In this collection of articles, several experts discuss the national security risks posed by TikTok, the Chinese-owned social media platform. The US government has taken steps to address these risks, including an executive order from former President Trump that sought to ban the app, and a subsequent bill from House Republicans that aimed to do the same. Kara Frederick, a researcher at the Center for a New American Security, has proposed a systemic risk and ruleset to contend with future challenges, highlighting China’s lack of democratic features and rule-of-law protections as potential problems. Other experts have suggested policy tools such as IEEPA sanctions, Leahy Law restrictions, or CFIUS reviews, while some propose exemptions for “sensitive personal data” from Berman Amendment protections. Additionally, concerns have been raised about TikTok’s data collection practices, which extend beyond its own platform and include tracking users across the web. Experts suggest that these concerns underscore the need for greater transparency and accountability from big tech companies, as well as a more comprehensive approach to protecting individual privacy.
The Dominance of TikTok and its Implications for National Security
TikTok, the China-based social media platform, has captured the attention of the world, boasting three hundred billion dollars, three billion downloads, and at least 90 minutes of attention per user every day. However, concerns have been raised regarding its data exploitation practices, privacy abuses, influence operations, and promotion of social contagions, which leaves Americans vulnerable to the Chinese Communist Party (CCP).
The report suggests that without a systemic, risk-based framework to proactively address the next TikTok now, the US will have ceded another critical digital battlespace to its adversaries. Furthermore, the report argues that U.S. policymakers have a responsibility to safeguard America’s social fabric and protect young citizens from the whims of a hostile, foreign nation. Failure to act means that the next generation of Americans will pay the price for Washington’s lassitude.
Given the current threat environment, the only viable option to protect the United States and Americans is a wholesale ban on TikTok’s operations in the US. A systemic, risk framework applied to foreign-owned platforms will prevent another TikTok from infiltrating America.
In conclusion, TikTok’s dominance presents a significant threat to national security. The longer it operates in the United States, the more data China can collect on American citizens, especially young people, and sharpen its ability to exploit them. Therefore, policymakers must take swift action to safeguard America’s social fabric and protect its citizens from the CCP’s influence.
The Threat Posed by TikTok to American Citizens
TikTok, the most popular social media app, poses a distinct threat to American citizens as its data-collection and exploitation practices, abuses of privacy, propagation of influence operations, and promotion of social contagions all expose Americans to a host of abuses by the Chinese Communist Party (CCP). TikTok’s Beijing-based parent company ByteDance is subject to the PRC’s laws and policies that permit the CCP’s access to the data ByteDance collects. China’s 2017 National Intelligence Law compels private entities and individuals to cooperate with “state intelligence work,” providing the CCP with access to American citizen’s data. Policymakers must take immediate action to address the threat posed by TikTok and future platforms to preserve America’s self-governing republic, especially for the next generation.
China’s Access to Data Through TikTok’s Parent Company
Chinese laws and policies permit the Chinese Communist Party (CCP) to access data collected by ByteDance, TikTok’s Beijing-based parent company. China’s 2017 National Intelligence Law compels private entities and individuals to cooperate with “state intelligence work,” providing the CCP with access to American citizen’s data. The Chinese government also acquired a 1 percent stake in ByteDance’s main domestic subsidiary in April 2021, and at least one of the three board members, Wu Shugang, is a card-carrying official of the Chinese government. This level of access lays the groundwork for data exploitation by the Chinese government. Additionally, Chinese officials, former and current, are embedded in TikTok’s parent company and involved in the company’s inner workings. Policymakers must address these concerns to safeguard America’s national security and protect its citizens from the CCP’s influence.
TikTok and its parent company, ByteDance, pose a significant threat to American citizens, given China’s laws and policies that enable the Chinese Communist Party’s (CCP) access to the data that ByteDance collects. China’s 2017 National Intelligence Law and 2017 Cybersecurity Law, for instance, require private entities and individuals to cooperate with state intelligence work and allow for a low threshold for state access to data, respectively. Additionally, Chinese officials, both former and current, are embedded in TikTok’s parent company and involved in its operations, with the Chinese government holding a 1% stake in ByteDance’s main domestic subsidiary, which gives the CCP access to data ByteDance collects. Furthermore, the U.S. Department of Justice assessed in 2020 that ByteDance has an internal corporate CCP committee that allows the CCP to influence the company. Forbes reviewed over 300 LinkedIn profiles of current TikTok and ByteDance employees in 2022 and found that many have ties to the Chinese state media apparatus. Leaked documents published by Gizmodo in 2022 showed that TikTok’s public relations strategy included downplaying ByteDance and the company’s association with China. Given TikTok’s data collection and exploitation practices, privacy abuses, propagation of influence operations, and promotion of social contagions that affect America’s social fabric, policymakers must address the platform urgently. If America is to preserve its self-governing republic, especially among the next generation, dealing with TikTok and its successor platforms is both a strategic and moral imperative.
