On Thursday, August 6, the Trump administration announced two executive orders that would bar any transactions with Chinese social media networks TikTok and WeChat by any person or involving any property in subject to the jurisdiction of the United States. The move also comes after the U.S. Senate unanimously voted to ban TikTok from government-issued devices over privacy and national security concerns.
On Monday, TikTok retaliated against the executive order by suing the Trump administration, escalating the back-and-forth between the U.S. government and the popular social media app. A group of WeChat users also sued the administration on Friday, seeking to block the allegedly “unconstitutional” executive order that would ban the app.
Emerging Technologies Fellow Lindsay Gorman answers questions regarding the national security threats of Chinese social media apps and how democracies can address those threats.
Much of the rhetoric in the United States surrounding TikTok—including the language used to justify the executive orders—focuses on the national security threat the app, and other Chinese social media apps, poses. What are these national security risks?
There are really two main national security risks the United States and likeminded democracies should be concerned about, and both of them involve information.
The first and more straightforward risk is about data: the amount of information platforms like TikTok and WeChat collect on their users, and ultimately who has access to that granular user data like location tracking, internet usage information, information from other social media platforms, messages, cookies, and device information. Of course, there are also national security concerns with U.S. tech giants amassing similar amounts of data on their users without an adequate framework to secure that information or clear limits on to whom they can sell it and in whose hands it might eventually end up. In the case of TikTok, where it might end up, however, is much clearer: the app’s privacy policy explicitly says that user information may be shared with “a parent, subsidiary, or other affiliate of our corporate group.” TikTok’s parent company, ByteDance, is headquartered in China and subject to the full laws of the Chinese Communist Party (CCP) that punishes activists and journalists critical of the regime.
The second risk is over the choices an opaque algorithm makes on how to display information to users—and how the algorithm can be altered for information suppression, manipulation, or censorship. In the case of TikTok, we have reports that content related to the Hong Kong pro-democracy protests last fall, the Black Lives Matter movement, that depicting poverty, content critical of government officials or police, and content related to the oppression of Uyghur Muslims in Xinjiang have all been subject to selective suppression by the algorithm. And given the influence operations we know CCP-linked actors are already perpetrating across U.S.-based social media platforms like Facebook, Twitter, and YouTube—many of which we at the Alliance for Securing Democracy document day-to-day—the risk of using a platform that’s ultimately accountable to Beijing for political speech in the United States should raise serious eyebrows.
Some critics have argued that U.S. policymakers’ concerns over TikTok are unfounded given that U.S.-based apps like Facebook and Google collect data on users around the world. How is this different?
In many ways, these critics are right. U.S. tech firms collect massive amounts of data too, and their track record on securing it is far from unimpeachable. In fact, the Unites States would benefit tremendously—including on grounds of national security and foreign influence—were it to adopt more rigorous data privacy and data protection frameworks that apply to all firms operating here regardless of ownership. I hope these bans will spur a national conversation about what this should look like in the United States, and it’s something we at ASD are exploring as well.
But ultimately, there’s a false equivalence being propagated here because U.S. tech firms, with all the problems they have both solved and created for our democracy, are not ultimately beholden to an authoritarian regime with an aggressive agenda to silence dissent, punish those dissenting, and conduct influence operations on social media in the United States. For ByteDance, TikTok’s parent company, or Tencent, the owner of WeChat, there is no option to refuse to comply with a censorship or data request, no matter how thin the justification. Under the vaguely worded 2017 National Intelligence Law, and increasingly under the National Security Law we’re seeing developed in Hong Kong, these companies have no choice but to comply.
WeChat, for example, has notoriously helped the state jail journalists and activists who use the platform and employs user data collected overseas to help train its censorship algorithms back home. TikTok is a much newer and less-studied app. We now know, though, of at least one shady data practice: TikTok was collecting MAC addresses—unique user identifiers for long-term tracking without the ability to opt-out that are collected by only 1 percent of Android apps—and sending them back to ByteDance in violation of Google Play Store policy. Even worse, these identifiers were sent to ByteDance with an extra layer of encryption, likely designed to evade detection of practice by Apple and Google, whose app store policies prevent MAC address collection from third party apps.
Tech platforms also have to comply with court-authorized legal process from government entities in the United States and democratic systems. And there’s much room for disagreement over how law enforcement should be using data collected by the private sector. But ultimately, these decisions are meted out by the courts, and a democratically elected Congress can pass legislation limiting the uses of surveillance platforms by law enforcement if it so chooses. No such democratic accountability or independent judiciary is available in China.
What does this mean for the “average” social media user?
For many U.S. citizens with no plans of travelling to China, the problems with these practices may seem remote, and in some ways they are. Will a U.S. citizen find herself in a Chinese prison for posting a TikTok video about the Uyghurs in Xinjiang? Probably not. But one of the chief lessons of Russia’s attack on our democracy in 2016 was that even U.S. owned platforms are vulnerable to foreign influence. Data is power, and the Chinese Communist Party appears to be pursuing a strategy of amassing the world’s data and revealing its uses afterwards. So far, the uses it has already found in training and employing mass surveillance have elicited some serious human rights and democratic governance concerns, and not just within China. Do we really want our data lending a hand to this type of regime? For U.S. citizens, it may be less about “national security,” and more about human rights, geopolitics, and privacy of information from government—even foreign ones.
All this doesn’t mean there aren’t large loopholes through which data can still flow to the Chinese Communist Party; the CCP can still obtain data through data brokers and ambiguous corporate relationships. And we should wrestle with these loopholes as well. Addressing only apps like TikTok and WeChat barely scratches the surface of what we need to do as a nation to protect our information from malign use while squaring this circle of remaining as open and free as possible as a society. But the presence of these other loopholes doesn’t mean that authoritarian ownership of deeply personal U.S. citizen data is any less of a concern. It just means we need a more holistic analysis and framework for addressing the broader spectrum of these threats—ideally built with and taking lessons from our democratic partners, who in many cases are out ahead of the United States in this regard.
How can the United States and other democracies address these risks posed by Chinese social media apps while still supporting open and free communication?
Ultimately, responses that the United States takes to address these threats need to be multilateral and the result of thorough national security decision-making, including through deliberations with allies. Even without considering the origin country of a given social media platform, though, there are immediate steps democracies can take to bolster resilience against these information space threats. One is to institute a federal data privacy framework that limits murky and nonconsensual sharing of user information and enacts cybersecurity requirements around breaches. In the case of TikTok, however, the data transfer to its parent company is in the open, so there may be limits to such frameworks in addressing all these risks.
Another step to combat the information manipulation aspect of this threat is to demand more robust transparency on the algorithms that shape our interaction with social media platforms. Right now, it is extraordinarily difficult to discern to what extent platforms like TikTok are promoting or suppressing user content, though there are some worrying signs. Transparency from platforms like TikTok is vital to maintaining a healthy information space in which democratic speech can flourish.
These two measures may not solve every problem with Chinese influence operations on social media, but allied information sharing and agreement on the extenuating threats is the best guard against the United States mimicking the regimes we criticize.
The views expressed in GMF publications and commentary are the views of the author alone.