TOPEKA – Today, Governor Laura Kelly signed Executive Order #22-10, which bans the use of the social media platform TikTok on all state-owned devices for Kansas executive branch agencies, boards, and commissions and their respective employees, and prohibits access on the state network. This order is in response to the national security and privacy risks posed by TikTok, whose parent company is a Chinese-owned company subject to Chinese government requests for data, technology, and other intellectual property.
This Executive Order does not include employees in the Board of Regents, Regents Institutions, the Office of the Attorney General, the Office of Secretary of State, the Office of the Insurance Commissioner, the Office of the State Treasurer, the Department of Education, the Judicial Branch, nor the Legislative Branch of Government.
The Governor is also calling on all other state entities to implement similar policies.
“Today, I am taking common-sense steps to protect Kansans’ privacy and security,” said Governor Laura Kelly. “TikTok mines users’ data and potentially makes it available to the Chinese Communist Party — a threat recognized by a growing group of bipartisan leaders across the United States.”
The order is in response to recent warnings from both the Federal Bureau of Investigation and the Federal Communications Commission that user data from the social media platform TikTok is potentially being shared with the Chinese government, posing both a national and cybersecurity threat. Kansas joins Alabama, Georgia, Iowa, Maryland, Montana, New Hampshire, North Dakota, Oklahoma, South Carolina, South Dakota, Texas, Utah, Virginia, and Nebraska and the federal government in implementing security policies related to TikTok. In addition to state action, Congress recently enacted a TikTok ban on all federal devices due to potential security concerns.
State policy already restricts the use of state devices to official business. The order, which takes effect immediately, will require the deactivation of any active official State of Kansas TikTok accounts and the removal of any TikTok applications from state-owned devices. In addition, mechanisms will be put in place to limit the ability to access the TikTok website from the State of Kansas OITS-managed networks and to prohibit the future installation of the TikTok app on OITS-managed state-owned/leased devices. Entities will have 30 days from the effective date of the Executive Order to implement remediation and blocking activities. At the 30-day mark, the Kansas Information Security Office (KISO) will begin to implement blocking on the State network.
“In many cases, social media platforms collect a significant amount of user data or have access to a significant amount of device resources and data. Individuals are often not aware of the breadth and depth of data that is being collected or the access that the application may have to phones. Much of the data collected isn’t necessarily required for the stated function of these applications but is collected for other purposes,” said Kansas Chief Information Security Officer Jeff Maxon. “The potential ability for a foreign government to manipulate or use the collected data, or access devices, to track or influence Kansans is concerning. Limiting or restricting the use of an application like this is a simple step we can take to reduce any potential impacts on executive branch employees and citizens.”
Exceptions to this directive for mission essential functions or for law enforcement purposes must be filed with and approved by the KISO. Entities requesting exceptions must also work with the KISO to implement appropriate restrictions.
View the Executive Order here.