TikTok’s data privacy and collection methods are under scrutiny due to the app’s links to the Chinese Communist Party (CCP). Despite the controversy surrounding other American platforms and their data-collection practices, the CCP’s influence over TikTok raises concerns about privacy invasion. The CCP could encourage more data collection practices through the app, as evidenced by TikTok’s invasive collection methods that include GPS locations, IP addresses, content, contacts, and biometric data. TikTok’s privacy policy admits to collecting device information, including keystroke patterns, among other data. In fact, a recent report by cybersecurity firm Internet 2.0 found that TikTok’s data-collection practices were among the worst in the industry, with a Malcore score of 63.1 out of 100, the highest and worst score of the more than 20 digital applications tested. This high score is attributed to security vulnerabilities in TikTok’s code and the abundance of data trackers on the platform. The stark contrast between American and Chinese political systems, as well as differences in corporate governance, raises further concerns about the potential exploitation of user data by the CCP. The United States, despite its internal pressures, still maintains an open society with a free press, engaged citizenry, and an independent judiciary that hold the government and private companies accountable for their data-collection practices. However, China does not have an equivalent approach to data privacy and user rights.
TikTok’s invasive data-collection practices have raised concerns over privacy invasion, and the app’s ties to the Chinese Communist Party (CCP) have intensified these concerns. The CCP’s influence over the app is likely to encourage more data collection, as opposed to less. While many American companies engage in commercial surveillance practices, direct comparisons do not account for the differences in corporate governance and political systems between China and the United States.
TikTok’s data-collection practices are invasive and include collecting users’ GPS locations, IP addresses, contacts, images, and other personally identifiable or device information. The app also collects mobile carriers, time zone settings, models, networks, device identifiers, screen resolution, operating systems, app and file names, and types, along with keystroke patterns or rhythms of its users. A report by cybersecurity company Internet 2.0 alleges that TikTok’s data-collection behaviors are among the worst in the industry, with a score of 63.1 out of 100, the highest and worst score of the more than 20 digital applications tested.
Moreover, TikTok conceals atypical elements of its data-collection practices. For instance, in August 2020, TikTok reportedly exploited a loophole in Google’s Android operating system that allowed it to track users’ unique device identifiers for at least 15 months. The company allegedly bundled these identifiers and other device data to send to parent company ByteDance. TikTok also reportedly accessed user clipboards on Apple’s mobile operating system, potentially exposing sensitive information like passwords and banking information.
Leaked audio of 80 internal TikTok meetings obtained by BuzzFeed captured an external auditor expressing concerns over potential backdoors to access user data in almost all of the app’s tools. Bugdoors can also be introduced via software updates, providing access to certain systems. TikTok could serve as a potential entry point to access the data of other people using the same Wi-Fi network.
In conclusion, TikTok’s invasive data-collection practices and ties to the CCP raise significant privacy concerns, and the app’s efforts to conceal atypical elements of its collection practices and potential vulnerabilities further exacerbate these concerns.
TikTok’s data collection practices have come under intense scrutiny due to the extent of personal information gathered, including Global Positioning System (GPS) locations, Internet Protocol (IP) addresses, contacts, images, microphone access, and other personally identifiable information. According to a report by cybersecurity company Internet 2.0, TikTok’s data-collection behaviors are among the worst in the industry, with a Malcore score of 63.1 out of 100, the highest score of the over 20 digital applications it tested. In addition, separate leaks revealed that China-based engineers employed by TikTok’s parent company, ByteDance, repeatedly accessed US user data from 2021 to 2022. These reports have been further corroborated by a former ByteDance employee, who confirmed that employees could switch between Chinese and US data with nothing more than a click of a button using a proprietary tool.
ByteDance conceded in 2022 that it built an entire initiative centered around using TikTok to monitor the locations of at least two US journalists, likely as an attempt to ferret out employees that leaked to BuzzFeed in the summer of 2022. Moreover, the CCP’s likely control over TikTok’s algorithm raises questions about the app’s potential to be actively manipulated by CCP-linked actors.
