Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Foreign Policy
Foreign Policy
Politics
Rishi Iyengar

Is This TikTok’s Huawei Moment?

The TikTok logo is displayed in front of a TikTok office in Culver City, California, on Aug. 27, 2020. (Mario Tama/Getty Images)

Speaking to a room packed with geeks and government types in Washington last week, Will Farrell, interim security officer of TikTok’s new U.S. division, outlined how TikTok plans to assuage concerns about the company’s handling of user data. Dubbed Project Texas, the plan involves walling off TikTok’s software, data, and the mobile app for American users under the division, which will be overseen by the U.S. government and Texas-based tech giant Oracle.

“This goes beyond what any tech company is doing today—it’s much closer to government contractors,” Farrell told the conference. TikTok has spent two years and $1.5 billion on Project Texas, and is also rolling out a similar initiative tailored to European data security laws known as Project Clover, according to the company.

But nothing is coming up clover for TikTok, which is owned by Chinese tech giant ByteDance. The U.S. federal government, plenty of states, and U.S. allies overseas are all worried about the tech company’s ability to hoover up sensitive user data. The day after Farrell’s presentation, a dozen U.S. senators introduced a bipartisan bill called the RESTRICT Act, which would expand the Department of Commerce’s power to block transactions involving technology owned by foreign adversaries such as China and Russia. While the legislation does not single out TikTok, its proponents invoked the platform repeatedly in their statements introducing the bill. Commerce Secretary Gina Raimondo, Deputy Attorney General Lisa Monaco, and National Security Advisor Jake Sullivan all publicly supported the bill.

The tech company itself, whose short video app is the most downloaded app in the world, takes umbrage at the outrage.

“A U.S. ban on TikTok is a ban on the export of American culture and values to the billion-plus people who use our service worldwide,” a TikTok spokesperson wrote in an emailed statement about the RESTRICT Act. “For some time now, our status has been debated in public in a way that is divorced from the facts and the significant advances we’ve made in implementing Project Texas. We will continue to do our part to deliver a comprehensive national security plan for the American people.”

But if TikTok has a finger in the dike in Washington, the floodgates are opening elsewhere. In the past few weeks, the European Union, Belgium, and Canada have all banned the use of TikTok on government devices, mirroring similar bans put in place by the United States late last year. The Czech Republic’s cyber watchdog has warned against using the app, and the United Kingdom is reportedly weighing a similar ban of its own.

The United States has a history of pushing allies to help clip China’s technological wings, most notably with its long-running global campaign against Chinese telecommunications firm Huawei, and most recently with the Biden administration’s effort to restrict semiconductor exports to China. So far, Washington hasn’t pushed so hard on TikTok, and until late last month it was relatively isolated in its efforts to ban the Chinese-owned platform. But now, it’s not so quiet on the Western front.

“There’s a couple of factors that are probably playing into this shift that we’re seeing outside of the United States,” said Emily Kilcrease, senior fellow and director of the energy, economics, and security program at the Center for a New American Security. Kilcrease previously served as a U.S. trade and national security official. “One is a general hardening of political attitudes toward China regardless of what issue we’re talking about. … There’s also the factor that TikTok itself has not been doing itself any favors when it comes to building confidence that it is in fact a responsible company,” she said, referring to reports of ByteDance employees accessing TikTok data from China and the company’s recent admission that some employees (who were subsequently fired) accessed the user data of two journalists who were writing about TikTok.

Several experts have pointed out that TikTok’s data collection practices are no different than those of other large big tech platforms such as Facebook and Google. But fears about the platform’s Chinese ownership, particularly laws that enable Beijing to compel any company to share its user data with the government and the potential for China to use TikTok’s algorithm to influence U.S. users, have overridden any reassurances. TikTok’s insistence that it does not share data with the Chinese government and would not do so if asked has so far fallen on deaf ears.

A spokesperson for Canada’s Treasury Board Secretariat, which enacted the country’s ban on TikTok from government devices, told Foreign Policy that the ban stemmed from concerns that users of the app would be “vulnerable to surveillance” as well as the “applicable legal regime” governing the data TikTok collects. “This is consistent with the actions of many other jurisdictions, including the United States,” the spokesperson added.

A TikTok spokesperson wrote via email that it was “disappointing to see that other government bodies and institutions are banning TikTok on employee devices with no deliberation or evidence,” adding that the bans are “misguided” and do nothing to boost user security.

Restrictions on government devices are one thing, but the political and legal calculus involved in a total nationwide ban of TikTok may give governments pause. Experts who oppose a ban have also cited the impact it would have on free speech questions in the United States and beyond. Combatting China’s cyber reach is one thing; aping its methods is another.

“There’s a very strong reluctance to be seen as being ‘like China’ by banning things and censoring voices,” said Aynne Kokas, director of the University of Virginia’s East Asia Center and author of the book Trafficking Data: How China Is Winning the Battle for Digital Sovereignty. The United States wouldn’t be the first country to ban TikTok—India banned it, along with dozens of other Chinese-owned apps following military clashes on its border with China, nearly three years ago. But that was also before TikTok had a billion users, including nearly one-third of the U.S. population. “The Chinese apps that were banned at that time were much less powerful than TikTok is right now in the United States,” Kokas said.

That may not matter if the RESTRICT Act becomes law, with language that gives the U.S. Commerce Department a wide remit to “identify, deter, disrupt, prevent, prohibit, and mitigate” any transactions with foreign companies on national security grounds. But if Washington nonetheless forges ahead with a complete ban, it may find few followers.

“I can see the U.S. going for a full ban because of the China politics there,” one Western diplomat in Beijing said, highlighting the ban already enacted by then President Donald Trump in 2020 that was subsequently struck down by U.S. courts. “I don’t think many other countries are quite in the same place on China, at least yet.”

Even Europe, which has draconian data protection laws, hasn’t reached for the muzzle. There is “no further EU action planned at this stage, but of course nothing is ruled out if new information comes to light,” a senior European official said, adding that the bloc would continue to monitor TikTok’s compliance with its existing data protection regime. “The EU will not simply act because the U.S. may have acted, but there might be evidence [or] grounds that the EU will consider in deciding whether further measures are necessary,” the official said.

While the United States and Europe are approaching greater alignment on the threat posed by Chinese technology, there are still significant gaps between their approaches. Wrangling support from 27 EU member states for a TikTok ban may prove more challenging than pushing the RESTRICT Act through Congress.

“A full ban would most likely have to be agreed [on] by each individual member state, and some of them may make different judgments about the risk,” said Marietje Schaake, international policy director at Stanford University’s Cyber Policy Center and a former member of the European Parliament.

“In an ideal world, there would be shared rules on data protection and democratic principles across the Atlantic,” she added. “But we are not there yet.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.