The state of Maryland on Tuesday banned the use of TikTok and other Chinese and Russian products by state agencies, citing reporting by NBC News about hackers linked to the Chinese government stealing millions in Covid benefits from state governments in the U.S.
In announcing the emergency directive, the state said the entities “present an unacceptable level of cybersecurity risk to the state, and may be involved in activities such as cyber-espionage, surveillance of government entities, and inappropriate collection of sensitive personal information."
“There may be no greater threat to our personal safety and our national security than the cyber vulnerabilities that support our daily lives,” said Gov. Larry Hogan, a Republican. “Maryland has taken bold and decisive actions to prepare for and address cybersecurity threats. To further protect our systems, we are issuing this emergency directive against foreign actors and organizations that seek to weaken and divide us.”
The directive from the state’s chief information security officer applies to the TikTok, whose parent company, ByteDance, in based in China; Huawei and ZTE, both makers of cellphones and telecommunications technology; the online retail giant Alibaba and payment platform Alipay; the message app WeChat; and Russia's Kaspersky, which makes security software. Agencies are required to remove these products from networks and prevent their use.
In a statement, a TikTok spokesperson said, “We believe the concerns driving these bans are largely fueled by misinformation about our company. We are always happy to meet with state policymakers to discuss our privacy and security practices. We are disappointed that the many state agencies, offices, and universities that have been using TikTok to build communities and connect with constituents will no longer have access to our platform.”
Kaspersky declined to comment. The other companies did not immediately respond to requests for comment.
In the past, Alibaba and Alipay have declined to comment about accusations of being national security risks. WeChat has denied being a national security risk.
In issuing the directive, state officials referred to both FBI Director Chris Wray’s statement that TikTok poses a security threat, and an NBC News report on Monday that, according to the Secret Service, a hacking group known as APT41 and linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration money and unemployment insurance funds in over a dozen states.
The theft of taxpayer funds is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly, but may just be the tip of the iceberg, say U.S. law enforcement officials and cybersecurity experts.
Last month, the Biden administration banned approvals of new telecommunications equipment from Huawei and ZTE because of an alleged risk to national security.
At that time, ZTE said, “At no time has the United States government identified any specific, addressable concerns with regard to products that ZTE sells in the United States or instances in which ZTE products have been used to impair either U.S. security or consumer privacy.” Huawei declined to comment.
Also in November, the state of South Dakota banned the use of TikTok by state agencies.