TikTok’s invasive data-collection practices have resulted in the app being banned in some countries, and many people have raised concerns about the CCP’s potential influence over the app. However, it’s important to note that there are differences in corporate governance between American and Chinese companies, as well as the stark contrasts between U.S. and Chinese political systems. While America retains a relatively open society, free press, engaged citizenry, and independent judiciary to hold both the US government and private companies accountable for their data-collection practices, China does not have a remotely comparable approach.
ByteDance’s refusal to surrender TikTok’s source code during talks with Oracle in 2020 suggests the company’s reluctance to relinquish control to American entities. The CCP would have much to lose if the algorithm was transferred to an American company as it likely controls ByteDance and has the ability to control the recommendation algorithm. FBI Director Christopher Wray has explained that the Chinese government has the power to control the software and data of millions of users who have TikTok on their devices and potentially spread propaganda within the US. These capabilities raise concerns over TikTok’s ability to manipulate the information environment.
TikTok’s capacity to shape public opinion is underscored by its ability to push pro-CCP narratives, censor content, and conduct tailored influence campaigns. The app’s use as a news source has tripled in just two years, with 10% of American adults getting their news from TikTok on a regular basis in 2022, compared to just 3% in 2020. These developments raise significant concerns over how the CCP may be leveraging TikTok’s capabilities to manipulate the US public and spread its ideology.
TikTok and the CCP’s Influence Operations
TikTok’s parent company ByteDance, which is controlled by the Chinese Communist Party (CCP), has been accused of using its popular app to spread pro-CCP narratives and censor content unfavorable to the Chinese government. According to a 2022 report by Buzzfeed News, former ByteDance employees claimed that the company deliberately served pro-China content to U.S. users through its old news app, TopBuzz. The employees also alleged that ByteDance censored stories that portrayed the Chinese government in a negative light.
TikTok has been identified as a significant vector through which the CCP can expand its influence over the cognitive landscape of the American body politic. In 2020, TikTok confirmed that the Chinese government asked its employees to set up an account, under the radar, that “showcases the best side of China (some sort of propaganda).” Leaked documents revealed that TikTok censors content that exposes the CCP’s genocide against its Uyghur community in the Xinjiang region and videos about Tiananmen Square, Tibetan independence, and Hong Kong protests.
Expanding Influence Over the U.S. Public
TikTok’s ability to manipulate the information environment is further compounded by its growing role as a news source for Americans. According to a survey by Pew Research Center, nearly a quarter of adults in the United States under the age of 30 claim to regularly get their news from TikTok. This creates yet another vector for the CCP through which to expand its influence over the American public.
It is important to note that ByteDance’s control over TikTok’s algorithm raises questions about the app’s potential to be actively manipulated by CCP-linked actors. FBI Director Christopher Wray has testified that the Chinese government both controls ByteDance and has the “ability to control the recommendation algorithm.” Given the CCP’s authoritarian track record, it is naive to believe that it has not taken advantage of these capabilities.
TikTok’s impact on the American public sphere is a cause for concern, as the app’s influence operations have the potential to shape perceptions of China and its government. It is crucial that policymakers, technology companies, and users remain vigilant in identifying and countering the manipulation of information by foreign actors.
(Source: Katerina Eva Matsa, “More Americans Are Getting News on TikTok, Bucking the Trend on Other Social Media Sites,” Pew Research Center, October 21, 2022)
TikTok’s growing influence on American citizens is a cause for concern. A 2022 survey found that nearly a quarter of U.S. adults under 30 claim to regularly get their news from the platform. The Chinese Communist Party (CCP) has been accused of using TikTok to spread propaganda and censor content that exposes its human rights abuses. For instance, TikTok accounts linked to Chinese state media reportedly pushed divisive content during the 2022 U.S. midterm elections, mostly criticizing Republican candidates while favoring Democrats.
TikTok’s algorithm and unique features, such as “heating,” which artificially picks stories to go viral, facilitate the platform’s manipulation of the information environment. The algorithm tailors content to individual user preferences and engagement, making it an effective vector for propaganda delivery. This bespoke approach to propaganda could enable the CCP to launch custom influence operations against U.S. citizens on a large scale. Moreover, the platform’s features could be deployed for the 2024 U.S. presidential election.
The integration of TikTok data with China’s growing trove of stolen datasets from hacks conducted since at least 2014 is another cause for concern. This data, if fused with other information, could enable foreign adversaries to create profiles of American citizens that are ripe for blackmail, espionage, and other nefarious purposes. TikTok data, if cross-referenced with other sources, could paint a comprehensive picture of American users and their life patterns.
In conclusion, TikTok’s growing influence on the American body politic could give the CCP a new vector for propaganda delivery and the ability to manipulate the information environment on a large scale. Furthermore, the integration of TikTok data with other stolen datasets poses a threat to the privacy and security of American citizens. It is essential to take these risks seriously and mitigate them through appropriate measures.
