NJ Prohibits TikTok, Other High-Risk Software on State Devices
This week Governor Murphy announced the issuance of a State cybersecurity directive to prohibit the use of “high-risk software and services,” including TikTok, on State provided or managed devices. This new directive will apply to all departments, agencies, boards, bodies, commissions, and other instrumentalities of the Executive Branch of the New Jersey State Government.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) will maintain a list of technology vendors, software products, and services that present an “unacceptable level of cybersecurity risk to the State.”
Under the new directive introduced this week, all State agencies must:
- Remove any of the software referenced on the NJCCICs list from State-owned, provided, or managed software.
- Implement network restrictions to prevent the use of, or access to, prohibited software listed by the NJCCIC.
- Implement measures to prevent the installation of any listed high-risk software on State-owned or managed technology.
- Develop and implement plans to combat risk associated with high-risk technology and create cybersecurity awareness and training programs.
The directive does note that agencies may have public health, safety, welfare, or other “compelling State business and public interest” reasons for using the prohibited software – such as social media campaigns on TikTok which have proven effective in reaching the younger generation on health and safety measures.
In such cases, the agencies would be required to submit an “exception request” to the NJCCIC. If the NJCCIC determines the agency has provided “compelling justification for their communications or outreach work,” they may receive approval to use one or more of these prohibited technologies on a device not connected to a secure State network, along with risk mitigation instructions.
Prohibited Software Vendors, Products, and Services as of January 9, 2023:
- Huawei Technologies
- Zhejiang Dahua Technology Co., Ltd., also doing business as Dahua
- Hangzhou Hikvision Digital Technology Co., Ltd., also doing business as Hikvision
- Tencent Holdings LTD, including but not limited to: WeChat, QQ, QQ Wallet
- Alibaba products, including but not limited to: AliPay, Alibaba.com Mobile Apps
- ZTE Corporation
- ByteDance Ltd., including but not limited to TikTok
- Kaspersky Lab
TikTok is a popular short-form video-sharing and social networking app owned by the Chinese technology company, ByteDance. There have been national security concerns about user data the Chinese government might require ByteDance to provide.
Analysis of various versions of TikTok has been found to collect keystrokes of users, make various screen captures every few seconds, access data from the phone’s clipboard, and collect the unique Media Access Control (MAC) address of the device, among other user-information.
The data may include passwords and other sensitive information – not only entered while using the TikTok app, but also from other apps used on the device, such as email, text, eHealth apps, and more.
Due to these concerns, the US Department of Defense, various federal agencies, state governments, corporations, and governments worldwide have banned TikTok from being installed on their devices.
The NJCCIC will continually monitor and update the Prohibited Software and Services Vendors and Products List and post it to the NJCCIC website.
For updates, subscribe to our free newsletter!
Morristown Minute has been approved for the 2022 Local News Fund!*
Improve mental health accessibility in our town! Donate to Morristown, NJs local mental health accessibility fund today!
*The 2022 Local News Fund is a program administered by the Local Media Foundation, a 501(c)(3) organization affiliated with the Local Media Association. The program’s purpose is to allow independent and family-owned news organizations to solicit tax-deductible donations from their communities for journalism projects focusing on critical local issues. Contributions to this program are tax-deductible to the full extent of U.S. law; please consult a tax advisor for details.