A little more than a year after then-President Donald Trump issued an executive order effectively banning TikTok in the U.S.—which later morphed into a deal to have Oracle take over its U.S. presence—the app ended up surviving unscathed and without a change in ownership. President Joe Biden formally revoked Trump’s ban on TikTok in June.
But the U.S. Congress continues to fret over TikTok’s potential security threats. Many lawmakers believe that the hugely popular video-sharing app, which is owned by the Chinese company ByteDance, could somehow funnel data about U.S. users to the Chinese government.
TikTok employs biometric data as an input to the artificial intelligence models it uses to suggest videos that users will like. That AI-driven recommendation engine is a big part of the reason the app has more than 100 million users in the U.S. And it’s come at a price. In March TikTok agreed to pay $92 million to settle a class-action lawsuit after numerous plaintiffs in Illinois complained that the app had harvested biometric data from users, including minors, without giving proper notice. TikTok may have changed its privacy statement to be more explicit about the data it collects in an effort to avoid future lawsuits, says attorney and security specialist Peter Fu, a former researcher and analyst at the Justice Department.
Old issue, new concern
On Tuesday, Republican Senator Marco Rubio of Florida issued a statement calling for the Biden administration to ban TikTok on U.S. “telecommunications networks and devices,” noting that the Chinese government has taken an ownership stake in the ByteDance subsidiary that controls Douyin, the version of TikTok offered in the Chinese market. “The Chinese Government will now hold one of the three board seats belonging to Beijing ByteDance Technology Co. Ltd., which controls the licenses behind ByteDance’s domestic platforms,” the statement says.
Rubio added, “The Biden Administration can no longer pretend that TikTok is not beholden to the Chinese Communist Party.”
Rubio’s office has released eight statements calling for TikTok restrictions since October 2019.
In 2020, Republican Senator Josh Hawley of Missouri introduced a bill called the No TikTok on Government Devices Act, which passed the Senate but was never voted on in the House. Hawley reintroduced the same bill in the current Congressional session back in March. He’s called TikTok a “Trojan horse” for the Chinese government.
A similar proposal banning the app on government devices was added as an amendment to the 2021 Defense budget (National Defense Authorization Act), which the House passed last summer. (The military had already begun banning TikTok on its devices by the end of 2019.)
“The Chinese Communist Party is using TikTok to collect massive amounts of data from American citizens and our government that could be used in a cyberattack against our republic,” said Representative Ken Buck, a Colorado Republican who sponsored the amendment.
Roland Cloutier, ByteDance’s security chief, told Cyberscoop last year that data from U.S. TikTok users is stored on U.S. servers, so the Chinese government has no access to it. But that’s done little to calm fears of Chinese data funneling.
It’s not just TikTok
Talking about banning specific apps for specific users isn’t something Congress does often. It’s more comfortable passing broad policies that apply to all apps and all users. Rubio hints at this in his recent statement. “We must . . . establish a framework of standards that must be met before a high-risk, foreign-based app is allowed to operate on American telecommunications networks and devices.”
That lack of a “framework of standards” may be the real problem, says Fu, who now serves as general counsel for Linode Cloud Hosting. And it’s about privacy in general, not just for foreign-owned apps.
“It appears that the Chinese Communist Party is being used by U.S. policymakers to deflect attention from the real issue, which is that in 2021 the U.S. still has no unifying federal privacy law to help consumers and businesses understand our rights, privileges, and obligations when it comes to personal data,” Fu says.
After the California Consumer Privacy Act passed in 2018, two other states—Colorado and Virginia—passed and enacted privacy laws, but so far the federal government has yet to come close to passing a data privacy law for the whole country.