Audio of this conversation is available via your favorite podcast service.
Last week President Joe Biden signed into law a measure that would force the Chinese firm ByteDance to divest its ownership of TikTok, or risk the app being banned in the US. The measure also included restrictions on the sale of personal data to foreign entities. What are the implications of these moves for US and global tech policy going forward? What will the inevitable legal challenges look like?
To learn more, I spoke with Anupam Chander, law professor at Georgetown and a visiting scholar at the Institute for Rebooting Social Media at Harvard University; Rose Jackson, the director of the Democracy and Tech Initiative at the Atlantic Council; and Justin Sherman, CEO of Global Cyber Strategies and adjunct professor at Duke University.
What follows is a lightly edited transcript of the discussion.
Justin Hendrix:
We’ve got an excellent group here today to talk about what has transpired this week with regard to TikTok. Anupam, I want to start with you because you held an expert panel at the Berkman Klein Center just about a week before this supplemental bill went through. I think when you were hosting the panel, you might’ve thought I got a little bit more time to luxuriate thinking about these things. Be various opportunities for us to explore the legal questions here, but that’s not what happened. How quickly do you think we’ll see a First Amendment challenge to what’s passed in Congress and what the president has signed into law?
Anupam Chander:
Yeah. Congress showed us that they can act on tech if they want to and they took aim at a big tech company. It just turned out that it’s a big tech company that comes not from the United States, but conveniently from a foreign place. And this goes to my adage that it’s easy to regulate other country’s companies. So that’s one of the reasons that this speeds through because we’re regulating a company that’s not really American in its origin. I think we’re going to see the company’s been preparing for this. It was probably hoping that it never would have happened. It was probably hoping that former President Trump’s criticism might derail it in the Senate or some other Hail Mary, but that didn’t come to pass. So I think they’ve been preparing and they should be filing suit and of course you’ll see users filing suit. And I would expect that within weeks. Within a month I would expect lawsuits to have been filed.
Justin Hendrix:
So it’ll be somewhat like Montana then where we saw the state pass a bill and then we saw, of course the company sue and then affected user creators sue.
Anupam Chander:
Exactly. With the company bankrolling the users’ lawsuit. And we’ve seen TikTok doing that again and again. We first saw it in 2020 with TikTok bankrolling the lawsuit brought by influencers in a court in Philadelphia.
Justin Hendrix:
I want to ask you one last question and then bring in Rose and Justin’s perspectives on this. But one of the things that been paying close attention to are the national security claims being made about TikTok, the extent to which the evidence has been put forth by senators, by Congress more generally. And I want to ask you maybe just hypothetically, how important do you think that substantiation, that evidence will be in this court challenge? What will TikTok and other plaintiffs try to demand that the government show to the public with regard to that substantiation?
Anupam Chander:
I just want to point to the very unusual character of this bill. This isn’t a bill that gives the president powers to review what’s happening in the world and make determinations based on criteria set out in the law. It actually does that, but it also directly states that one company in particular is to be either forced to sell or banned from the United States. So it’s Congress making a very significant factual finding with respect to one particular company. And in that context, it’s quite odd that the bill doesn’t have any factual findings accompanying it. It’s not a bill that begins with the findings of Congress, a detailed report from Congress as explaining what the claims are. So what you’re referring to about factual statements by various members of the House or the Senate, some of those … You’ll recall the Shou Chew hearings where a congressman was asking Shou Chew, does TikTok use wifi. Shou Chew left puzzled as to what the congressman could possibly mean. And so I think we can’t just take individual statements as factual findings by Congress.
Justin Hendrix:
Rose, I want to bring you in here. February 14th, just about a couple of months ago, you were one of three authors of a piece for the DFRLab. TikTok: Hate the Game, Not the Player. Talking about strategic and regulatory confusion around TikTok with regard to the national security response. What do you make of this? I guess I’ll ask you a question. My own review of the record suggests when it comes to the national security threat, there isn’t a lot of detailed information available on the types of claims that are being made by folks in the intelligence committees. We’re just left to trust them and trust their statements about TikTok.
