Concerns about TikTok balloon again in Congress

For more than a billion users around the world, TikTok is just a mobile video-sharing app that they scroll through to watch people dancing and cats falling off of furniture (or cats dancing and people falling off of furniture). For the US Congress, however, TikTok is a political football that has yet to be spiked. It has been four years since national-security concerns over the app, which is owned by the Chinese company ByteDance, first hit the news in a big way. The story crescendoed in 2020, when then-President Donald Trump signed an order that would have banned the app (as well as the popular Chinese messaging app WeChat) from the US unless ByteDance sold its operations to an American entity. This, in turn, triggered frantic maneuvering among potential buyers, including Microsoft, the cloud-computing firm Oracle, and a group of investment banks. Ultimately, Trump’s order was blocked by the courts. In the summer of 2021, President Biden revoked it.

That didn’t end the debate over what to do about TikTok, however; indeed, in announcing the revocation of Trump’s order, Biden announced a wider review of foreign-owned apps. Over the past year, everyone from the administrative arm of the US House of Representatives to state colleges have banned the app on their devices or networks, while members of Congress have asked Apple and Google to remove TikTok from their app stores. In November, Brendan Carr, a member of the Federal Communications Commission, told Axios: “I don’t believe there is a path forward for anything other than a ban” of TikTok in the US. In December, the Wall Street Journal reported that officials at the Pentagon and the Justice Department want to force ByteDance to sell off TikTok, because of what they see as a risk that Beijing will be able to access Americans’ TikTok data and use the app’s algorithms to influence what American users see. In January, Josh Hawley, a Republican US senator, introduced a bill that, echoing Trump’s old order, would ban the app for all American users.

Recently, the shooting down of a Chinese surveillance balloon—and China’s warnings of reprisals against the US—have pushed tensions over TikTok to even higher levels. Chuck Schumer, the Senate majority leader, said earlier this week that a complete ban on TikTok “should be looked at.” Marco Rubio, a Republican senator from Florida, and Angus King, an independent from Maine, reintroduced a bill aimed at banning TikTok from operating in the US unless it severs its ties to China. TikTok, Mario Díaz-Balart, a Republican Congressman from Florida, said, is “basically a Chinese Communist Party balloon in everybody’s home.” After the balloon was shot down, his colleague Matt Gaetz added: “Now blow up TikTok.”

Reporting from a number of news outlets has shown that concerns over TikTok’s handling of user data are far from theoretical. In December, ByteDance acknowledged that staffers accessed data on journalists from Forbes and the Financial Times as part of an attempt to identify the sources of leaks from inside the company. (TikTok says that the employees responsible for this conduct were fired). One of the journalists targeted was Emily Baker-White, who was at BuzzFeed News at the time and now works at Forbes. Last June, Baker-White reported, based on leaked audio from more than eighty internal TikTok meetings, that China-based staffers at ByteDance routinely accessed data on US TikTok users, despite the company’s repeated assurances that data pertaining to US users stays in the US. As I noted last year, Michael Beckerman, TikTok’s head of public policy for the Americas, told senators in a 2021 hearing that only a US-based board of advisors determined where data on American users should go and who should see it. The Senate Intelligence Committee has asked the Federal Trade Commission to investigate whether TikTok misled officials.

These kinds of revelations help explain why TikTok has been trying, for more than two years, to convince the Committee on Foreign Investment in the US—the agency that reviews foreign investment for national security purposes—to agree to a deal that the company says would assuage concerns about its access to data on American users and its influence over the platform’s algorithm. (As the Journal noted this week, the Chinese government would also have to approve any deal.) TikTok has recently launched a full-court media press, including taking journalists on a tour of its “Transparency and Accountability Center,” a new facility inside the company’s offices in Los Angeles. Shou Zi Chew, TikTok’s CEO, has agreed to appear before the House Energy and Commerce Committee next month. Per the Journal, this will be the first time that such a senior TikTok staffer has testified before Congress.

The plan that TikTok wants the CFIUS to approve is code-named Project Texas, and involves storing data related to US users on US servers—it is already doing this, with the help of Oracle, but CFIUS hasn’t approved it as an official solution to the problem of access by the Chinese government. TikTok is also proposing to empower a board of US advisors to oversee its algorithms. As Lawfare described it, at the core of Project Texas is a new American subsidiary, TikTok US Data Security, which was formally created last July. This entity “houses the functions of TikTok’s business that are most likely to give rise to national security concerns, such as access to US citizen data and decisions on content moderation,” Lawfare reported.

