomware.

Laptop displaying a pirate flag / jolly roger on a red screen, possibly indicating malware, hackers or a different computer problem. If you like that image, consider donating at https://sharethemeal.org/donate - thanks!
Photo by Michael Geiger / Unsplash

How do we stop ransomware attacks?

  1. Take away the monetary reward for ransomware.
  2. Make it easy for authorities to catch the bad guys.
  3. Hold organizations accountable for sloppy cybersecurity.

The Data Sovereignty Act of 2023 would:

  • Require that all data remain in its country of origin, and only move between nations as defined by treaties those nations have signed.
  • Ban domestic trading and mining of cryptocurrencies by any parties not registered with the SEC, complete with tax identifiers, the names of people involved, and their physical addresses.
  • Forbid the trading of cryptocurrencies between parties in the United States and parties in any nation that does not have a crypto-pact with the U.S. that includes the extradition of cyber-extortionists, terrorists, and other accused criminals.
  • Insist that all international cryptocurrency trades occur only between entities and people registered to trade cryptocurrencies in their respective countries. Registration must include names, tax ids, and physical addresses so that law enforcement has a fast, clear path to arrest all bad actors.
  • Require reglulations defining federal standards for server and network security be updated annually.
  • Require federal inspections of network infrastructure. Just like bridges, buildings, and other physical infrastructure are subject to government regulation and inspection, cyber-infrastructure should be as well.
  • Mandate that all organizations involved in data breaches that put citizen data into the wild (including government organizations) be investigated by the FBI. When the findings are ready, the organizations must be given an opportunity to respond (a.k.a. due process), then appropriate fines need to be applied.

    Organizations can either pay now to keep Americans safe, or they can pay much more in fines later for failing to do so.
  • Require all U.S.-based phone numbers to be owned by individuals and companies with physical addresses in the United States, and secured by valid credit cards which are robo-tested periodically to assure they are valid.
  • Require that all U.S.-based phone numbers have a person or organization in America on file as the responsible party.

Of course, just as the tech industry will try to influence lawmakers with lobbying and campaign donations to preserve the status quo, cryptocurrency speculators and money launderers will fight to keep the status quo as well.

They will spin the reforms as if freedoms are being taken from Americans.

It's a lie, of course; data sovereignty *GIVES FREEDOM* to Americans — including the freedom to safely own and use their own property, the freedom do business in America, and freedom from harrassment and international extortionists.

Besides, freedom isn't only about protecting private liberties.

The Declaration of Independence says, "for the public good".

And the Constitution says, "promote the general welfare".

The Data Sovereignty Act of 2023 is for the public good, and it promotes the general welfare of American citizens and organizations. It is the right thing to do.

We just have to somehow make our highly-partisan elected representatives see this is a priority, and then encourage them to have the political will to take holistic action to protect national and personal security — despite the special interests of the tech and crypto industries.

I hope you will consider sharing this, and voicing support for a Data Sovereignty Act of 2023.

Thanks for listening.

Gunalchéesh.

p.s.

After I wrote and posted this essay, I read that TikTok has already begun to engineer its data as I specified in my essay. They call it "Project Texas". TikTok intends to keep all USA data in the USA.

“We are ahead of the curve on data localization,” said TikTok CEO Shou Zi Chew. “No company organizes data like this.”

But all should.

Thanks again for listening.

Gunalchéesh Háw’aa.