Rose Jackson:
Yes and no. I think what’s interesting about the conversation on TikTok is in some ways it’s this window into a much bigger and frankly more urgent conversation about our broader information ecosystem. Our paper actually tries to assess point by point the national security concerns that people have articulated with regard to TikTok and assess them and then assess them in the context of other ways that the Chinese state may have or actually have already undertaken to achieve those aims. And every single thing that people have named, concerns over the lack of privacy protections and data protections for American users, concerns over potential for the Chinese state to be implementing influence operations using the platform, concerns over the Chinese state’s just over control and ability to compel action or information through the platform, all three of those things are actually concerns. The problem is they are also things that the Chinese state does on any number of other platforms. And because the United States doesn’t have really any meaningful regulation of the tech sector outside of liability protections and copyright protection, there really aren’t any standards to hold TikTok against.
And so instead of having a conversation about what we want our information ecosystem to look like and what we think reasonable requirements are for ensuring that Americans are able to do everything that they do online in terms of operating businesses, communicating with family and friends, having fun, whatever it is in a safe and rights respecting environment, that upsetting rules to create that we took a look at TikTok. And I think the professor is right, that because it’s a foreign entity, it’s easier to have the conversation. Conversation is actually much larger.
And so this bill is another example of us failing to then address the problem. That doesn’t mean there aren’t problems, so I want to be very careful in stating that there aren’t concerns. The number one thing that I think is unique about the TikTok case is the Chinese state does have a law. It’s a 2017 national … Basically national security law that provides pretty broad sweeping powers for the state to require any company that is operating in China and certainly any company that is Chinese to provide any information that it wants. But what I think is more unique is that they can basically deputize almost any employee of that company to take action on their behalf. And the consequences for failing to do so are quite severe. So that is in fact different.
But to your point of what do we know, there’s certainly a question of what intelligence that we’ve all heard that the senators were walked into and members of the house were walked into a classified hearing and walked out freaked out enough that they wanted to support this bill. I question a little bit that narrative. But I think in the United States another proof point of problems that we have is we don’t actually know whether TikTok is frankly operating significantly differently than any other platform because we don’t have transparency requirements. We don’t have data access rules, and there’s a massive asymmetry between what companies know about their own platforms and what governments, regulators, independent researchers like my own organization and individuals know. And so again, just coming back to this question, are there national security risks? Absolutely. Does this bill address them? No. Have most of the bills and conversations and efforts that over the last two years people have thrown out to address “TikTok concerns”, if every single one of them passed, would it actually measurably impact the Chinese state’s ability to achieve its objectives? No.
Justin Hendrix:
Justin, I want to bring you in here both to respond to what you’ve heard so far from Anupam and Rose, but also to ask about some other aspects of the supplemental package that I suppose do get at some of the questions that you’ve been working at which to Rose’s point about the broader information ecosystem, the extent to which the infrastructure of data brokers and ad tech and the rest of that represents a vulnerability. What do you make of the TikTok decision or TikTok measure on the one hand and the inclusion of these other measures as well? Do you think this addresses the problem?
Justin Sherman:
I agree with what both just said about the contours of this debate and how four and a half years, maybe now five years, this has been going on at least in DC since some senate letters in 2019. So really a long time and it’s hard to say whether or not it’s gotten better or worse or just morphed shape in that period. But I’ll respond quickly to that piece and then talk about the other element that was passed in the aid package as you referenced related to data brokers. But the first thing is, I just want to say that … And maybe this is a bit semantic, but during the whole course of this debate, I think the word risk has gotten misused over and over and over and this gets to the question of, well, where is the smoking gun? What is the smoking gun?
Risk is really two things to be very simplistic about a complex field of study. Possibility and consequence. And so there can be a risk of something happening that has never happened before. You don’t have to necessarily show that it’s happened before in order for the risk to exist. It just has to be a possibility. So there’s been a bit of, I think a misstatement there in the sense that some press reporting, not all, but some has said unless there’s concrete evidence, then there is no risk. And as Rose was saying, there are real concerns and so that’s not really true. The second thing is I just wish that we … Not anyone on this podcast. There are probably many listeners. But in the general sense and especially on the Hill, had spent more time debating the impacts of this decision rather than the national security risks. As someone who very much sees all of the points that have already been made about there are potential national security concerns about the Chinese government, for instance, compelling access to data through ByteDance. If you don’t think that’s a possibility, there are plenty of public cases you can go read. At the same time, our own tech sector is often a disaster and our lack of regulation there is a massive privacy and safety and civil liberties and also national security issue.
