Last week, in a significant move, the U.S. House of Representatives approved an updated bill that could lead to a nationwide ban of the popular social media video-sharing app TikTok unless its Chinese parent company, ByteDance, finds a non-Chinese buyer.
The Senate is expected to vote on the bill this week. President Joe Biden has previously indicated that he would sign the legislation into law if it receives congressional approval.
The effort to potentially ban an entire social media platform highlights the growing worry among U.S. lawmakers and government officials about the national security risks posed by TikTok. These concerns are primarily driven by fears that the Chinese government can covertly use TikTok as a tool to serve Beijing’s strategic interests.
“This bill protects Americans and especially America’s children from the malign influence of Chinese propaganda on the app TikTok,” Representative Michael McCaul (R-Tx) told Bloomberg after last week’s House vote. “This app is a spy balloon in Americans’ phones.”
Ultimately, the growing unease with TikTok reflects the broader concerns among global governments about the potential use of digital platforms for espionage and social engineering to influence public opinions and political outcomes.
Why Do Lawmakers Want To Ban TikTok?
The legislation, titled the Protecting Americans from Foreign Adversary Controlled Applications Act, would make it unlawful for any “foreign adversary controlled” entity to distribute, maintain, or update any “website, desktop application, mobile application, or augmented or immersive technology application” within the United States’s borders.
As specified by Title 10 of the U.S. Code, North Korea, Russia, Iran, and China are considered “foreign adversary” countries and are prohibited from receiving certain sensitive resources, including rare-earth materials like samarium, cobalt, and tungsten heavy alloy.
The proposed legislation leaves no room for debate on whether TikTok is “foreign adversary controlled” by explicitly naming the platform and its parent company, ByteDance Ltd., as prohibited entities.
For several years, lawmakers across the political spectrum have expressed worries that TikTok poses a national security threat by potentially allowing the Chinese government to conduct covert information operations targeting the American public.
These fears center on the potential for the Chinese government to use TikTok to collect vast amounts of personal data on its American users. This feeds into another concern that, through tailored content algorithms, Beijing could use the app as a conduit for social engineering and means of swaying public opinion in favor of China’s geopolitical interests.
To a lesser degree, some information security experts have also warned that TikTok’s Chinese software could also be used to introduce malware onto unwitting users’ mobile devices.
But is TikTok Really a National Security Threat?
In light of facing a potential “divest-or-ban” scenario, there’s no real consensus on whether TikTok poses a national security threat.
TikTok is owned by ByteDance Ltd., a technology company founded in China and currently headquartered in Beijing. However, during Congressional testimony in March 2023, TikTok’s CEO, Shou Chew, distanced the platform from its Chinese roots, emphatically denying that it or its parent company were controlled by the People’s Republic of China (PRC) or the ruling Chinese Communist Party.
On a “Myth vs. Fact” sheet on its website, TikTok said that 60% of ByteDance Ltd. is owned by global investment groups such as Carlyle Group, General Atlantic, and Susquehanna International Group. Another 20% is held by ByteDance employees, while the remaining 20% is privately owned by the company’s founder, Chinese entrepreneur Zhang Yiming.
However, the company acknowledges that one percent of TikTok’s mainland Chinese counterpart and subsidiary of ByteDance, “Douyin,” is owned by the PRC as part of China’s “Golden Share“ law.
Additionally, like most Chinese companies, ByteDance’s Chinese-based businesses are compelled by law to have an in-house Communist Party committee composed of CCP party members. Members of these required interoffice groups hold regular meetings to study party practices and President Xi Jinping. Analysts have said the CCP uses these workplace political cells to extend its grip on the Chinese economy.
In response, TikTok has said CCP’s laws and influence only pertain to “services in the Chinese market and has no bearing on ByteDance’s global operations outside of China, including TikTok, which does not operate in mainland China.“
To date, the U.S. government has not presented any evidence to suggest that TikTok has been used by the Chinese government as a covert tool against the American public.
On the contrary, in 2020, the Central Intelligence Agency (CIA) reportedly provided an assessment to the Trump administration that, though it was possible, there was no evidence that Chinese intelligence agencies had used TikTok to gather data or information on its American users.
Following a classified briefing by national security officials last week, some members of Congress said that current classified intelligence assessments still fail to demonstrate that TikTok is a legitimate threat.
“Not a single thing we heard in today’s classified briefing was specific to TikTok,“ Rep. Sara Jacobs (D-CA) told the Associated Press. “These are things that are happening on all social media platforms.”