TikTok and China’s AI Development: A Threat to American Privacy
TikTok’s popularity has grown tremendously among young Americans, with nearly a quarter of US adults under the age of 30 getting their news from the app. However, TikTok’s parent company, ByteDance, has been accused of using its platform to disseminate pro-China content and censoring stories unfavorable to the Chinese government.
According to Forbes, TikTok’s algorithm and unique technical features, such as “heating,” which artificially picks stories to go viral, facilitate the manipulation of the information environment. The algorithm trains on data drawn from individual user preferences and engagement, resulting in a more bespoke vector for propaganda delivery.
China’s strides in AI development indicate that the country can and will apply emerging technologies to datasets collected from platforms like TikTok to quickly exploit their collection. AI, such as machine learning and analytics, can transform data into insights, parse through raw data at machine speed, identify patterns and anomalies, and predict and map trends. Big data analytics can process and analyze large volumes of data and extract meaning or flag items of interest. This technology allows data that was previously discarded or ignored to have value, making what TikTok collects even more useful to the Chinese government.
Through an “Integrated Joint Operations Platform,” Chinese authorities already aggregate behavioral and biometric data to create multimodal profiles of individuals and identify potential threats to the regime. TikTok, with its depth and scope of data collection, could be used by the Chinese government to build digital profiles, determine patterns of life, and even map out the social networks of Americans.
It is crucial to recognize that China’s strides in AI development can transform the information environment into a new arena for propaganda delivery, and platforms like TikTok are a vector for China’s soft influence operations. While TikTok’s popularity may continue to grow, Americans must be aware of the potential risks associated with using the app and the possibility of the Chinese government collecting their personal information.
China’s significant strides in artificial intelligence development suggest that they will apply these emerging technologies to datasets to gain insights quickly. Machine learning and analytics are used to transform raw data into useful insights by identifying patterns, anomalies, or mapping trends. Big data analytics are used to analyze vast amounts of data and extract meaning or flag items of interest. The Chinese Communist Party (CCP) officials are already using these analytics and data integration to enforce internal control in places like Xinjiang Uyghur Autonomous Region using an “Integrated Joint Operations Platform.” The Chinese government is reportedly creating dossiers on prominent Americans and their allied countries such as Australia, Canada, and Great Britain using publicly available and stolen datasets. The CCP can use these datasets to construct digital profiles of Americans by cross-referencing data from the Chinese hack of the Office of Personnel Management detected in 2014, which exposed sensitive information such as social security numbers, addresses, and family contacts of thousands of U.S. government employees, among others.
The CCP can further add data from other hacks linked to the Chinese state such as the Marriott hotel system hack in 2018, the Anthem healthcare system hack from 2015, and the Equifax financial services hack in 2017. By integrating the data from these hacks, the CCP can track where U.S. citizens stay, who they travel with, and any vulnerabilities in their health, medical, or financial lives. Patterns of life from digital platforms like TikTok, which collects GPS and biometric data in real-time, can fill in many gaps.
Former Google CEO Eric Schmidt warned in a 2023 Foreign Affairs essay that authoritarian states such as China and Russia may use data on Americans’ shopping habits, location, and even DNA profiles to launch tailor-made disinformation campaigns and even targeted biological attacks and assassinations. By leveraging applications of AI and analytics, China can quickly and easily exploit its collection of datasets to construct digital profiles of Americans, making them vulnerable to blackmail, espionage, and more.
The Chinese Communist Party (CCP) has the ability to build digital profiles of American citizens using the surveillance footholds it has gained in the United States and other parts of the West. According to recent reports, the CCP has created dossiers on prominent Americans and citizens from allied countries like Australia, Canada, and Great Britain. The CCP has gained access to both stolen and publicly available datasets to achieve this. Furthermore, the CCP could utilize TikTok and other “open-source” data to cross-reference information from hacks like the 2014 Chinese hack of the Office of Personnel Management, the Anthem health care system hack from 2015, the Equifax financial services hack in 2017, and the hack of the Marriott hotel system in 2018.
TikTok has real-time GPS and biometric data-collection capabilities that allow it to collect patterns of life from digital platforms. With this information, the CCP could track where U.S. citizens stay, who they travel with, and any vulnerabilities in their health, medical, or financial lives. Former Google CEO Eric Schmidt warns that China and Russia could collect individual data on Americans’ shopping habits, location, and even DNA profiles, allowing for tailor-made disinformation campaigns, and even targeted biological attacks and assassinations.