So what really just bothered me a little bit was the amount of time spent in my mind spinning on a wheel about is there a national security risk? What does it look like? Could the Chinese government pressure a company? Which to me was just a ridiculous and easily answerable question, so much less time spent paying attention to I will say the work, the others on this podcast have done. The work from CDT, the work from the ACLU, plenty of other places looking at what are the implications of a ban on a speech-based platform? Does this give, which is in part my view about how this is going to unfold the Chinese government a very compelling reason to block sale because then they can say, “Oh, well look at the US, the US talks all about, oh boohoo, we can’t operate in the Chinese market. This is unfair. And then the second they have the chance, the second there’s a successful Chinese tech company, here comes the national security hammer.” I don’t want to get too into that, but I just think that’s something else I would add is I just wish more time had been spent thinking about the really serious global and domestic implications of this decision rather than spinning wheels on whether or not there’s a risk.
I’ll wrap here with just you mentioned there were other pieces of this aid package and an important one is a bill that was very quickly written and introduced in the house alongside the TikTok divestment bill, and this is a bill focused on concerns that data brokers, a multi-billion dollar industry of thousands of companies just in the US that collect and sell people’s information, could create a national security risk. And I think this is completely valid. We’ve done studies at Duke related to this. And so this bill was written in part to address what you mentioned, Justin, of folks saying, okay, we understand that there’s concern about TikTok, but what about our lack of regulation in the US? What about the fact that we have companies engaged in these practices? So we can get into what is in the bill perhaps, but this was written basically to try and limit the data that data brokers can sell to certain foreign entities, including in China as a tag along with the TikTok bill to address concerns some members had about that gap.
Rose Jackson:
Can I add something to what Justin’s talking about here? Justin and I have talked about this quite a bit, but in doing the report that you mentioned, one of the things that really stuck out to us is a great irony is particularly the privacy section. The idea that TikTok is going to be some uniquely useful source of data on Americans for the Chinese state when we have this massive industry. Frankly like what Justin’s referring to, it doesn’t exist as a global industry. It exists as an American industry that is useful to the globe. Anyone can come into the United States and purchase massive data sets on just about any American. That includes everything from the cell phone towers that you phone has pinged, the grocery loyalty program that you have that tracks everything that you purchase in the supermarket in person, the things you look at online, what you like on social media companies and any number of other things including your credit card information.
All of that data gets packaged together and sold to anyone. And absent the bill that Justin just referenced in an executive order that the Biden administration recently trotted out, there was absolutely nothing that would prevent the Chinese intelligence services from walking into the United States and purchasing all of that completely legally. So when putting that up next to the idea that TikTok was somehow the biggest giant gap in our international security on privacy was just somewhat laughable. What I find extra ironic though is when you start looking at the data broker market, one of the larger data brokers is Oracle. And during Project Texas, which was the precursor version of how do we solve the TikTok problem, let’s address the foreign ownership issue being China, the proposal was to sell off portions of TikTok to Oracle to hold the American data in the United States as some sort of protective measure. And to me that is just such a perfect encapsulation of how incoherent our policy and conversation is because in every direction it fails to solve any of our problems and just sounds nice for someone to say they did something.
Justin Hendrix:
Anupam.
Anupam Chander:
I agree with both their important points. First, the consequences. I don’t think anyone in DC is looking at consequences beyond the ban of the app or the forcing the sale of the app. And so no one is gaming this out. What does this mean for everyone else? So let me tell you, I do global tech regulation and the typical way that internet companies have a face off with … And I wrote a paper called Facebookistan now a decade ago, basically tracking Facebook’s encounters with national governments across the world. The typical way that these companies have a face off with the national government is the national government says, we don’t like what you’re doing. The company says … Sometimes they say Yes, we’ll do what you want us to do, but otherwise they say we’re not doing it. And what is the option for the national government? Either boot the company or tolerate that company continuing in the country.
The United States has offered another way. A win solution. We now ask you … We say you have to change. Why? Because either you change or you turn over your keys to us, to someone here and at the same time so that way we get to have our cake and eat it too. We get to basically keep Facebook and have Facebook now abide by our rules. That is a scenario that I think will be really a menace to American companies as they operate abroad because we are the foreign actors everywhere else. And so this sets a terrible precedent. So Justin is right that it allows the Chinese government to say, look, all of that embrace of global free flows of data, et cetera, the free flow of information was only in the service of when their companies rule the world and were sending this information out and collecting this information. But as soon as a Chinese company does it, they block us and they say it’s national security.
