Summary#3. The TikTok Ban Should Worry Every Company

 

 

                    Aug 28, 2020, By. Keman Huang, Stuart Madnick/Harvard Business Review

 

                    Earlier this summer, the U.S. government announced it was considering banning Chinese social media apps, including the popular app TikTok. (이번 여름에 접어들면서, 미국 정부는 인기 어플리케이션인 틱톡(TikTok)을 포함해 중국의 미디어 앱을 금지하는 것을 고려하고 있다고 발표했다.)

 

                    In August, President Trump signed two executive orders to block transactions with ByteDance, TikTok’s parent company, and Tencent, which owns the popular messaging service and commercial platform WeChat, and another executive order requiring ByteDance to sell or spin off its U.S TikTok business within 90 days, as well as to destroy all its copies of TikTok data attached to U.S users. (8월 트럼프 대통령은 두 개의 행정명령(executive order)에 서명했다. 하나는 인기있는 메시지 서비스이자 상업 플랫폼인 위챗을 소유한 ‘텐센트’와, 틱톡의 모회사인 ‘바이트댄스(ByteDance)’와의 거래를 차단하는 것이었다. 다른 하나는 바이트댄스에게 틱톡의 미국지사를 90일 이내에 처분하거나 분할(Spin off)하도록 하면서, 미국 사용자에게 부여된 틱톡의 데이터 사본을 모두 파기하라는 것이었다.

 

 

선전에 본사를 두고 있는 텐센트(腾讯)는 시가총액이 800조 원으로 7월 기준 페이스북을 추월했다

 

 

                    As companies including Microsoft, Walmart, and Oracle have expressed interest in buying the app, TikTok is suing the U.S. government, accusing the Trump administration of depriving it of due process. (마이크로소프트, 월마트, 오라클을 포함한 기업들이 틱톡의 매수의사를 보임에 따라, 틱톡은 트럼프 행정부가 적법한 절차(due process)를 따르지 않는 것을 비난하며 미국 정부에 소송을 제기했다.)

 

                    The proposed ban, according to the Trump administration, is intended to safeguard the privacy of U.S. citizens and shield data about them—and government officials—from the Chinese government. (트럼프 행정부에 따르면, 금지안은 미국시민들의 개인정보를 보호하고 중국정부로부터 사용자(정부관료를 포함하여) 데이터를 보호하기 위함이라고 한다.)

 

                    Trump’s August 6 executive order claims TikTok could “allow China to track the location of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.” (8월 6일의 대통령령은 틱톡이 ‘중국으로 하여금 연방정부의 직원과 계약업체의 위치를 추적할 수 있으며, 개인정보와 서류를 편취행위에 활용할 수 있고, 산업스파이에 쓰일 수 있다’고 주장한다.)

 

 

39초에 한 번씩 해킹이 일어난다는 표현에서 에드워드 스노든이 등장했던 <시티즌포>라는 영화가 떠올랐다, 이 영화에 따르면 이미 수많은 개인정보가 연방정부에 의해 여러 용도로 활용되고 있다

 

 

                    <What is the Threat?>

                    The data that TikTok collects pales in comparison to, say, what most American tech companies (as well as banks, credit agencies, and hotels) collect, both visibly and less so. (틱톡이 수집한 데이터는 대부분의 미국 대부분의 기술 기업(은행, 신용회사, 호텔들 또한 마찬가지로)과 비교하면 눈에 띄게 대단할 것이 없다.(pale))

 

                    Many institutions that collect sensitive data have already been hacked—it is estimated that there is a cyberattack every 39 seconds—and much of that information is for sale on the Dark Web. (민감정보를 수집하는 많은 기관은 이미 해킹을 당했고—39초마다 사이버공격이 이루어지는 것으로 추정된다—이들 정보의 대부분은 다크웹에서 거래된다.)

