Biden Directive on Mitigating Threats From TikTok, Other Foreign-Owned Apps Is Insufficient

COMMENTARY Technology

Biden Directive on Mitigating Threats From TikTok, Other Foreign-Owned Apps Is Insufficient

Jun 15th, 2021 4 min read

Commentary By

Annelise Butler

Research Associate, Center for Technology Policy

Brendan Dodd

Summer 2021 Member of the Young Leaders Program at The Heritage Foundation

Nikolas Joao Kokovlis / SOPA Images / Getty Images

Key Takeaways

The executive branch is still not articulating the known current threats while realistically preparing for future challenges in this sphere.

The evidence of security risks coming out of foreign state actors keeps piling up.

Rolling back serious efforts to protect Americans’ data from the Chinese Communist Party is a disaster in the making.

President Joe Biden on Wednesday revoked an executive order signed by then-President Donald Trump that targeted the Chinese-owned TikTok and WeChat apps by proposing these apps be banned due to their national security risks.

In its place, Biden signed a new executive order with vague directions for the Commerce Department to evaluate software related to foreign adversaries.

Although that executive order only skims the surface of the national security issues that come along with foreign-owned digital platforms, some sort of evaluation plan is better than none.

Now, the Commerce Department will be required to review any application that involves software “designed, developed, manufactured, or supplied by persons that are owned or controlled by a foreign adversary, including the People’s Republic of China, that may present an undue or unacceptable risk to the national security of the United States and the American people.”

The problem? The executive branch is still not articulating the known current threats while realistically preparing for future challenges in this sphere.

The Biden order is designed to replace the Trump administration’s approach targeting individual companies. Instead, it provides for a broader process for reviewing risks posed by apps that are confirmed to be connected to potentially hostile countries.

In this case, broader is better.

Instead of proposing a policy solution that was tailored to specific apps, the precedent that the Commerce Department will institute should have the ability to apply to any app connected to a foreign state tied to national security threats.

Trump signed a pair of executive orders in August 2019 that took away the ability of individuals to communicate with TikTok’s parent company, ByteDance. That was the government’s first attempt to create a precedent. Biden’s executive order states that his administration does agree on the security risk from foreign-owned apps, but that Trump’s orders were ineffective and unenforceable, since federal court rulings had blocked his orders from taking effect.

This new executive order is more impactful because, instead of solely blocking the apps, the Commerce Department and other federal agencies will now work together to come up with recommendations for protecting U.S. citizens’ sensitive data.

The evidence of security risks coming out of foreign state actors keeps piling up.

In China, tech companies are required by a 2017 national intelligence law and a 2014 counterespionage law to “support, assist, and cooperate with the state intelligence work.”

According to the latter, organizations and individuals that are asked to provide data “may not refuse.” Although ByteDance asserts that it has never given data to the Chinese government, and would refuse to if requested, those laws mean that the company would be unable to prevent the Chinese Communist Party from demanding any and all information that it deems relevant to “state intelligence.”

Further, ByteDance claims that its American data is outside of the jurisdiction of Chinese law, as the firm stores its data on servers in America and a backup in Singapore. However, until last month, the backup server was hosted by Alibaba, another Chinese company subject to the same legal requirements imposed by these national security laws.

ByteDance has also admitted that, prior to a February 2019 update to TikTok’s privacy policy, user data may have been processed in mainland China.

In 2020, the State Department raised similar concerns, naming Alibaba as a cloud-based system “accessible to our foreign adversaries.” It has also been noted that TikTok’s definition of “U.S. data” is intentionally narrow, ignoring anonymized data that can be utilized in artificial intelligence or machine learning, or to reconstruct a person’s identity.

Subject to the slightest scrutiny, ByteDance has shown journalists, lawmakers, and national security officials the same modus operandi, trafficking in obfuscation and half-truths.

Although its press releases and testimony may allay the suspicions of casual observers, the company papers over a much more concerning reality; namely, in TikTok’s hands, American data is vulnerable to Chinese state inquiry and acquisition.

The new Biden executive order also seeks recommendations on further toughening the United States’ approach to protecting sensitive data. The original Trump executive order restricted TikTok and ByteDance by stating that “any transaction by any person [is] subject to the jurisdiction of the United States.”

Concerns about the security risk posed by TikTok are neither new nor partisan. In February 2020, the Transportation Security Administration prohibited its employees from using TikTok after the Sen. Chuck Schumer, D-N.Y., raised security concerns about the app.

Other government agencies with a TikTok ban include the departments of State, Defense, and Homeland Security, as well as every branch of the U.S. military.

In April, Sen. Josh Hawley, R-Mo., introduced legislation to ban TikTok on all government devices, calling the app a “Trojan Horse for the Chinese Communist Party.”

Across the political spectrum, Washington has acknowledged the potential risks emanating from the video-sharing app. Although Hawley’s bill and its companion legislation in the House currently only have Republican co-sponsors, they are a promising first step toward the bipartisan goal of securing American data.

While the app may be a cultural phenomenon, TikTok’s glaring security flaws speak for themselves. On the positive side, the U.S. government is establishing a risk-based framework to evaluate foreign-owned digital platforms.

We are only scratching the surface of the national security issues we face with the popularity of foreign-owned digital platforms, and a plan in place to evaluate these national security concerns is a necessary place to start.

Rolling back serious efforts to protect Americans’ data from the Chinese Communist Party is a disaster in the making, but the introduction of a risk-based framework to account for national security concerns presented by specific digital platforms is still a step in the right direction.

This piece originally appeared in The Daily Signal.