Security challenges loom as EU Parliament prepares TikTok campaign for elections

Content-Type:

Analysis Based on factual reporting, although it Incorporates the expertise of the author/producer and may offer interpretations and conclusions.

[Euractiv illustration by Esther Snippe, Photos by EPA/Shutterstock]

The European Parliament’s plan to use TikTok in campaigning for the June EU elections, despite prior cybersecurity bans, raises questions about its secure implementation as specifics regarding the Parliament’s approach remain undisclosed.

At the start of February, Euractiv reported that the Parliament is preparing to use TikTok in the election campaign even though the European Commission and Parliament banned the application from corporate devices last year due to cybersecurity concerns.

Euractiv also reported the first ban in March last year when the IT service requested the Commission’s staff to uninstall TikTok from corporate devices. The European Parliament followed suit a few days later.

The app was banned from corporate devices because those also store contacts from the Commission, or photos and documents, Valentin Weber, senior research fellow in the German Council on Foreign Relations’ (DGAP) Center for Geopolitics, Geoeconomics, and Technology, told Euractiv.

While the Parliament did confirm it is planning to use TikTok, it did not provide specifics about how it intends to do so in a cybersecurity-friendly way.

How could the Parliament securely use TikTok?

According to Weber, the first step to making the usage of TikTok safe would be to buy a new, “clean” phone that is used only for TikTok. He stressed that using a personal phone would be “just as bad” as using a corporate device.

According to the Associated Press, this is what US President Joe Biden’s campaign does in the US – by utilising a dedicated TikTok-only cellphone to keep the app isolated from other communications, besides implementing other measures.

Ahead of the November US elections, Biden recently joined TikTok, a decision that seems to divide Americans, via an account run by Team Biden-Harris, even though federal employees and state employees in several US states have been prohibited since last year from using the app on government devices.

Following the advice of the Financial Times‘ cybersecurity team, journalist Cristina Criddle also switched to a “dummy phone”, reserved only for the usage of the Chinese-owned social media, after finding out from a New York Times article at the end of 2022 that she was spied on by the app.

“The second requirement would be not to use any infrastructures of the European Parliament. That means you can’t use the Wi-Fi network in European Parliament buildings,” explained Weber.

The Parliament is planning to make sure this is the case.

“The Parliament’s envisaged institutional presence can be achieved without using the European Parliament’s infrastructure or devices. Several options allow the Parliament to fully respect the decision on network security while assuring its presence on the social media TikTok,” a spokesperson explained.

Since the ban on corporate devices for the Parliament’s staff will be still in place, the app most likely will not be installed on official phones.

“There will not be changes to the decision on network security. This will continue to be assessed,” the spokesperson added.

But even a blank phone without connection to Parliament Wi-Fi could pose risks.

“It’s not just about the data that [the phone] has, but also what the phone can do. It can record audio; it can record video. So, you couldn’t use it in closed-door meetings, you couldn’t use it on the campaign trail where the candidate says something, or where there’s potentially compromising information being discussed,” Weber explained.

“If EU staffers were to attend a confidential meeting with their private phones and TikTok installed on them, that would pose a similar risk”, he added.

Recording something on such locations “could already be too risky”, he said, adding that “the only safe thing to do is to cross-post from other platforms, from a location where nothing confidential is being discussed”. Cross-posting refers to sharing the same content across multiple social media platforms.

“You can’t just pick one of these” requirements, all of them must be in place to ensure the secure use of the app.

“I think it’s a pain to do all these things. People probably won’t follow all these security regulations at all points – if these regulations are even in place,” the expert added.

Exclusive: European Parliament will use TikTok for EU electoral campaign despite ban

The European Parliament is preparing to use TikTok during the upcoming election campaign despite EU institutions banning it from corporate devices last year due to cybersecurity concerns, the press service confirmed to Euractiv.

Security risks

Weber explained that TikTok security concerns are linked to fears of espionage by the Chinese government.

“They would have a possibility to snoop on the device. We don’t have that risk with Instagram”, another platform, based in the US, on which the Parliament is present. Weber explained that the US does not “have such a sway over the private company as the Chinese Communist Party has”.

No specific evidence has been presented on TikTok’s links to the Chinese government, and the platform’s representatives have steadily denied such connections, but some suggest that evidence of links with Bejing exists.

However, Weber said, in terms of privacy “other apps are not much better to use” either.

Preventing disinformation

Yet, the expert believes it makes sense for politicians and institutions to join the platform to campaign and reach their audience. “You have different kinds of bubbles on TikTok and on X. The best is, of course, if you reach all of them”.

“Millions of young citizens, many of them possible first voters, use this platform [TikTok] to get information about those topics they are interested in,” a Parliament spokesperson noted as well.

A recent Washington Post article about a report by the New York University also pointed out that TikTok has become more influential in politics since 2020.

“We welcome political institutions on TikTok, particularly in the run-up to the elections. 142 million people across the EU come to TikTok every month,” a TikTok spokesperson told Euractiv.

“Verified accounts belonging to politicians and institutions provide the electorate with another route to access their representatives and additional trusted voices in the shared fight against misinformation,” the spokesperson added.

The Parliament’s communication department aims to “promote reliable content” on TikTok about the Parliament’s work and impact. It also wants to be able to “respond to content aimed at spreading disinformation” against the Parliament and EU parliamentary democracy, the Parliament’s press service told Euractiv.

“Pre-empting disinformation narratives proposing factual and trustworthy information for citizens to refer to is of essence to increase societal resilience and even more important a few months before the European elections,” the spokesperson said.

Following TikTok, Meta announces 2024 EU election preparations

Following TikTok, Meta also announced on Monday (26 February) its preparations for the upcoming EU elections, focusing on combating misinformation and countering the risks posed by Artificial Intelligence.

Blind spots in election analysis

“Before 2020, there was so much accountability and so much pressure because of the Cambridge Analytica scandal. There was so much opening up by platforms”, Katja Muñoz, also a research fellow at the DGAP, told Euractiv, “We had access to data to some extent”.

“And then things changed two years ago,” she said, explaining that several platforms, such as X, dismissed its employees, many of them working in areas related to safety, and so  “people started closing up data access as well”.

This is why, while in 2024 “we are very much aware of potential dangers”, researchers are also “very blind when it comes to the elections” without free access to Twitter API, for example, which “was one of the best APIs available”, Muñoz noted, referring to the application programming interface.

Earlier this month, the ByteDance-owned platform announced that in preparing for the EU elections, they are launching an in-app local language Election Centre for each member state as part of tackling disinformation, among other measures.

Meanwhile, Parliament seems to have other worries related to cybersecurity, as, according to Politico, an internal email revealed that Parliament’s defence committee was the subject of phone hacking. This follows insiders’ opinion that the EU institution’s cybersecurity is not ready for the elections and the accompanying possible attacks.

“Security measures would have to be in place. But will you leave the most popular platform right now for others to play around and influence?” asked Muñoz.

[Edited by Zoran Radosavljevic]

Read more with Euractiv

Subscribe to our newsletters

Subscribe