 

                    If the Chinese government wanted the kind of information TikTok could collect, it could be obtained in many other ways. (만약 중국정부가 틱톡이 접근할 수 있는 정보를 원했다면, 이는 다른 여러 루트로 구할 수 있었을 것이다.)

 

                    What will likely prove a more pressing threat to U.S. customers is much more low-tech: Setting a precedent of banning everyday technologies could quickly spiral out of control and seriously disrupt almost all international trade. (미국 사용자들에게 위협이 가해짐으로써 예상되는 것은 훨씬 낮은 수준의 기술이다. 일상 기술을 금지하는 선례를 남기는 것은 국제무역을 통제할 수 없는 상태(spiral out of control)에 빠뜨리거나 국제무역에 심대하게 지장을 줄 수 있다.)

 

 

바이트댄스는 상장된 회사는 아니지만 시가총액이 59조원 정도로 추산되며, 작년 한 해 누적 다운로드만 15억 회에 달한다고

 

 

                    <A Growing Trend>

                    While the case against TikTok may seem novel, it’s actually just the most recent high-profile incident in a string of cases of countries banning products or services over alleged cybersecurity concerns. (틱톡의 사례가 새로워 보일지 모르지만, 이른바 사이버보안을 이유로 제품과 서비스를 금지했던 일련의 사례 가운데 근래에 가장 눈에 띄는 케이스일 뿐이다.)

 

                    In our research, we have studied more than 75 such events involving more than 31 countries going back almost 20 years, though most occurred in the past five years. …In 2016, Russia blocked access to LinkedIn, stating that LinkedIn refused to store personal data of Russian users in Russia. (우리의 연구에서, 우리는 20년을 거슬러 31개국에 걸친 75개 사례를 조사했다. 비록 대부분의 케이스는 최근 5년 이내에 발생했지만 말이다. (여러 예시 中) 2016년 러시아는 링크드인이 러시아 사용자에 대한 개인정보 보관을 러시아에서 하길 거부했다며, 링크드인 접속을 차단했다.)

 

                    These cases build on a trend of high-profile bans, such as when China blocked Facebook, Twitter, and Google (2009), and when BlackBerry was banned or threatened with a ban in India, Pakistan, Saudi Arabia, and United Arab Emirates (2010). (이러한 케이스들은 2009년 중국이 페이스북과 트위터, 구글을 막았던 것이나, 블랙베리가 인도, 파키스탄, 사우디 아라비아, 아랍에미리트에서 금지되었거나 금지의 위험에 처했던 눈여겨볼 만한 (high-profile) 사례들을 기반으로 한다.)

 

 

사실 중국의 강력한 검열 정책이야말로 미국의 IT 기업의 진출 의지를 여러 번 좌절시킨 바 있다

 

 

                    Because any product that contains a computer or service that uses a computer—nowadays just about everything—can introduce cybersecurity risks, the frequency and impact of these events is increasing. (컴퓨터를 포함하는 제품이나 컴퓨터를 사용하는 서비스는—오늘날 거의 대부분의 재화는—사이버보안의 위험을 안고 있기 때문에, 이러한 사례의 빈도와 파급효과는 증가하는 추세이다.)

 

                    Examining the millions of lines of software or firmware in these products and services is not currently feasible, therefore decisions are made based on the perceived risks, which can be impacted by factors such as trust and capability to manage cybersecurity risks. (이들 제품과 서비스에 탑재된 소프트웨어나 펌웨어를 하나하나 검수하는 것은 현실적으로 어려워 보이므로, 인지할 수 있는 리스크(이는 신용과 사이버보안리스크를 관리할 수 있는 역량 같은 요인의 영향을 받을 수 있다)에 기반하여 판단이 이루어지고 있다.)

 

                    In general, there are four strategies for managing risks: accept, avoid, mitigate, and transfer. There are many practical options that countries and companies can adopt to manage cybersecurity risks from cross-border digital products/services. (일반적으로 리스크를 관리하는 네 가지의 전략이 있다. 수용(accept), 회피(avoid), 완화(mitigate), 전이(transfer)가 그것이다. 정부와 기업들에게는 국경을 넘나드는 디지털 제품/서비스로부터 유래하는 사이버보안의 리스크를 관리하기 위해 여러 실질적인 옵션을 적용할 수 있다.)