We are already saying, the Biden administration’s already said that Chinese cars pose a national security threat to the United States. Why? Again, because of information gathering. And so there are ways to deal with this that I think we need to pay attention to. Let me just also point out about the Oracle thing. Oracle and data brokers, which is a really important point. The irony of all of this. The congressman who led this house select committee on China, Mike Gallagher, resigned from Congress in the middle of his term last week to join Palantir, a huge American surveillance firm. So our surveillance is always good. Chinese surveillance is always bad. Everyone else trusts the American government and American corporations, just don’t trust the Chinese government.
Justin Hendrix:
Rose, you wanted to jump in there?
Rose Jackson:
Yeah. This is also I’d say core to what my program traditionally works on. And so there’s a few things that are happening in the background that we’ve been trying to get people to pay attention to that I do think that both the timing and the approach on TikTok certainly undercut American interest in. And I would actually tweak a little bit something, Anupam, you just said about, we asked you to change and if you change, you can stay. I actually would have no problem with the United States within constitutional protections saying, “Hey, we actually have rules and norms about how companies are supposed to operate and the responsibilities for doing that in the country.” But we don’t. And instead of doing that, we incoherently said, we don’t like this. We have bad vibes and so we’re banning you TikTok, but we’re saying it’s about China. We’re not really articulating what it is about Chinese ownership that’s problematic. And so it’s still a bunch of half measures.
So the reason that’s even more poisonous is there’s actually a ton of countries around the world, particularly authoritarian ones that are expert at leveraging national security laws and national security reasons for either killing companies business or frankly going after people for using platforms any way to express their fundamental freedoms. So to think that the United States is starting to walk into some of that mimicking territory certainly doesn’t look good and complicates a lot of conversations internationally. Two of which I want to really highlight right now because I think they sound super nerdy, but matter in massive ways. And the first thing is when we hear terms like free flow of information and data, which can sound really hand-wavy, there’s actually this consensus that the internet and then things that are built on top of it and the platforms and apps that everyone ends up using on top of that infrastructure, we had this agreement that it was going to be this global free, open, secure and interoperable thing.
And the United States helped … If we’re going to be completely honest, helped create the internet. And then with a lot of pressure internationally, basically said, all right, this is going to be governed and managed jointly by every country in the world, companies, civil society, all of the different players. And so we have all of these very wonky spaces where decisions on standards are set, where people come together to make decisions about how we manage the internet, who gets to decide what your browser name is, all of those things. That is a model that requires interconnection. It is a free flow of information that moves through that. It is actually predicated on open societies. China’s entire structure and orientation and goal for how it’s using digital tools and the internet is to cleave it’s … Originally was to cleave itself off from the information environment and then 10 years ago turned into creating an alternative information environment that puts the state and state control at the center of it and necessitates this idea that every state gets to make its own decisions and there isn’t an interconnected free, open, secure and interoperable internet.
And what some people miss is they think that this is just Chinese internet policy, but it’s actually core Chinese strategy on the Communist Party’s self-interest and how it views its own power both within the state and outside of the state. And so it’s been advancing this in all sorts of different places where it’s trying to break that consensus. And so for the United States in every democratic country … And it’s worth noting that last year as part of … Two years ago, excuse me. The Biden administration summit for democracy, they rallied 80 something countries around the world to sign onto this declaration for the future of the internet that reasserted that we believe in the free, open, secure and interoperable internet. That it’s essential for commerce and everything else that we care about in the world. And plenty of countries representing every region you could imagine, that we are suddenly going to push that forward and then simultaneously arbitrarily ban a platform in the United States.
I don’t know how we then answer the next time Russia does something like force Google to take down an app because they don’t like that Navalny was using it to organize people to speak out against Putin. Or the next time that the Indian government threatens to put in prison the employees of an American company, Twitter, because it refuses to remove content hosted by people criticizing the government. I can go on and on with examples. None of these are good ones. And so it’s not just a question of we don’t look good and it’s creating these opportunities for people to point out our hypocrisy. It’s that the moves that would be required to implement a ban on TikTok would require us to completely undermine in terms of actual policy and infrastructure our commitment to a free, open, secure, and interoperable internet.
