Legislatures Just Plain Don't Get It:
Two Silly
Responses to Serious Problems: Part 1: Banning TikTok
source:
https://chihuahualiscious.com/is-peanut-butter-safe-for-your-chihuahua/
Mmm... Peanut Butter... Mmm...
One topic that seems to get all politicians blood boiling these days is the TikTok. Several states have banned TikTok, as have several universities. For those who not see TikTok ads on their Microsoft Solitaire feed, TikTok is best described as:
TikTok is a video-sharing app that allows users to create and share short-form videos on any topic. It’s mainly mobile-based, although you can still watch TikTok videos using the web app. The platform allows users to get creative with their content using filters, stickers, voiceovers, sound effects, and background music. ... According to the latest TikTok stats, the app has been installed 3 billion times. It also boasts 1 billion active users on a monthly basis.
According to CNN, over half the states have enacted some type of ban on TikTok from all state owned and or used devices. In December 2022, the cable news giant reported that: "at least seven states have said they will bar public employees from using the app on government devices, including Alabama, Maryland, Oklahoma, South Carolina, South Dakota, Utah and Texas. January 2023, CNN followed up on the topic of TikTok bans:
More than half of all US states have partially or fully banned TikTok from government devices, according to a CNN analysis, reflecting a wave of recent clampdowns by governors and state agencies targeting the short-form video app. ...The accelerating backlash by states against TikTok, which has at least 100 million users in the United States, extends to states governed by Republicans and Democrats, and spans all regions of the country.
The beef that pols of all stripes have with TikTok is based on a June 17, 2020, report by Buzzfeed News. Buzzfeed reported that:
According to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users — exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.
Public schools and universities have followed suit with bans of TikTok on their campuses and in their classrooms. January 2023, Seattle public schools filed a lawsuit against not only TikTok, but a sweeping gamut of social media websites — maybe all of Big Tech. "The district is claiming that YouTube, Facebook, TikTok, Instagram, and Snapchat have caused financial and operational harm because of their addictive nature."
Following Seattle schools, Kent, WA school district joined the suit. The Complaint (a pdf of the filed Complaint will open) itself makes the case that the whole effort is just plain silly when you consider the all proposed bans from within the paradigm of Zero Trust.
Youths are central to Defendants’ business models. Youths are more likely to have a phone, to use social media, and to have downtime to spend on Defendants’ social media platforms. Plus, youth influence the behavior of their parents and younger siblings.
And there you have it. The culprit is really the ubiquitous
SmartPhone. The same type of device that "South
Korea's Ministry of National Defense [that had banned] its employees from
using the smart phones inside of the ministry's building in a bid to
prevent military data leaks." South Korea's cellphone ban came
in the wake of the "Dark
Seoul”
attack of 2013 (an indepth report in pdf by McAfee
will open.) For a brief summary of the attack,
see Wikipedia article.
Congress recently passed
a TikTok ban of its own,
and President
Joe Biden has signed the ban into law.
The ban prohibits the use of TikTok by the federal government’s nearly 4 million employees on devices owned by its agencies, with limited exceptions for law enforcement, national security and security research purposes.
I find this incredibly ironic, since it is the Federal Government in
concert with a handful of tech giants to
enact Zero Trust across the entirety of Uncle Sam's networks.
One of the main tenants of
Zero Trust is that the "network has no boundary."
Or, as I like to say, there is only one network and we all connect to
that one network. One basis for this lack of trust in the security
of all networks is the notion of
Lateral Movement.
Let me offer a very likely
scenario. Daddy Oh, Senior, works for Uncle Sam. During the work
day, Daddy Oh occupies a desk at the
Department of Redundancy Department (DRD).
And, being a citizen intent on clean living, Daddy Oh would never indulge
himself in any kind of social media. Daddy Oh, Junior, however,
spends almost all waking hours watching
Chihuahuas eat peanut butter on various social
media websites, especially TikTok. Daddy, Sr, has a government job; a fat salary; and
really nice and fully wired abode in Alexandria, VA. When Daddy,
Sr., walks into his 21st c. home, and immediately connects to
the home wifi that Junior also connects to in order to enjoy an ever growing
series of videos of dogs consuming PB on TikTok, Senior checks his email
with his WiFi connected phone. Within seconds,
if indeed Chinese hackers have
C2 of Junior's smartphone via TikTok,
then
lateral movement across the Wifi will also
compromise Senior's phone.