 

                    Unfortunately, banning products is becoming increasingly common—and doesn’t appear to be a particularly sustainable strategy. (안타깝게도, 제품을 금지하는 것이 점점 더 보편화되고 있으나 딱히 지속가능한 전략으로 보이지는 않는다.)

 

 

독일에서 컴퓨터가 탑재된 인형이 수입금지 조치됐던 사례도 다뤄지지만, 대체로 권위주의하에서 무역이 무기로 활용되는 것 같다

 

 

                    <Why This Time Is Different>

                    The proposed ban reinforces a growing belief that America is no longer the leading guarantor of global business, but rather a potential threat to it—a notion that is profoundly reshaping the world economy and threatening American businesses. (금지안은 미국이 더 이상 세계 무역의 수호자(leading guarator)가 아니며 오히려 잠재적으로 위협이 된다는 생각을 강화할 것이다. 이러한 관념은 세계 경제를 근본부터(profoundly) 재편성하고 있으며 미국의 상업을 위협하고 있다.)

 

                    TikTok and WeChat both have massive user bases (800 million and close to 1.2 billion, respectively). Removing WeChat from the Apple Store could cause Apple’s iPhone sales to fall by around 30% according to one prominent analyst. (틱톡과 위챗 둘 모두 매우 많은 사용자를 가지고 있다.(각각 8억 명, 12억 명) 저명한 분석가에 따르면, 앱스토어에서 위챗을 없애는 것은 아이폰의 수익을30%까지 하락시킬 수 있다.)

 

                    The second-order cost of sabotaging the international business environment with these policies could be much higher: 86% of companies in the U.S.-China Business Council have reported experiencing negative impacts on their business with China. (이들 정책(금지안)을 활용해 국제 경영환경을 저해(sabotage)하는 것의 부차적(second-order)인 비용은 훨씬 크다. 미중 경제위원회에 소속된 86%의 기업들이 중국과의 교역에서 부정적인 영향을 경험했다고 보고됐다.)

 

                    The biggest impact was lost sales because customers shift their suppliers or sourcing due to uncertainty of continued supply. Companies worried about a U.S. ban may just initiate a “De-Americanization” plan to remove or replace U.S components in their products and supply chains. (가장 큰 타격은 고객(소비자)들이 안정된 공급의 불확실성으로 인해 공급자나 공급원을 바꿈으로 인해 매출이 낮아지는 것이다. 기업들은 미국의 금지안이, 제품과 공급 체인에서 미국의 부품을 빼거나 교체하는 ‘탈미국화’ 계획을 구상할 것을 우려한다.)

 

 

 

 

                    <Weighing the Political Risks>

                    Business executives need to realize that in addition to following the best practices to reduce the perceived cybersecurity risks from their digital product/services, preparing for political risks is also necessary. (경영관리자들은 인지할 수 있는 사이버보안 리스크를 줄이기 위해 가장 적합한 방법을 따르는 것에 더하여, 정치적 리스크에 대비하는 것도 요구된다.)

 

                    TikTok implemented several practices to mitigate the risks, including: storing U.S. user data in the U.S. and backing it up on Singaporean servers, blocking access to its data from its mother company ByteDance, hiring an American CEO and operation team, beefing up its lobbying team, withdrawing from Hong Kong based on the concerns over China’s new national security law, launching a “transparency center” for moderation and data practices in Los Angeles, banning political and advocacy advertising from its platform, and setting up a global headquarters outside of China. TikTok and its employee are preparing to battle the ban in separate lawsuits. (틱톡은 리스크를 완화하기 위한 여러 방침을 도입했다. 미국 사용자들의 데이터를 미국에 보관하면서 싱가포르 서버에 백업을 해 두었고, 모회사인 바이트댄스의 접근을 막았다. CEO와 집행부서에 미국인을 고용하고 로비스트를 보강했다.(beef up) 중국의 새로운 국가보안법에 대한 우려에 따라 홍콩에서 철수했고, 로스앤젤레스에는 데이터 관리와 중재를 위해 ‘투명성 센터’를 열었다. 정치적이고 선동하는 광고를 플랫폼에서 금지했고, 중국 본토 바깥에 글로벌 본부를 두었다. 틱톡과 그 임직원은 별도의 소송을 통해 금지안에 맞서고자 대비하고 있다.)