And so beyond just the national security questions, I don’t think … I agree we are not having the conversation of the fact that should be a pretty significant American interest. That should be part of the conversation where we are making cogent decisions about what we care more about, what we care less about, what risks we’re willing to take in what spaces. But to me this is just a really important moment. The last thing I’ll say on that is there’s a major debate happening at the UN. The fora around this are, there’s something called the Global Digital Compact and the Summit to the Future and a bunch of different things that are happening right now all the way through September that are the moment in which China has an opportunity to rewrite those norms. And that we are having this bill go through while that’s being negotiated is another example of just the timing couldn’t even be worse even if you decided to carry that forward. Just a really incoherent approach to these questions.
Justin Hendrix:
Justin Sherman, you have spent quite a bit of time in those wonky rooms talking about internet governance that Rose just described. What does this prompt for you?
Justin Sherman:
I want to go off of what Rose just said at the end on incoherence on how do you implement it. And I think what was mentioned up top about the Montana state TikTok ban as a great example. The first version … God knows what was written on the back of napkins. But I should say the first introduced version of that legislation, the way it imagined the ban being enforced I should say was we’re going to have internet service providers. So we’re going to have Comcast and AT&T and Verizon and all these others start filtering all of the traffic going into and out of Montana and they’re going to monitor who’s connecting to what servers and they’re going to check people aren’t VPNing or trying to VPN to TikTok and they’re going to make sure the apps are … And that’s the way we’re going to monitor that no person in Montana is able to open their phone and use the TikTok app. That is a ridiculously stupid idea.
And we can get into why. There’s everything from the global view, which as Rose just alluded to. There are other countries that engage in that intense ISP filtering. That is very problematic when it comes to content. Obviously all countries have some level of blockage around agreed upon things like child sexual abuse material and sometimes terrorist content. But to have that for a general app very concerning all the way down to the local level where this is not something ISPs want to get into, that was then taken out of the bill and then the version that was passed said, we’re going to go after the app stores. The app stores are going to be the lever of influence. But like Rose said, that still raises questions.
I wanted to make two comments. One is related to the potential forced sale of TikTok itself and how that sits procedurally in the law and then about the data broker piece and a very ironic gap that exists now that the two of these are going into law. So the first is that we have had cases before many, many times where a foreign interest, whether that’s an investment fund or a company has purchased a US firm. There has been a review through the Committee on foreign investment in the US, CFIUS, which has been around since 1975, so almost 50 years old. They determine there is a national security risk and then one of two things can happen. Or one of three things I should say can happen. There can be a sale. So the government can first ask that foreign entity to sell it back to US ownership. Two, there can be a mitigation agreement. So they can say, we don’t need you to sell, but there are some conditions we want to meet like we might send the FBI once a quarter to come look at your telecommunications building or we might want regular updates on who’s on your board or whatever it might be.
And the third thing is that there is … And I’m not a lawyer, and so fortunately and unfortunately for him, the law professor we have here can correct me. But the third option is that the president does have the authority under IEEPA, the International Emergency Economic Powers Act, to block some companies from operating in the US if for example they refuse to sell when they’re asked. The reason I mention this is twofold. One, based on what we publicly know, it rarely ever gets to that being forced. Most companies when they’re asked by the US government in these reviews to sell the company to a US interest, they just do it. The second is there’s an explicit line in IEEPA that says the president cannot block the import or export of information. This was a core issue with Trump’s TikTok ban. Multiple of the courts looked at this and immediately went, “Yeah. You’re violating the explicit provision.” Rose’s doting here is dubbed the Berman Amendment. You can’t do that.
So I just say this to say there’s been a lot of commentary I’ve seen online just from people on Twitter and things like this saying this has never happened before. The US government has never made a company sell. That’s not really true, but it hasn’t happened in the case of a platform like this. It’s been a steel manufacturer, it’s been a microelectronics company. It’s been Grindr. A couple of years ago. The gay dating and hookup app that was bought by Chinese investors and sold back. Again, I’ll punt the legal questions, but Rose is … Yeah. Go ahead, Rose.