To address these concerns, The Heritage Foundation recommends a wholesale ban of TikTok’s operations in the United States, and eventually all U.S. allied countries. Additionally, they recommend that Congress, along with the executive branch and relevant agencies, should ban TikTok from operating in the U.S. market, eliminate the loophole that prevents the President from enforcing sanctions against TikTok, and update the International Emergency Economic Powers Act’s (IEEPA’s) Berman Amendment.
The CCP has already unleashed an advanced surveillance state on its own people, and any efforts by the CCP to apply its surveillance apparatus to Americans must be actively repudiated. To prevent another TikTok from infiltrating America in the future, a systemic approach is required. Congress should craft, publicize, and enforce a risk framework for foreign-owned platforms and applications seeking entry into the U.S. market.
Foreign-owned digital platforms are a significant national security threat in the US. There have been calls for Congress to update the International Emergency Economic Powers Act’s Berman Amendment to address the exploitation practices of foreign-owned digital platforms and their proxies in the current information environment. As it stands, any presidential administration’s hands are tied when it comes to using IEEPA to address national security concerns linked to social media applications and websites, as the Berman Amendment exempts “informational materials.” According to researchers at the Center for a New American Security, the exemption could be revised with the addition of a criterion that these materials should be free from malign state actor links and influence. TikTok, owned by ByteDance, does not meet this criterion for exemption.
Congress could make a ban on TikTok through the Berman Amendment by deeming the app a national security threat and influenced by a malign state actor. Alternatively, legislators could engineer a ban by eliminating the Berman Amendment loophole or allowing the use of IEEPA authorities to ban the app. A wholesale ban of TikTok’s operations in the US and allied countries is recommended by The Heritage Foundation, followed by a risk framework for foreign-owned platforms and applications seeking entry into the US market. The draft bill Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and Algorithmic Learning by the Chinese Communist Party (ANTI-SOCIAL CCP) Act by Senator Marco Rubio and the Deterring America’s Technological Adversaries (DATA) Act by Representative Mike McCaul are two examples of these efforts. The DATA Act suggests exempting “sensitive personal data” from Berman Amendment protections, whereas the ANTI-SOCIAL CCP Act is a bipartisan bill sponsored by Representatives Mike Gallagher and Raja Krishnamoorthi.
Foreign-owned digital platforms have become a growing concern for US policymakers in recent years, particularly after the Trump Administration’s attempt to ban TikTok as a national security threat. To address this issue, a risk-based framework that triggers specific policies for foreign-owned digital platforms wanting to operate in the US has been proposed.
A Risk-Based Framework
A solution to the problem of future TikToks could lie in a country-neutral risk framework applied to foreign-owned platforms. This framework would provide a ruleset to contend with future challenges, triggering focused policy prescriptions when certain criteria are met. If the framework’s essential elements of risk-based criteria are met, specific policy actions, such as IEEPA sanctions, Leahy Law restrictions, or CFIUS reviews, should be enacted.
Development and Implementation
The Treasury Department, Commerce Department, State Department, and the National Institute of Standards and Technology can contribute to the development of this framework. The criteria that should trigger specific policy action include measures to ensure the platforms are reasonably free from malign state actor links and influence. This would exclude TikTok, by virtue of its parent company ByteDance, which would not meet this criterion for exemption.
Ban TikTok in the US
Moreover, a wholesale ban of TikTok’s operations in the US, and eventually in all US-allied countries, has been recommended by The Heritage Foundation given the current threat environment. Efforts to apply China’s advanced surveillance state to Americans must be actively repudiated, according to Eric Schmidt in his article “Innovation Power: Why Technology Will Define the Future of Geopolitics” published in Foreign Affairs.
Efforts are being made in Congress to update the International Emergency Economic Powers Act’s Berman Amendment to allow the president to ban foreign-owned digital platforms that pose a national security threat. For instance, the bipartisan companion bill in the House sponsored by Representatives Mike Gallagher and Raja Krishnamoorthi, Senator Marco Rubio’s draft bill Averting the National Threat of Internet Surveillance, Oppressive Censorship, and Influence, and Algorithmic Learning by the Chinese Communist Party (ANTI-SOCIAL CCP) Act, and Representative Mike McCaul’s Deterring America’s Technological Adversaries (DATA) Act.
A Risk-Based Framework for Foreign-Owned Digital Platforms
The Center for a New American Security proposes a country-neutral risk framework to address foreign-owned digital platforms operating in the United States. This framework will trigger a set of policies when a certain criterion is met. The Treasury Department, Commerce Department, State Department, and the National Institute of Standards and Technology will develop this framework.