 

                    In recent years, governments have tried to increase their ability to access the data contained on these devices and services. For example, WhatsApp advertises that it “secures your messages and status updates stay between you and the people you choose.” (최근 몇 년, 정부는 이들 기기와 서비스가 포함하는 데이터에 접근할 수 있는 권한을 늘리고자 노력했다. WhatsApp은 그들이 “당신의 메시지와 상태가 당신과 당신이 선택한 사람들 사이에만 업데이트가 될 것을 보장한다’고 광고한다.)

 

 

사실 개인정보가 제대로 관리되고 있는지는 전문적인 지식이 있더라도 그러한 관리를 맡은 사람이 아닌 이상 알기 어려울 것 같다..

 

 

                    But, several times, most recently in October 2019, the U.S., UK and Australia have applied pressure on Face book to create backdoors that would allow access to encrypted message content. So far, Facebook and WhatsApp have refused. (하지만 여러 차례, 가장 근래에는 2019년 10월, 미국과 영국, 호주 정부가 암호화된 메시지에 접근할 수 있는 백도어를 만들도록 페이스북에 압력을 가했었다. 아직까지, 페이스북과 WhatsApp은 이를 거부하고 있다.)

 

                    If such backdoors are allowed and become commonplace, then every Internet-connected device will essentially be a spy device and likely be banned by every other country. (만약 그러한 백도어가 허용되고 일상화된다면, 인터넷이 연결된 모든 기기는 필연적으로 스파이 목적의 도구가 될 것이고 모든 국가에서 금지될 것이다.)

 

                    The abuse of “national security threat” is snowballing and leading to an escalating trade war that could disrupt world trade. We saw a similar situation caused by the Smoot-Hawley Tariff in the 1930s. (‘국가 안보에 위협이 된다’는 것을 남용하는 것은 눈덩이처럼 불어나 세계 무역을 저해하는 무역 전쟁으로 비화될 수 있다. 우리는 이와 비슷한 상황을 1930년대 Smoot-Hawley 관세 사례에서 보았다.)

 

 

우리나라 또한 해결되지 않은 국제무역 분쟁문제가 있다. 이번에 일본의 수상이 바뀐다 해도, 아베의 측근이 구상했던 무역보복과 관련하여 쉽사리 실마리가 나올 것 같지는 않다

 

                    The goal was to protect U.S. farmers and other industries that were suffering during the Great Depression by raising tariffs and discouraging import of product from other countries. But, not surprisingly, almost all of the U.S trade partners retaliated and raised their tariffs. (관세를 높여 타국으로부터 수입을 낮춤으로써 미국의 농민과 대공황으로 인해 어려움에 처한 기업을 보호하는 것이 관세의 목적이었다. 하지만 놀라울 것도 없이 거의 모든 미국의 무역 상대국은 보복으로써 관세를 높였다.)

 

                    That resulted in U.S imports decreasing 66% and exports decreasing 61% making the “Great Depression” much greater. In general, there are rarely winner in trade wars, and probably not in cyber trade wars. (이는 미국의 수입을 66% 수준, 수출을 61% 수준으로 감소시켜서 ‘대공황’을 더욱 심화시켰다. 일반적으로 무역전쟁에서 승자는 있기 어렵고, 사이버 무역전쟁 또한 그럴 것이다.)