Rose Jackson:
I would just say a slight tweak. And again, I’m not a lawyer either, but this was interesting we were digging in. So first is CFIUS is a process and I would note that TikTok has been debated through CFIUS and most people believe the reason that there hasn’t been a CFIUS determination that required sale was that they either couldn’t get there or they were confident that it wouldn’t stand up to a court challenge. I would read between the lines that they couldn’t get there. What I think most people are pointing to as being a first is the United States does not traditionally have a history and there’s plenty of, let’s just say legal precedent against the idea of writing legislation that singles out in legislation. One company. Which is this weird part of this bill, is that it almost pretends like it’s trying to do more of a categorical thing. Even it fails to articulate a standard for what an adversarial state actually is, but it basically is like an adversarial state like China and then talks about TikTok in the text of the bill. That’s highly unusual. As opposed to a CFIUS process that is about a specific transaction, not a company.
And that’s the other part of this. I would love for us to have a conversation about what are the security questions related to foreign investment in the United States because I actually think Saudi Arabia is one of the more interesting questions. We view Saudi Arabia for better or for worse, we treat them like an ally. We do not view them as an adversary. And yet the way that they have gone about investing in pretty significant portions of our tech sector, you could view as equally concerning and potentially risky as China buying up large portions of our tech sector. But CFIUS only focuses on foreign investment in which there’s a transacted sale. So if for instance, there hadn’t been a US subsidiary and a merger between two companies to create TikTok, there wouldn’t have even been standing for CFIUS to consider that transaction. I’m sure I’m screwing that up in 12 directions. Again, not being a lawyer. But when we started digging into, that was one of the things we found was that CFIUS is frankly a profoundly insufficient singular tool to consider American interest in foreign investment. And this bill doesn’t clarify that at all.
Justin Sherman:
No. And I’ll just wrap quickly. I agree with everything Rose just said. That’s an important point. CFIUS is a process and I have worked related to CFIUS on the government side. It’s a process. So it takes a lot of time. And in this case, I actually … On a whole separate tangent, we can talk about the government should have, I think more strongly pursued the mitigation agreement on the table, which is they said, no, we don’t need ByteDance to sell. We’re going to do all of these corporate and technical changes to address concerns. But the second point I just wanted to make quickly is that this data broker bill is right as we mentioned, went with the TikTok bill and is now going to be implemented and there are several limits in there and we can get into that or maybe talk about the executive order.
But the main point I wanted to make is the bill only restricts sale from companies that make most of their revenue from selling data and when they don’t sell data about their own users or customers. And I apologize to anyone who’s heard me do this before I rant about this all the time, but this is a major problem.Because lots of first party companies sell data. There would not be a market right now for people’s real-time geolocation data in the way there is without hundreds if not thousands of mobile apps every single day selling their own users’ data. It is ridiculous from a national security standpoint to think that, oh, we’re only going to look at a third party website. Wrong. You’re missing a core part of the security risk. You’re actually missing a lot more granular data.
All to say. The irony that many have pointed out, and I also mentioned in an article I did about this, is that with both of these in place, TikTok can still legally sell its user’s data to whomever it wants. Because yeah, maybe there will be a forced sale or I don’t know what’s going on with that. But we also have third party that will be restricted from selling. But by the way, TikTok, because you’re a first party and you collect identity graph and behavioral and political and maybe health and sexual orientation and other data and location information on your 150 million something American users, you are completely allowed to sell that to a foreign actor because we have taken the data broker lobby’s definition of a data broker, we have carved out first parties. Again, to the point both have made about glaring gaps in our own system. I think that just underscores the irony of this Band-Aid approach to highly complex problems.
Justin Hendrix:
Anupam.
Anupam Chander:
I just want to pick up the last point that Justin made. The grand irony of all this is that a TikTok owned by Steve Mnuchin or by Walmart may be less safe for Americans or we have less guarantees, less insight into what’s going on, less regulation about pernicious actions than as it is currently. Because as Justin points out, all the restraints in these data broker provisions, all the restraints in the TikTok ban bill will fall away as soon as it becomes an American company. And so this is what Rose has been hammering from the start. We need a broader approach. By the way, I’m a fan of the data broker bill. I agree with Justin it’s not an ideal bill, but I think it makes sense. It’s certainly more logical than a bill that singles out TikTok. Can I just say one thing? I’ve been thinking about what are the apps that are actually potentially have much more serious private information?