Lateral
movement refers to a type of movement through a network. In the way that
crawling, running or dance are movement forms that we might engage in,
lateral movement is a type of movement that hackers engage in. Lateral
movement refers to a means of moving through a system...
Once hackers have moved
through your system via lateral movement, they often aim to increase
their privileges. Hackers’ primary objectives often include accessing
information or IT platform credentials. With more access, hackers can
steal a greater quantity of information and/or create havoc in a way
that is optimally profitable for them.
Our smartphones possess greater computing power and better connectivity than the systems that landed on the moon in the 1970s. A recent Adobe article in a series called The Future of Work stated the fact well.
Ever faster, technology advances at warp speed and computing power grows exponentially. Especially in our hyper-connected digital world, we are continuously reminded by the annual release of increasingly impressive smartphones one-upping previous models with new features, more speed, and greater capabilities.
In this scenario, there is a high likelihood of the compromise of DRD
servers when Senior returns to his comfy office and his cushy government
job. Federal agencies are no more likely to patch than any other
type of entity.
Orders can come down from on high.
The muckety-mucks can offer their guidance to the agencies.
These agencies are not, however, made up of super heroes with red capes
and magic powers.
The admins at these agencies face all the same problems with
patch management as do their counterparts in the private sector, and
also for as long a time.
Network segmentation not withstanding, federal
agencies still suffer cyberattacks. Plus,
stealth malware does exist. Zero Trust is not
fully implemented anywhere. Thus, Junior's use of TicTok in the home can
put at risk Junior's parents security and that of the parents'
employers. And that would include the Federal Department of
Redundancy Department.
When the solution to a problem is to simply say: "Problem, please go away."
the solution trivializes the serious nature of the problem. And
don't any of these lame pols have teenagers themselves? Anyone who
has ever worked with teens knows the best way to get a kid's interest in
something is to forbid that certain something. Furthermore,
banning one of the millions of servers on the Internet is not really
possible. To motivate someone to do something in our Capitalist
society requires convincing and cajoling. "Thou shalt not"
simply does not work at any time and in any place.
More to the
point — and here my example is cigarette smoking — if it's so bad how
come Mom and Dad still do it. It was an intense and never ending
Public Relations campaign that targeted all segments of American society
with endless streams of Public Service
Announcements; realistic education about the real health risks
associated with cigarette smoking; and the coming clean by tobacco
execs themselves that reduced the number of adults and teens smoking cigarettes —
only to be replaced by fruit flavored
nicotine vapes.
Children will always mirror
their parents behavior. It is also, quite unfair to place the
burden of enforcing Zero Trust only on the Kids. There is a
now famous story about
Mahatma Gandhi that has been retold so often now
that the incident has reached the status of myth. The story does,
however, instruct all adults or anyone on how to change a child's or
anyone's behavior. The story is often told two ways, with two
questionable, but similar, behaviors: eating sugar; or eating
chocolate
A woman walks with her son many miles to see Gandhi. She is
worried her son is eating too much sugar
(chocolate) sugar. She asks Gandhi: “Please, sir,
can you tell my son to stop eating sugar (chocolate).”
Gandhi says, “Bring
him back in two weeks.” Disappointed, she takes her son home.
Two weeks later she makes the long journey again. Gandhi says to the
boy, “you must stop eating sugar (chocolate). It’s very bad for you.” The boy has
such respect for Gandhi that he stops and lives a healthy life. The
woman is confused and asks, “Why did you want me to wait two weeks to
bring back my son.”
Gandhi said, “Because before I could tell
your son to stop eating sugar (chocolate). I had to stop eating sugar
(chocolate) first.”
Now, I don't tik. And I don't tok. And I don't date girls that tik or tok. I live my life to the strict code of Homer and Jethro. And I am pretty sure that that strict moral code does not allow for any tikkin' or a tockkin'. Probably chocolate is OK, though. But that's just me.
A-rootie-toot-toot a-rootie-toot-toot
Ah we are the boys
from the boy scout troop
We don't smoke and we don't chew
And we don't go
with the girls that do
— The Battle of Kookamonga, (Jimmy
Driftwood, J.J. Reynolds), Homer and Jethro
pure poetry
source:
https://genius.com/Homer-and-jethro-the-battle-of-kookamonga-lyrics
¯\_(ツ)_/¯