California Legislators go after Cyberattacks
This week, California legislators started to evaluate potential bills that, if enacted, would prohibit California state employees from installing social media applications from “countries of concern” onto state-owned or state-issued devices such as cell phones, tablets, or computers. One such application that would be impacted by the legislation, if enacted, is China-based social media app TikTok.
On January 11, California State Senator Bill Dodd (D-Napa) and California Assembly-member Kate Sanchez (R-Rancho Santo Margarita) introduced Senate Bill 74 and Assembly Bill 227 in their respective bodies. Though similar in goal, to prevent malicious cyberattacks on California’s information security infrastructure, the two bills differ slightly. Sen. Dodd’s bill would prohibit the state's nearly 300,000 employees from downloading all high-risk social media applications, including but not limited to TikTok. The text of the senate legislation did not mention any apps by name, but placed the ban on apps that are operated by “an entity or country of concern.” Assemblymember Sanchez’s bill specifically directly names TikTok and any other program developed by its parent company ByteDance as prohibited applications. Foreign governments have accused ByteDance of being used to spy on and steal users’ data. Additionally, AB 227 overtly prohibits the installation and use of apps operated by a list of countries of concern, including China, Cuba, Iran, North Korea, Russia, and Venezuela.
Such legislation is not a novel concept. On the federal level, in 2019, the United States military banned employees from installing TikTok on government-issued devices. Three years later, President Biden signed a spending bill into law that prohibits the use of TikTok by federal government employees on agency devices.
With both California bills, both Sen. Dodd and Assemblymeber Sanchez seek to prevent cyberattacks, similar to the one that occurred on the California Department of Finance in December 2022. Initiated by LockBit Ransomware, the extent of damage conducted by hackers in that specific cyberattack is still unknown.
Though both bills are in their early stages of development, it is clear that California state employees would still be able to install and use apps such as TikTok on their own personal devices.