The Texas Department of Information Resources and the Texas Department of Public Safety have published their outline regarding the use of prohibited applications on state agency devices, personal devices for those who work in the Texas government, and when entering secure locations and accessing state networks. “This plan applies to all state agencies and institutions of higher education (IHEs), including their employees, contractors, interns, or any users of state-owned networks. Each agency is responsible for the implementation of the plan as outlined in this document, including any changes to meet specific agency needs,” stated the new plan.
Governor Greg Abbott banned TikTok from all state agency devices back in December and gave TxDPS and TxDIR a deadline in January to create a model plan that Texas agencies will implement.
“The security risks associated with the use of TikTok on devices used to conduct the important business of our state must not be underestimated or ignored,” said Governor Abbott. “Owned by a Chinese company that employs Chinese Communist Party members, TikTok harvests significant amounts of data from a user’s device, including details about a user’s internet activity. Other prohibited technologies listed in the statewide model plan also produce a similar threat to the security of Texans. It is critical that state agencies and employees are protected from the vulnerabilities presented by the use of this app and other prohibited technologies as they work on behalf of their fellow Texans.”
Texas already has passed the Lone Star Infrastructure Protection Act which gives the state the ability to prohibit Texas businesses from entering into contracts with foreign-owned companies in relation to the state’s critical infrastructure that would allow a company access or remote control to the state’s critical infrastructure. Specifically, companies owned by the majority of stockholders of, citizens of, or headquartered in, China, North Korea, Iran, and Russia.
This plan outlines how Texas officials are to navigate personal devices when conducting state business. Other states and institutions of higher education are banning TikTok from devices after concerns that the Chinese government is accessing American user data, information, and influencing Americans which threatens the national security of the United States.
The model plan that the TxDIR came out with focuses on keeping banned applications like TikTok off state agency devices, secure locations, network servers, and how government employees should do in regard to their personal devices.
In the new plan, the objectives outlined are:
- No banned technology, like TikTok, can be downloaded on any state-issued devices such as phones, laptops, computers, or any device that connects to the internet.
- Agencies must remove prohibited applications immediately, and work on prohibiting those applications from being downloaded.
- Create firewalls to prevent prohibited applications from being downloaded on local networks and Virtual Private Networks.
- Restrict access to app stores
- Be able to wipe compromised devices
- No state business can be conducted on compromised or personal devices with banned technology on them.
- If a personal device must be used for some reason, they cannot have banned technology on them.
- Being able to wipe state-related business from the device
- Technological prohibited devices cannot enter into locations or meetings regarding state business.
- Network-based restrictions on prohibited technologies from getting on state-issued devices, networks including local networks, WAN, and VPN. Personal devices with prohibited technology cannot access the state’s and state agencies’ networks.
- Be able to prohibit other technology providers as necessary that threaten the state’s information and infrastructure.
Texas agencies have a deadline of February 15th to create a policy plan for their agency
The federal government has already banned TikTok from agency devices, and the committee on foreign investment in the United States is in negotiations with TikTok regarding national security issues raised about how the company handles American user data and information.
TikTok has come out with Project Texas as a way to work with the US government and American companies. “The broad goal for Project Texas is to help build trust with users and key stakeholders by improving our systems and controls, but it is also to make substantive progress toward compliance with a final agreement with the U.S. Government that will fully safeguard user data and U.S. national security interests,” said the CEO of TikTok, Shou Zi Chew.
Project Texas shows that TikTok is taking measures that would protect and isolate American user data with the American company Oracle, which will regulate and store American data. There are many complicated measures that TikTok will undergo, including security regarding videos from people outside the United States, and how to protect user data from vulnerabilities that the US government has expressed TikTok has. “100% of U.S. user traffic is now being routed to Oracle Cloud Infrastructure,” said TikTok’s CEO. “We are still using our U.S. and Singapore data centers for backup, but as we continue our work to deliver on U.S. data governance, we expect to delete U.S. users’ protected data from our own systems and fully pivot to Oracle cloud servers located in the U.S.”
In the state of Texas, these are the current banned technologies, applications, and companies from Texas networks, devices, and higher education:
Prohibited Software/Applications/Developers
- Alipay
- ByteDance Ltd.
- CamScanner
- Kaspersky
- QQ Wallet
- SHAREit
- Tencent Holdings Ltd.
- TikTok
- VMate
- WeChat Pay
- WPS Office
- Any subsidiary or affiliate of an entity listed above.
Prohibited Hardware/Equipment/Manufacturers
- Dahua Technology Company
- Huawei Technologies Company
- Hangzhou Hikvision Digital Technology Company
- Hytera Communications Corporation
- SZ DJI Technology Company
- ZTE Corporation
- Any subsidiary or affiliate of an entity listed above.