The framework comprises four elements: target audience and monthly active users, overall security, collection and information-control practices, and the platform’s home jurisdiction. Each element has high-risk criteria that, when met, will trigger a specific policy action.
For example, meeting high-risk criteria for the platform’s overall security will likely trigger a CFIUS review, while high-risk criteria for collection and information-control practices will likely trigger the use of IEEPA sanctions. The platform’s home jurisdiction, including its data practices, human rights record, and governance atmosphere, will also be evaluated.
Platforms from adversary nations like Iran, North Korea, or Russia will effectively trigger specific policy action. Meeting specific high-risk criteria will likely trigger a combination of CFIUS review and Leahy Law restrictions.
Passing a National Data-Protection Framework
To address third-party data collection and sharing mechanisms for US users, Congress should pass a national data-protection framework that prohibits digital applications from sending US user data to TikTok/ByteDance, and other foreign-owned digital platforms that represent legitimate national security threats to the US.
A TikTok ban is not enough to protect US data since numerous apps and trackers can send US data to TikTok, even if a user has not downloaded the TikTok app.
Mitigating the Threat of Foreign-Owned Digital Platforms in the US
Foreign-owned digital platforms pose a significant threat to US national security by collecting sensitive data on US citizens and sharing it with foreign governments. In this article, we explore the risk-based framework proposed by Kara Frederick, the Director of the Technology Policy Center at The Heritage Foundation, to mitigate this threat.
Risk-Based Framework for Foreign-Owned Platforms
The proposed risk-based framework involves four elements:
-
The digital platform’s target audience and monthly active users
-
The platform’s overall security
-
The platform’s collection and information-control practices
-
The platform’s home jurisdiction
Each element has high-risk criteria that, when met, would trigger specific policy actions, such as IEEPA sanctions or CFIUS reviews. For example, a platform’s vulnerability to hard security problems like hacking and intrusion would likely trigger a CFIUS review. On the other hand, meeting high-risk criteria under the platform’s collection and information-control practices would likely trigger the use of IEEPA sanctions. The framework would also require the Treasury Department, Commerce Department, State Department, and the National Institute of Standards and Technology to contribute to its development.
National Data-Protection Framework
Congress should prohibit digital applications from sending U.S. user data to foreign-owned platforms that pose a legitimate national security threat to the United States. A data-protection framework with appropriate standards and oversight would help prevent commercial entities from collecting, storing, and sharing US user data with designated foreign companies.
Private Companies Should Remove TikTok from Their App Stores
U.S. tech companies, including Google and Apple, should remove TikTok from their app stores while Congress negotiates a solution to the TikTok problem. TikTok’s relationship with the Chinese Communist Party and legitimate threat to national security necessitate this action.
Conclusion
Foreign-owned digital platforms pose a significant threat to the United States. To safeguard US national security and protect young citizens from the whims of foreign governments, policymakers must implement a systemic, risk-based framework to proactively address the next TikTok now. Failure to do so will result in the US ceding yet another critical digital battlespace to its adversaries.
According to various sources, ByteDance, the owner of TikTok, has increased the price of its stock option buyback. As of July 2021, TikTok had already surpassed 3 billion downloads and was found to be more popular among kids and teens than YouTube, with an average watch time of 91 minutes in 2021. The app’s popularity has also been highlighted by various news outlets, including The Washington Post, which explores how TikTok took over the internet, and the Australian Broadcast Corporation, which featured TikTok in its news program. In March 2023, Senator Warner held a press briefing to discuss TikTok, indicating the ongoing concern and attention the app receives.
According to Murray Scot Tanner’s 2017 article for Lawfare, China’s National Intelligence Law provides the Chinese state with broad access to data. Additionally, China’s 2017 Cybersecurity Law, with a low threshold for access to data by the state, and the 2019 Data Security Management Measures document, impose strict provisions requiring data to be housed in China, and allow for spot inspections and black-box security audits. Kara Frederick’s testimony before the U.S. Senate Judiciary Subcommittee on Crime and Terrorism adds that China’s Cybersecurity Law applies to entities using information and communication technologies, not just internet service providers. This means that any data on communication networks in China will soon be subject to the Chinese Cybersecurity Bureau’s scrutiny without requiring an official request.
Moreover, the Chinese government has taken a minority stake and board seat in ByteDance’s main domestic subsidiary, TikTok’s parent company. According to the Financial Times, China aims to take “golden shares” in Alibaba and Tencent units to tighten control over the country’s tech sector.
