Just over a year after the U.S. government placed restrictions on China’s Huawei, the ongoing economic rivalry between the two countries has found a new target. For weeks the Trump administration has hinted that it is considering banning TikTok, the short video app over national security concerns. With over 2 billion downloads globally on the App Store and Google Play, TikTok has emerged as a serious competitor to U.S. based social media apps particularly in emerging markets like in Indonesia, India, Egypt, Nigeria and Brazil. TikTok is especially popular amongst young users, about 60 percent of its active users in the U.S. are between the ages of 16 and 24. In the first quarter of 2020, the app was downloaded 315 million times globally.
TikTok’s success has caught the eye of regulators and policymakers around the world. Australia, Turkey, and the United Kingdom are allegedly reviewing the app for security risks. In June 2020, the Indian government banned TikTok along with 58 other Chinese apps accusing them of engaging in activities that were “prejudicial to sovereignty and integrity of India”. The move has led to TikTok being shut out of its biggest and fastest growing market.
If you scroll through TikTok, it is hard to understand why an app filled with videos of people lip-syncing and remixing dance or music has come to be viewed as a national security risk in the U.S. and abroad. Those promoting the idea that TikTok is a threat, enumerate three distinct but interrelated factors:
- TikTok’s content moderation practices
- TikTok’s handling of user data
- TikTok’s Chinese provenance
After examining the first two, it’s pretty clear that the only one that really matters is its status as a Chinese company.
China’s Influence over TikTok’s Content
Critics of TikTok have argued that China could leverage TikTok’s influence and reach to extend its censorship regime, and sway public opinion or influence policy in foreign countries. Claims that TikTok is a tool for the Chinese censorship gained traction after leaked guidelines revealed that the company had instructed its staff to censor topics deemed sensitive in China such as Tiananmen Square, Tibetan independence and the religious group Falun Gong. TikTok has confirmed the authenticity of the guidelines but said that they are no longer in use. More recently, the app has been accused of shadow banning or restricting videos on topics deemed sensitive in China and blocking pro–Hong Kong content, although an investigation by Buzzfeed has refuted these allegations. The concerns around content moderation on TikTok is not limited to fears of politically motivated censorship, but has expanded into claims that the app could be used as a vehicle for Chinese propaganda and other influence operations.
Fears of censorship on TikTok are largely driven by the fact that the app is owned by ByteDance Technology Co. which operates out of China and is therefore bound to the Chinese censorship regime. While ByteDance is a Chinese company, TikTok was created for the global markets and is not available in China. ByteDance has created a separate app for the Chinese market—Douyin. Having two separate entities has allowed ByteDance to navigate the censored and restricted Chinese market while competing with social media companies like Facebook and YouTube in markets outside of China. Distinguishing between the two companies is important as the markets they operate in shapes the policies and practices within each company. In adherence with the regulations that China imposes on all web users and platforms Douyin censors content and deploys facial recognition technology to monitor its users. By operating outside of China, TikTok is not bound by the same stringent rules. While ByteDance collaborates with the Chinese government to disseminate state propaganda about Xinjiang, and Douyin wipes away evidence of China’s actions in Xinjiang, TikTok ended up apologising for suspending a video talking about China’s action in Xinjiang.
As a global company operating outside of China, TikTok has no commercial or political incentives in promoting pro-China content on its platform. Even assuming that TikTok is taking a pro-Chinese line should it be labelled a national security threat? As a social media company operating in the U.S., Section 230 of the Communications Decency Act grants TikTok discretion over moderating content on its platform. TikTok does not have a monopoly on information resources in the U.S. and if users do not approve of the content on the app, they have the freedom to delete it. TikTok maintains that Bytedance or the Chinese government have no influence over its content moderation decisions. The claim is backed up by its transparency report which confirms that the company has not received or complied with any requests for content removal by the Chinese government.
Social media companies being enlisted in the service of state censorship and propaganda is a legitimate concern, but this threat is not limited to TikTok. Recently, Facebook agreed to significantly increase the censorship of “anti-state” posts for local users in Vietnam after its local servers were taken offline for a few weeks. All big U.S. based social media companies including Facebook, Google, YouTube, and Amazon have been accused of heavy-handed censorship, political bias or inadequacy in their content moderation practices. Since May, U.S. social media platforms have been engaged in a stand-off with President Trump over bias in their content moderation policies.