Grindr and dating apps generally I can understand there’s a national security issue that you can identify. Porn apps. Most of the porn apps out there are foreign companies with very obscure ownership. Boy, wouldn’t you like to know if general so-and-so has an interesting usage of those things? None of that is covered by any of this. The whole system is just designed … It seems to actually take our energies on protecting our nations’ infrastructure against foreign actors and direct it in really odd ways. So we’re going to have the US government defending itself in this case against a blistering attack from civil rights community, from these companies, from the users, 170 million Americans potentially about the loss of this app and instead of paying attention to the broader picture of the things that keep America safe.
Justin Hendrix:
And here I might just ask you in some ways to embody a couple of your panelists at that panel that I mentioned at Berkman Klein, it might work. If this ends up at the Supreme Court, how do you think that we’ll weigh things? I got the sense in listening to the discussion at Harvard that it’s probably not a slam dunk in the same way that the Montana bill got thrown out in such a fast order just on first amendment grounds and the judge basically saying, “Oh, Montana, you don’t have any national security concerns anyway.” But what do you think? What do you think might be the contours, the debate in the Supreme Court?
Anupam Chander:
Rose said CFIUS has been reviewing and Justin described as well. CFIUS has been reviewing TikTok since 2019. Five years in. So in 2020 CFIUS said, “TikTok, you got to leave or sell.” So there was actually an order from CFIUS. Then TikTok, ByteDance sued CFIUS and that order was stayed pending these negotiations. So that mitigation agreement that Justin described has been in negotiations for the last handful of years. And Rose said, what do we make of the fact that there hasn’t been either mitigation agreement achieved or an order, a conclusion of this saying you got to leave or sell from CFIUS? And she concluded because they thought that legally that any action by them wouldn’t survive judicial scrutiny. Now that here’s what Congress is doing that I think that the Biden administration’s hoping for. Now we have two branches of government siding against TikTok. That addition of Congress in this context is the magical solution to CFIUS alone barring this massive speech app from the United States or requiring its ownership to be changed. So I think that’s the big question. I make no predictions, but I think that’s whether or not two branches will be sufficient to satisfy the courts in this case.
Justin Hendrix:
Lest this be a conversation that’s deemed in defense of TikTok. Maybe we can have a couple of just points from each of you by conclusion on what you wish would happen from here. What would be a better way to move forward? Might be wishful thinking given the way that the situation we’re in at the moment, but we’ve just seen that somehow legislation can pass. Maybe we’ll just go around the room. Rose, what would you like to see happen?
Rose Jackson:
If I could wave my magic wand, obviously we would have a federal privacy standard bill passed. And there’s obviously an equally surprising bill that popped up before Congress just after this TikTok bill. I don’t think it will have the same success rate, but we’ll see. I think transparency and data access requirements that would provide us the ability to actually know what’s happening on platforms. Noting that most of the foreign influence campaigns that people are citing concern with happen across multiple platforms. The Chinese state itself communicates that part of its strategy. It’s something that my own organization tracks very closely. And so the ability to actually know what’s going on, to have access to data, to have standards of transparency and operational requirements in the country.
Number three, I do think we are overdue for a real conversation on understanding the implications of foreign investment in what I’ve begun calling critical information infrastructure, which this speaks to a need I think for us to have a very real discussion about how we conceptualize that. Our energy, our electric grid, our water system, our gas system, how people are able to use what are privately provided essential services we have decided to categorize and treat differently than other private industry. And I do think that the information environment could benefit from some version of comparison and a different framework that might result in us asking different questions and looking differently at who owns what things and how and whether we have higher standards of requirements for number one, when it is appropriate for any foreign government to have majority stake or ownership or control over those things. And number two, what it is that we require those private actors both in terms of action, extra responsibility in managing risk and in providing information to the public to national security officials and to regulators themselves. I think those are huge things that I threw out there, but that would be a wonderful way to address what are genuine concerns over TikTok’s potential risks.
Justin Hendrix:
Justin Sherman, how about you? What’s next?