All these actions indicate that China seeks to expand its use of “golden shares” to strengthen control over the tech industry and collect vast amounts of data on citizens and non-citizens alike.
Several articles have discussed the privacy concerns related to TikTok and ByteDance, the parent company of TikTok. The U.S. Department of Justice opposed a motion for a preliminary injunction against TikTok in 2020. In August 2022, Forbes reported that 300 current TikTok and ByteDance employees previously worked for Chinese state media. Gizmodo discussed TikTok’s efforts to “downplay the China association.” TikTok’s privacy policy has been scrutinized, particularly after researchers found that the TikTok browser can track keystrokes. In February 2023, Malcore rated TikTok with the highest score for collecting data. The Wall Street Journal reported that TikTok tracked user data using tactics banned by Google, while Australian Strategic Policy Institute has written on the subject of controlling global information flows. BuzzFeed News obtained leaked audio recordings from internal TikTok meetings, suggesting that US user data had been accessed from China.
In 2020, former MI6 Chief Sir Richard Dearlove warned that TikTok could provide the Chinese Communist Party (CCP) with a backdoor to politicians’ data through their children’s smartphones. This warning came amid increasing concerns over TikTok’s relationship with the CCP, and the Chinese government’s ability to access user data. In 2022, Forbes reported that leaked audio recordings from 80 internal TikTok meetings revealed that US user data had been repeatedly accessed from China. The security concerns surrounding TikTok prompted US Senator Josh Hawley to write a letter to Treasury Secretary Janet Yellen in March 2023, expressing his concerns over the app’s data collection practices.
TikTok has faced criticism for its lack of transparency regarding its data collection practices, and for its alleged spying on journalists. Forbes reported in 2022 that TikTok had spied on its journalists, adding to the concerns surrounding the app’s privacy policies. However, TikTok has claimed that it takes user privacy seriously and has implemented measures to protect user data. In a statement released in 2020, TikTok outlined its approach to security, stating that it has “invested heavily in building the world’s most advanced security infrastructure” and that it is “committed to being transparent about how we collect, use, and protect our users’ data.”
Despite TikTok’s assurances, security experts and lawmakers continue to express concerns over the app’s relationship with the Chinese government. In a 2022 talk, FBI Director Christopher Wray warned that China could use TikTok to control users’ devices, adding that “there is no such thing as a Chinese company that isn’t subject to the Chinese government’s control.” The concerns surrounding TikTok prompted the US government to intervene in 2020, with Oracle ultimately winning the bid for TikTok’s US operations.
TikTok’s relationship with the CCP and the Chinese government’s ability to access user data remains a contentious issue. As the app continues to grow in popularity, it is likely that the debate surrounding TikTok’s data collection practices will only intensify.
According to a recent report by Pew Research Center, Americans are increasingly turning to TikTok as a source of news, bucking the trend seen on other social media platforms. However, concerns have been raised about TikTok’s ties to the Chinese government and its use as a tool for spreading propaganda. Former employees of TikTok’s parent company, ByteDance, have accused the company of using a news app on millions of phones to push pro-China messages. In addition, Bloomberg reported that the Chinese government had asked TikTok for a stealth propaganda account. These revelations have fueled concerns about censorship and control of global information flows.
TikTok has also been accused of censoring content that does not please Beijing, with The Guardian revealing how the app censors videos. Forbes has reported on the app’s secret “heating” button that can make anyone go viral. Meanwhile, Forbes and other media outlets have also highlighted how Chinese state media uses TikTok to push divisive videos about US politicians.
As TikTok continues to grow in popularity, these issues highlight the need for greater transparency and accountability from the app’s parent company. With its ties to the Chinese government, TikTok’s use as a tool for spreading propaganda and censorship are likely to remain a concern for some time to come.
The use of Artificial Intelligence (AI) in international security and its potential to cause disinformation and espionage is a growing concern among governments and cybersecurity experts. The Center for a New American Security highlights the need for a more comprehensive understanding of the implications of AI in the security arena. Meanwhile, TikTok and WeChat have come under scrutiny for their role in the surveillance and mass censorship of citizens in China, with concerns that the Chinese government may use the apps to disseminate propaganda and influence Western politics. Researchers at the Australian Strategic Policy Institute and Human Rights Watch have detailed the inner workings of the Chinese government’s mass surveillance app, highlighting the dangers of state-controlled surveillance systems that monitor and manipulate entire populations. Chinese government databases used for surveillance have also been exposed, with reports suggesting the Chinese government has hacked various institutions and organizations worldwide. Cyberattacks and data breaches perpetrated by Chinese hackers have led to global data loss and exposure, with the FBI and other authorities charging Chinese military hackers for data breaches at Equifax, Anthem, and Marriott hotels. The potential for these data breaches and cyberattacks to cause widespread disruption and harm to individuals and businesses is a growing concern.