Accountability to prevent preferential treatment of content and double standards in applying rules or procedures is much needed. But the answer to countering censorship and propaganda on platforms is not to ban them but to push for transparency in how companies moderate content. TikTok has recently overhauled its community guidelines bringing them in line with policies of other major platforms and has published information on how its recommendation algorithm works. The company is setting up a Transparency Center to provide outside experts an inside view of its content moderation practices. These are steps in the right direction towards developing an understanding of how platforms can uphold consistent policies in the face of competing societal expectations, different experiences, cultures, or value systems.
TikTok and User Data
The revelations that Cambridge Analytica purchased the personal profiles of 50 million or more of Facebook’s U.S. users who were then targeted by President Trump’s election campaign has led to a number of large social media platforms being scrutinized for their privacy and data protection practices. The Federal Trade Commission (FTC) has imposed a record-breaking $5 billion penalty and sweeping new privacy restrictions on Facebook. The settlement with Facebook is the largest ever imposed on any company for violating consumers’ privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide.
Like other big platforms, TikTok has attracted the attention of regulators for its data privacy and security practices. Last month, TikTok made headlines when it was caught abusing a problem in iOS 14 beta version which allowed apps to secretly access the clipboard on user devices. In February 2020, TikTok was fined by the FTC over allegations that an earlier version of its app violated the Children’s Online Privacy Protection Act (COPPA) by failing to provide the proper safeguards to protect the privacy of its young audience. Google ended up paying $170 million, a much higher amount than TikTok’s $5.7 million fine, to the FTC for violating the exact same child privacy law. TikTok has grabbed eyeballs for privacy violations, but it is hardly different from the likes of Facebook and Google who continue to create privacy disasters. Just this week, Google has been called out by the Australian Competition and Consumer Commission for misleading millions of Australians to obtain their consent and expand the scope of personal information that it collects about users’ internet activity.
TikTok has been accused of being a “data collection service that is thinly-veiled as a social network” by an anonymous Redditor who claims to have reverse engineered the app’s software to gain an insight into the massive amounts of data it is collecting on its users. A lawsuit filed in California last December 2019 alleges that: “TikTok profits from its secret harvesting of private and personally-identifiable user data by using such data to derive vast targeted-advertising revenues and profits.” Consideration of the security risks posed by the app’s access to sensitive data like geolocation and internet history has resulted in targeted bans. Various military branches prohibit the use of the app by personnel. A few corporates and political parties have also attempted to restrict the use of the app by their staff for security reasons. More recently, legislative proposals seeking to ban TikTok from work devices of all federal employees have gained traction.
TikTok’s emergence as the target of concerns over data privacy are driven by the fact that it collects information like the internet or other network activity information such as users IP address, unique device identifiers, GPS data, browsing or search history, and cookies. The personal information collected by TikTok is the kind of data collected by most apps. A great deal of what TikTok does with that data is common across other social media platforms—garnering an understanding of its users, their phones, their likes and dislikes, affiliations, interests and behaviors. If TikTok is suspicious because of data collection practices, aren’t all other platforms? The core business model of all social media companies, whether U.S. based or not, is monetizing the data they collect from users—not only for themselves but also for selling to others. It seems obvious that when targeted advertising is a huge source of revenue, social media companies are commercially oriented and collect information about their users and sell it to advertisers.
The challenge for TikTok is not just that it captures significant amounts of user data, rather what matters to policymakers is who has access to the app and the information it gathers. TikTok’s terms of service state that even if data collected overseas is stored on servers in the U.S. and Singapore, it may be shared with its parent company ByteDance and its affiliates. The ambiguity around the clause has led National Security Adviser Robert O’Brien to accuse the app of sending “intimate data” back to China for processing. These allegations of data transfers to China remain unproven and TikTok insists that user data is stored in the U.S. and Singapore, with strict controls on access to source code and sensitive data. Clearly, though, it’s an allegation that is not going away. Recently, Secretary of State Mike Pompeo warned people should use TikTok only “if you want your private information in the hands of the Chinese Communist Party”.
The threat that TikTok could pass information to state agencies persists as China’s cyber governance regime lacks clarity of law, oversight mechanisms, and clear pathways for contestation. Several laws rope in Chinese companies into collaborating with intelligence services and law enforcement. It is unclear what kind of strategic value an app filled with lip-syncing and dancing videos has for intelligence or law enforcement agencies. The fiercest critics of TikTok have not been able to prove whether data from the app could be or has been used to profile potential targets or undertake mass surveillance. The fears of TikTok being used for snooping by Chinese intelligence agencies also reflects a manipulative framing of the issue. Every government in the world can request data from information service providers in its jurisdiction.
