Amazon sent a jolt through the debate over the trustworthiness of TikTok on Friday. CNN’s Brian Fung and Zachary Cohen obtained a copy of an Amazon corporate memo telling employees to remove the TikTok social video app from any device that could access the company email system. The memo cited “security risks.”
Then, Friday afternoon, an Amazon spokesperson told The Verge‘s Casey Newton that the memo was “sent in error.” A TikTok spokesperson responded to Fast Company by pointing to the Amazon statement.
Whether Amazon meant to send the email or not, someone at the company still typed out a statement saying the company believes TikTok poses a security threat. And even the possibility that Amazon considered banning it for its workers is a new twist in an ongoing TikTok scare.
A number of lawmakers have sounded off on the potential security threat of TikTok this year. TikTok is owned by Beijing-based ByteDance, which is said to have close ties to the Chinese government. The loudest and most persistent warnings have come from GOP lawmakers—hawks like Missouri Senator Josh Hawley and Texas Senator Ted Cruz, whose reasons may be more about politics than security.
Any move by Amazon wouldn’t be political. “Amazon is very savvy in regards to security,” says analyst Patrick Moorhead of Moor Insights and Strategy. “I would surmise that the company sees some odd behavior in the app that could breach corporate security.”
Nor does Amazon have a competitive reason to make trouble for TikTok. Facebook or Google might be deeply envious of TikTok and want to copy it, but probably not Amazon, a company whose business revolves around selling consumers stuff rather than monetizing social experiences.
The memo—accidental or not—comes at a sensitive time in the TikTok debate. Secretary of State Mike Pompeo said in a Fox News interview early this week that the Trump administration is considering banning TikTok in the U.S. As The Verge’s Adi Robertson points out, there’s no real basis in the law for banning an app nationwide, but the Trump administration could work through the Committee on Foreign Investment in the United States (CFIUS) to move TikTok to restructure in a way that distances it from the Chinese government.
A number of government agencies have already banned TikTok on devices they issue.
A number of government agencies, including the State Department, Transportation Security Administration, Department of Homeland Security, the Navy, and the Army have already banned TikTok on devices they issue.
TikTok says it operates as a self-contained company with servers in the U.S. and backup servers in Singapore. It’s been quick to cooperate with security experts that have found security vulnerabilities in its app. On Thursday, when surprising news came down that the TikTok app was able to access data on a host device’s clipboard, the company said it did so as an anti-spam measure and would remove that capability via an update.
Still, leaked moderation guidelines last September indicated that TikTok was inclined to remove content that the Chinese government found offensive.
And there is ample evidence that the Chinese government has actively sought opportunities to obtain trade secrets and data from U.S. rivals. Chinese companies sometimes make the transfer of intellectual property a condition of deals with Western companies, then share the IP with the government. There is also evidence that the Chinese have been behind cyberattacks on U.S. companies.
If the Chinese government was able to compromise the Amazon Web Services cloud computing platform, for example, it could gain access to the data of some of the largest U.S. companies. To the Chinese it might be as valuable a goldmine as any haul of military intel it might nick from the government. To Amazon and the U.S., it would be catastrophic.
None of this proves that TikTok is up to anything nefarious. It only raises the chances that the U.S. government will decide that the app’s simple joys aren’t worth the potential security risk.