Innovation Power: Why Technology Will Define the Future of Geopolitics, an article written by Eric Schmidt and published in Foreign Affairs on February 28, 2023, explores how technology will be the defining factor in geopolitics. Schmidt argues that technological advances will be the determining factor of economic and military power in the future.
In Beyond TikTok: Preparing for Future Digital Threats, Kara Frederick, Chris Estep, and Megan Lamberth examine the future of digital threats and the need to prepare beyond TikTok. They stress the importance of understanding the complexities of digital threats and the need for a comprehensive strategy to address them.
In Democracy by Design, Kara Frederick discusses the need to adopt democratic principles when designing digital tools and systems to protect national security and individual privacy.
The International Emergency Economic Powers Act (IEEPA) provides a mechanism for the US government to respond to national security threats. However, as researchers at the Center for a New American Security note, the Berman Amendment’s exemption for “informational materials” makes it difficult for presidential administrations to use IEEPA to address national security concerns associated with social media applications and websites.
The Executive Order on Addressing the Threat Posed by TikTok, issued by the White House in August 2020, banned TikTok due to national security concerns. However, the Berman Amendments pose an obstacle to enforcing the ban.
From Plan to Action: Operationalizing a U.S. National Technology Strategy, written by John Costello, Martijn Rasser, and Megan Lamberth, proposes a comprehensive national technology strategy to address national security concerns, such as those posed by TikTok.
The Data and Algorithm Transparency Agreement (DATA) Act suggests exempting “sensitive personal data” from Berman Amendment protections, while other proposals are also under consideration.
In November 2022, Marco Rubio and Mike Gallagher wrote an article in The Washington Post advocating for a ban on TikTok in America due to the security threat posed by the app. This position was echoed in The White House’s Executive Order on Addressing the Threat Posed by TikTok, which was issued in August 2020. The potential dangers of TikTok and other social media applications were also highlighted in a 2021 report by the Center for a New American Security. The report noted that presidential administrations are limited in their ability to use the International Emergency Economic Powers Act (IEEPA) to address national security concerns related to social media apps and websites due to the Berman Amendment’s exemption for “informational materials.”
However, policy actions can be taken to address this issue, such as IEEPA sanctions, Leahy Law restrictions, or Committee on Foreign Investment in the United States (CFIUS) reviews. A risk-based framework with a ruleset to contend with future challenges, derived from previous publications and communications with Administration officials and journalists, could also be implemented.
In November 2022, the Republican-controlled House of Representatives passed a bill to ban TikTok, though it faced opposition from Democrats. Meanwhile, in November 2022, David Feith discussed the opportunities and challenges for trade policy in the digital economy in a Congressional testimony, emphasizing the importance of addressing issues such as data privacy and security.
Overall, the debate around TikTok and other social media apps highlights the need for greater attention to be paid to national security concerns related to the digital economy, particularly in the face of potential threats from China and other bad actors.
In an article published by Politico, Marco Rubio and Mike Gallagher argued that TikTok poses a threat to national security and must be banned in the United States. They cite the app’s ties to China and its potential to gather sensitive information on Americans as reasons for their stance. The White House has previously issued an executive order addressing the threat posed by TikTok. However, the issue remains controversial, with some arguing that policy actions can be a combination of tools already in the U.S. government policy toolkit, such as IEEPA sanctions, Leahy Law restrictions, or CFIUS reviews.
According to Kara Frederick, a researcher at the Center for a New American Security, the lack of rule-of-law protections, specific corporate governance practices, and democratic features in China makes it difficult for companies to resist arbitrary requests for information from the Chinese government. This lack of governance atmosphere raises systemic risks to a nation’s political institutions and legal environment. Frederick suggests that the solution to this problem is to create a ruleset to contend with future challenges.
Consumer Reports has raised concerns about TikTok’s tracking of users across the web, even when they don’t use the app. The article by Thomas Germain explains how the app’s tracking feature works and the potential privacy implications for users. The Heritage Foundation’s Kara Frederick proposes a roadmap for combating Big Tech’s totalitarianism, which includes developing a ruleset to regulate technology companies. Federal Communications Commissioner Brendan Carr has also weighed in on the issue, sending a letter to Apple and Google expressing concerns about the companies’ app stores being used to distribute apps that pose a threat to national security.
Don’t miss interesting posts on Famousbio