While U.S. citizens have more legal protections than Chinese citizens and companies, once national security is invoked many of those protections disappear. As revelations by Edward Snowden highlight, the use of platforms for surveillance is not the prerogative of China and TikTok. NSA’s Prism program, a vast surveillance operation involving direct access to the systems of Google, Facebook, Apple, Microsoft and other U.S. internet giants, gleaned private information of millions of platform users. More recently, the U.S. Justice Department has made its support for ending end to end encryption within platforms. Those calling for a ban on TikTok need to consider the broader implications of their argument. If a Chinese company running a social media app that handles U.S. citizens data is deemed inherently risky for national security, then isn’t the same true of Apple, Microsoft and Google?
In any case, a country with the kind of advanced cyber capabilities that China has does not need TikTok to gather data about U.S. citizens. It can, and has found other ways of gaining access to companies holding American data. China was behind the single biggest compromise of healthcare data in history that compromised the health records of nearly 79 million people including their names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information. In 2015, China’s hacked the U.S. Office of Personnel Management (OPM) gaining access to classified information on more than 21 million people. OPM was the largest of a series of hacks against U.S. based companies and services that had data on government employees providing the Chinese with a wealth of personal information for counter-intelligence purposes. More recently, in 2017 the Chinese military hacked Equifax to steal the Social Security numbers and other personal information of nearly 150 million Americans.
While limiting the risk of unauthorized data access and protecting privacy of citizens is a legitimate and commendable policy goal, historically, the U.S. government has done little to improve the accountability of companies that collect and use sensitive information. For example, following the OPM hack government employees tried to sue the agency for violating their privacy, however their case was dismissed on the grounds the Privacy Act only prohibited the agency from giving up users’ data willingly. Currently, there is no overarching federal privacy law that governs private-sector companies that collect and resell personal information. There is also no federal statute that gives consumers the right to learn what information is held about them for marketing purposes and who holds it. In the face of these broader privacy gaps, regulators and policymakers in the U.S. should drive the development of standards on what data can be collected and retained by all companies. Setting minimum standards on data collection and access will help protect U.S. personal data, regardless of whether the threat a state-sponsored hacker, data brokers selling data, or a private company transferring the data to China.
TikTok’s National Origin
The assault on TikTok is really a repetition of the problems of any social media platform; TikTok is not distinctively worse than the dominant players, and its prospective audience is a lot smaller. The real problem with TikTok is that it is Chinese. By identifying TikTok as Chinese, its critics play on three leaps of logic:
- Any Chinese firm is allegedly an agent of the Chinese Communist Party (CCP). The assumption here is that Chinese firms are not trying to make money, they are doing politics.
- After equating the entire Chinese economy and all its firms with the CCP, the next leap of logic is to assert that U.S. and China cannot co-exist and are locked in a global struggle for supremacy. If Chinese firms have data about you, then the Chinese state will use that to harm and control us. When you download TikTok, you are downloading Communism.
- After positing an irreconcilable conflict between the U.S. and China, the next leap is to assume that U.S. will defeat this menace not through competition but by walling itself off from the Chinese economy. The advocates of this view imply, seemingly without even knowing it, that the U.S. should imitate the China, becoming more like them. The U.S. should ban Chinese services and information sources, expel their telecom firms and block any international cables that touch China. The U.S. should nationalize the 5G network, erect export controls to wall off chips and software, and develop industrial policy initiatives in high-tech areas. Washington’s push to ban Tiktok is part of a full-fledged imitation of Chinese economic nationalism and censorship.
At its root, the debate on banning TikTok boils down to whether or not it is acceptable to shut down applications and services based on their country of origin. Policymakers weighing in on the issue should be mindful that a ban on TikTok sets a dangerous precedent in which governments can shut out entrepreneurs and capital using blanket national security claims as justification. When it comes to social media platforms, there are legitimate data security and content moderation issues that need to be addressed, but militarizing these problems is not the answer. The decision on TikTok will have ramifications for whether countries accept the U.S. vision for data and content governance. It will also serve as a roadmap for other governments that are concerned about the U.S. government and companies having access to their citizens’ data .
The focus on TikTok suggests that geopolitical competition between nations over the global technology landscape has spilled over to the application layer. If there is any competition between the American way and the Chinese way, Americans will not win it by imitating the Chinese. Protectionism and censorship are for second-rate economies and third-rate military powers. Now more than ever, U.S. needs to retain its identity as a free and open economy, and leverage the competitive advantages that brings. It cannot do that by building an American Great Firewall. Openness, competition and freedom are sources of strength, not weakness.