Rather than harping on the PRC’s use of TikTok to surreptitiously gather data on American citizens, current top U.S. intelligence officials have largely focused on concerns over how the platform can be used for social engineering to influence public opinion.
During her March testimony before the House Intelligence Committee, Director of National Intelligence Avril Haines acknowledged that China could use TikTok to influence the upcoming 2024 presidential elections. However, America’s top intelligence official stopped short of saying there was any evidence the platform was being used by the People’s Republic of China for malicious purposes.
In previous congressional testimonies and interviews, both FBI Director Christopher Wray and CIA Director Bill Burns have expressed similar concerns regarding TikTok, noting the potential for China to use the platform for strategic purposes. However, neither official has claimed that TikTok is currently being used or has been used for information warfare.
In the 2024 National Threat Assessment of the U.S. Intelligence Community, officials said that China was demonstrating a higher degree of sophistication in its influence activity, including experimenting with generative artificial intelligence. The report noted, “TikTok accounts run by a PRC propaganda arm reportedly targeted candidates from both political parties during the U.S. midterm election cycle in 2022.“
The report, which compiles assessments on the major threats to national interests by the 18 agencies that make up the U.S. Intelligence Community, did not explain why TikTok was the only platform specifically mentioned or whether the PRC was equally using other social media apps for influence operations.
In a March 2023 report, researchers at the Georgia Tech School of Public Policy Internet Governance Project concluded that, after a “comprehensive national security threat analysis,“ the fears over the Chinese government weaponizing TikTok were unfounded and vastly overblown.
“TikTok is a commercially-motivated enterprise, not a tool of the Chinese state,“ researchers concluded in their report. “Chinese government efforts to assert control over ByteDance’s Chinese subsidiaries are targeting its domestic (Chinese) services, not its overseas operations.“
Georgia Tech researchers also found no evidence that TikTok’s content recommendation algorithm is being manipulated to support Chinese propaganda or the CCP’s strategic interest.
Conversely, researchers demonstrated that searching and viewing content that would be ruled illegal and banned by mainland Chinese media censors was possible. These examples included videos ridiculing Chinese President Xi Jinping or supporting and advocating for the independence of Hong Kong and Taiwan.
Additionally, analysts determined that TikTok did not pose a greater espionage risk than any other social media platform.
“The data collected by TikTok can only be of espionage value if it comes from users who are intimately connected to national security functions and use the app in ways that expose sensitive information,“ researchers wrote. “These risks arise from the use of any social media app, not just TikTok, and cannot be mitigated by arbitrarily banning one app.“
Recent empirical studies have also suggested that concerns about foreign governments’ ability to influence public opinions or political outcomes through social media are exaggerated and sensationalized.
In an extensive longitudinal study of Twitter users published in Nature Communications in 2023, researchers found that Russian foreign influence campaigns had no meaningful influence on public attitudes and voting behavior in the 2016 U.S. presidential election.
“We find no evidence of a meaningful relationship between exposure to the Russian foreign influence campaign and changes in attitudes, polarization, or voting behavior,“ researchers wrote. “Our results thus provide a corrective to the view that the foreign influence campaign and those like it can easily manipulate the attitudes and voting behavior of ordinary social media users.“
So, considering all available data, comments from lawmakers and intelligence officials, and empirical studies, the answer to whether TikTok currently poses a legitimate national security risk is no.
However…
A handful of past incidents have raised concerns about TikTok and demonstrate the potential for the platform to be used for malicious purposes.
In 2020, BuzzFeed News published leaked audio recordings of internal TikTok meetings that revealed that employees in China had access to U.S. user data, including “master admin“ permissions, which allowed them to access “everything.“
In response to the report, TikTok confirmed that Chinese employees had access to U.S. user data. The company also announced changes to its data storage practices, saying U.S. user traffic is now routed through the American-based Oracle Cloud. TikTok says all user data is now stored in Singapore, Malaysia, and the U.S., not in China.
In a 2023 legal filing with the San Francisco Superior Court, Yintao Yu, ByteDance’s former head of engineering in the U.S., further claimed that a special committee of the Chinese Communist Party embedded in the company had “superuser“ access, or “god credentials,“ which enabled them to view all data ByteDance collected, including data from U.S. TikTok users.
Yu alleged that CCP officials have used this superuser access to monitor Hong Kong protesters and civil rights activists, tracking their locations and communications. The allegations were part of a wrongful termination lawsuit Yu filed against ByteDance.