The new entity will have an independent board of directors, which TikTok will nominate and CFIUS will review, and the board will report directly to CFIUS and not to ByteDance or TikTok, according to the briefing that Lawfare and other journalists received from the company. Oracle will oversee all the data entering or leaving the entity, and ensure that it does not pose a security risk. Oracle will also be in charge of oversight of TikTok’s moderation system, recommendation engine, and promoted content—and, if it identifies a potential risk, it will flag that risk for the government. TikTok told journalists that creating the US subsidiary will cost one and a half billion dollars, and that operating the new unit will cost between seven hundred million and one billion dollars per year.

In a recent edition of his Platformer newsletter, Casey Newton noted that some researchers don’t believe that the kind of oversight TikTok is promising will accomplish anything. Klon Kitchen, a security researcher at the American Enterprise Institute, a right-of-center think tank, said on Twitter that TikTok is adopting a “catch me if you can” strategy, where “it strikes the pose of transparency but places the burden on outside reviewers of identifying and pursuing threats.” Even if every line of TikTok’s code were validated, “there is simply no way to maintain reliable, real-time situational awareness on a code base this large,” Kitchen wrote.

Regardless of the effectiveness of Project Texas, however, not everyone sees TikTok as the national-security risk that many members of Congress believe it to be. Writing for Techdirt late last year, the journalist Karl Bode argued that most of the outrage about the app and its use of data is “of the manufactured moral panic variety.” Bode points out that even phones without TikTok tend to be filled with “dodgy domestic and foreign apps collecting everything from their daily location habits to detailed online behavior metrics.” That data is then theoretically anonymized and sold to “a laundry list of dodgy international adtech companies and data brokers.” Bode notes that it would be trivial for China—or any other government, for that matter—to acquire this data and build profiles about Americans’ online habits, if it so chose. (And that’s before we get started on the balloons.) “Fixating on a single app doesn’t make any coherent sense,” Bode writes. “You’ve either got to fix the broader problem with actual policies and solutions, or you’re just making noise.”

Unfortunately for anyone eager to see an end to the TikTok discussion, Congress finds it easier to make noise than to solve complex problems. And this problem is very complex. Bode makes a good point: if we are supposed to be concerned about the security of personal data on smartphone apps, surely we shouldn’t be focusing on a single app simply because it is Chinese-owned. The problem is much wider than that.

Other notable stories:

• Yesterday, dozens of contributors to the Times signed an open letter expressing “serious concerns” about the paper’s coverage of transgender, non⁠-⁠binary, and gender nonconforming people. “The Times has in recent years treated gender diversity with an eerily familiar mix of pseudoscience and euphemistic, charged language, while publishing reporting on trans children that omits relevant information about its sources,” the letter reads. “Some of us are trans, non⁠-⁠binary, or gender nonconforming, and we resent the fact that our work, but not our person, is good enough for the paper of record. Some of us are cis, and we have seen those we love discover and fight for their true selves, often swimming upstream against currents of bigotry and pseudoscience fomented by the kind of coverage we here protest.” (The Times defended its coverage.)
• Reggie Ugwu, of the Times, went deep on a difficult moment for the once-booming podcast industry, with major podcast producers making cuts in recent times. “Although many companies continue to invest in podcasts, and overall downloads continue to rise, interviews with a dozen current and former podcast producers and executives indicated increased reluctance among publishers to fund projects with no obvious path to short-term profitability,” Ugwu writes. “Short-run or seasonal narrative podcasts, which have a limited window to build audiences and attract advertisers, are under especially sharp scrutiny.” One expert told Ugwu that “the dumb money era is over” for the field.
• Alexander Russo, of The Grade, makes the case that “school gun violence coverage needs to be dramatically changed or altogether halted.” Gun violence “in homes and communities accounts for the vast majority of shootings and deaths,” and yet “school gun violence continues to be a focal point,” Russo writes, leading to “unnecessarily terrified students and parents, ‘hardened’ schools that treat kids as threats, and billions in school resources misspent on panic badges and other equipment.”
• Last year, Yanqi Xu, a journalist at the Flatwater Free Press, in Nebraska, submitted a public-records request to the state’s Department of Environment and Energy but was told that it would cost forty-four thousand dollars to fulfil. This week, a judge ruled that the fee demand was unlawful; Natalie Hanson has more for Courthouse News Service.
• And Liz Maynes-Aminzade, The New Yorker’s puzzles editor, spoke with Will Shortz, her long-serving Times counterpart who “was clearly put on this earth to puzzle.”

ICYMI: How can newsrooms better serve communities of color?