Justin Sherman:
You’re making me follow … Plus one to all of that. I would just add one, I wish that when members of Congress were getting calls from their constituents saying, we don’t like this, they would not unplug the phone. I say that it’s tongue in cheek, but I also mean that seriously. And I think that a lot of offices … And this was way under-reported in the press as we all sitting here know anecdotally. People were unplugging phones left and right when teenagers and young adults and others were calling in saying don’t ban TikTok when this was being debated in the House. A lot of offices ignored that. Again, we can get into risks and not risks and this and that. But inherently I find that very problematic. I think that is bad, especially when we’re talking about a communications platform that people are actively not listening to their own constituents. So that would be the first piece.
And the second is to echo what Rose said. I think personally you hit a point where the focus on TikTok becomes extremely myopic. And I don’t know why we’re spending so much time thinking that TikTok is the top intelligence priority for the Chinese Ministry of State Security. No organization has an unlimited budget. This includes even large intelligence agencies. So the thought that even if you had a complex mitigation agreement … Oh, they could get around it by doing this. You’re assuming that they’re spending so much time because they’re so invested in getting access to TikTok specifically. That’s the only thing we need to do. When to Rose’s point, there are glaring gaps in the US. For instance, I will say that it is my view that you can still walk in the front door at Facebook and post any right-wing content and you’re not going to get taken down. I don’t care if you’re posting from Saudi Arabia or from Ohio. Because they’re so afraid of being seen as politically biased that they’re not going to take it down. We have all these issues here.
And so all to say, I echo absolutely what Rose said on a comprehensive privacy bill. Looking at data brokers is important. Looking at real-time bidding, which underpins all modern online advertising, that is a privacy disaster. There is also a ton of national security collection and concern around that. And the way I look at it is similar to what Rose said. Is you need that floor for all companies regardless of where you’re based. And then sometimes regardless of how big you are or what you’re doing. And then maybe on top of that, as she said, there are certain companies that pose an additional risk. Again, I don’t think it’s unfounded to be worried about TikTok, but you need that floor for all companies because that gets at some of the global issues that both of the other panelists have mentioned. That gets at some of the concerns about focusing on one app. And you really are clear that you’re taking a principled approach rather than targeted whack-a-mole.
Anupam Chander:
First of all, plus one to everything that Justin and Rose have said. They should be running our cyber policy. Yeah. Anyway. TikTok couldn’t even influence America to save itself. Just really the level at which the discourse has occurred in the United States really is alarmingly shallow. And this is going to be a terrible precedent for the cause of … If you see the civil liberties community that, especially the ones that operate across borders, as Justin was describing at the start, we really are going to face a blowback. This is going to be trotted out in every circumstance that we complain about what happens elsewhere. They will say, “We’re just following what you did and we have similar concerns as you did.” So the one thing I’d say in terms of national … What I’d love to see them change in the law, besides what they’ve also said, I’d actually like to see … So CFIUS is not comprehensive enough. I totally agree with that with Rose. But it’s also not transparent enough. I want not just transparency from the tech platforms. She’s exactly right. We need more transparency in the tech platforms. But we also need transparency in the CFIUS. There is no public accounting from CFIUS at all.
Look at their website. There’s nothing. We know nothing of their activities. They don’t want to explain themselves. They have no obligation to explain themselves. And even after we have this massive … One of the main platforms for discussion in the United States being possibly removed by the US government, we have no explanation of what the actual risks are besides these incantations about the national intelligence law, et cetera, which applies to Apple as much as it applies to ByteDance, by the way. Just by its terms applies to Apple and Microsoft, which have engineers, et cetera in China. I’m not seeing any of those.
I understand the differences between two apps, but if we are doing this realm of theoretical risk, the theoretical risk appears in all these cases. Apple makes $80 billion last year in China. It has an enormous set of operations. So it also has to listen to what the Chinese government says. Does that mean that it’s going to rat out Americans in that process? I don’t believe so. But let’s look at the real risks that Justin and Rose are trying to focus on. So I would say let’s make sure that we’ve reformed our national security law not just to give more power to the national security authorities, but also to make sure that when they exercise that power, they have to explain themselves. They have to subject themselves to proper judicial review. Not some very narrow circumscribed judicial review, which some of these statutes have tried to do.
Justin Hendrix:
Well if the debate and discussion on this was shallow, as you say, I appreciate the three of you elevating it a bit I think in this discussion. Anupam, Rose, Justin, thank you very much.
Rose Jackson:
Thank you so much for having us.
Anupam Chander:
Real pleasure.
Justin Sherman:
Thank you.