In response, ByteDance dismissed the claims as “baseless,“ emphasizing that Yu made these allegations five years after being terminated from his position at the subsidiary Flipagram.
In May 2023, former employees revealed to the Wall Street Journal that TikTok was tracking users who had viewed LGBT-related content. The company responded by saying its algorithms were used to boost engagement and track interests, but not specifically one’s sexual identity.
The possibility that Chinese government officials could have “superuser“ access or the ability to track users based on their sexual orientation presents real concerns. Yet, the most damning indictment against TikTok is that its Chinese parent company, ByteDance, has actually been caught using the platform to spy on American citizens in the past.
TikTok’s Spygate
In October 2022, Forbes reported that ByteDance’s Internal Audit and Risk Control Department had used the TikTok app to surveil certain U.S. citizens in at least two instances.
According to the report, while ByteDance’s Internal Audit team typically investigates potential misconduct by current or former employees, the U.S. citizens targeted in these instances had no employment ties with the company. The specifics of who was targeted or the reasons for their surveillance were not initially disclosed by Forbes.
TikTok promptly refuted the claims, asserting that its platform does not permit the “targeting” or tracking of U.S. citizens and criticized the Forbes report for lacking “rigor and journalistic integrity.“
On Twitter, TikTok stated, “Forbes chose not to include the portion of our statement that disproved the feasibility of its core allegation: TikTok does not collect precise GPS location information from U.S. users, meaning TikTok could not monitor U.S. users in the way the article suggested.”
However, less than two months later, TikTok had to retract its denials. The company acknowledged that an internal investigation found that employees in the U.S. and China had “improperly accessed“ the personal data of at least two American journalists.
According to TikTok, four members of the ByteDance Internal Audit team accessed personal data, including I.P. addresses, of journalists from BuzzFeed and the Financial Times in an attempt to identify the sources behind the leaked audio recordings revealing Chinese employees had “superuser“ access to American users’ data.
TikTok spokesperson Brooke Oberwetter confirmed that ByteDance had fired the four employees responsible for the spying incident, calling their activity an “egregious misuse of their authority.“
“The misconduct of these individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data,“ Oberwetter said in a statement to CNN. “This misbehavior is unacceptable and not in line with our efforts across TikTok to earn the trust of our users.”
In early 2023, the U.S. Department of Justice and Federal Bureau of Investigation (FBI) launched a criminal investigation into ByteDance’s surveillance of American journalists. Neither agency has provided any public updates on the investigation, which is believed to be ongoing.
TikTok and the future of Global digital politics
While the evidence on the actual threat level posed by TikTok is inconclusive, the combination of isolated espionage incidents targeting journalists and the potential risk of the Chinese Communist Party accessing vast amounts of American user data has prompted legislative action.
Proponents of the “divest-or-ban“ Bill have also pointed to China’s 2017 National Intelligence Law, which requires all Chinese organizations and citizens to “support, assist and cooperate with national intelligence efforts.“ Regardless of how pure ByteDance’s intentions are to protect user information, the company could still be forced to hand over user data or participate in intelligence activities on behalf of the PRC.
If the Bill is passed by the Senate and signed into law, TikTok will have nine months to find a buyer acceptable to the U.S. government. If the company fails to comply, the app would be removed from app stores and become inaccessible on U.S. internet browsers, effectively phasing it out from the American market. The implications for TikTok are stark, threatening its operational viability in one of its largest markets.
Ultimately, the legislative efforts targeting TikTok are emblematic of broader issues in global digital politics and the challenge of balancing national security with free speech.
As the Bill moves forward, it could set a precedent for how the U.S. handles security concerns related to foreign-owned social media platforms. Not all participants in the process are comfortable with the potential implications or the swift pace at which lawmakers are pushing to ban an entire social media platform.
“The answer to authoritarianism is not more authoritarianism,“ said Rep. Tom McClintock (R-CA) following last week’s House vote. “The answer to CCP-style propaganda is not CCP-style oppression. Let us slow down before we blunder down this very steep and slippery slope.
Tim McMillan is a retired law enforcement executive, investigative reporter and co-founder of The Debrief. His writing typically focuses on defense, national security, the Intelligence Community and topics related to psychology. You can follow Tim on Twitter: @LtTimMcMillan. Tim can be reached by email: tim@thedebrief.org or through encrypted email: LtTimMcMillan@protonmail.com