TikTok Chinese Ownership Raising National Security Concerns

China’s growing sphere of influence in the global technology sector is an especially fraught area of concern for US lawmakers. Early development of nascent or popular technologies means prominent, profitable footholds for patent holders while paving a path for future growth, and accusations of espionage are not unusual. A trade war between Washington and Beijing has further complicated relations between the two countries.

In the latest flashpoint, a bipartisan effort led by Senators Tom Cotton (R-Ark.) and Chuck Schumer (D-N.Y.) has raised concerns about the video app TikTok, and the broader US government is taking note.

Senators Cotton and Schumer outlined in a letter to Acting Director of National Intelligence Joseph Maguire that scrutiny has never been higher. The pair of senators are worried about “China’s vague patchwork of intelligence, national security, and cybersecurity laws [that] compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.” Specific to their concerns is TikTok, the wildly popular short-form video app that was acquired by Chinese company ByteDance as Musical.ly two years ago, then merged with an app called Douyin into its current incarnation.

Cotton and Schumer profess multiple fears about the application: TikTok, which boasts 26.5 million monthly active users in the United States, with roughly 60% falling between the ages of 16 and 24, “collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information.” Because the company is beholden to Chinese law, and because of the Chinese government’s track record of censorship and content manipulation, as well as potential foreign influence campaigns ala Russia in 2016, Cotton and Schumer believe enhanced scrutiny is warranted.

The senators’ plea prompted quick action from regulators. Reuters reports that the Committee on Foreign Investment in the United States (CFIUS), which has grown under the Trump administration, has taken over the review process. The committee, which is tasked with evaluating acquisitions of US companies by foreign businesses, was not asked to and did not clear the deal when it was initially completed, allowing it to open a retroactive investigation.

ByteDance, Chinese Investment in America, and New Regulation

ByteDance has shot to prominence via TikTok and news platform Jinri Toutiao. The company’s apps “have 1.5 billion monthly active users and 700 million daily active users, the company said in July,” and is currently valued at $78 billion. With backing from Sequoia Capital, SoftBank, and other heavy hitters in the private equity world, the company is pegged by analysts as “a strong threat to other Chinese tech industry firms” like Tencent and Baidu.

ByteDance’s acquisition of Musical.ly is not unusual. Chinese investors have long looked to the US for moneymaking opportunities, says Ars Technica, but are encountering more hurdles in light of recent tensions. Beijing Kunlun Tech Co., another major tech player in China, “acquired a majority stake in Grindr, a matchmaking app for men seeking men, in 2016 and then acquired the company outright in 2018.” CFIUS review revealed in March that “a database of US user activity was made accessible to company engineers based in Beijing,” after which time Kunlun “publicly agreed to divest Grindr to another buyer by June 2020.” The CFIUS also scuttled a potential purchase of MoneyGram by Chinese-owned Ant Financial, and “compelled Oceanwide Holdings and Genworth Financial Inc. to work through a U.S. third party data administrator to ensure the Chinese company could not access the insurer’s U.S. customers’ personal private data.”

What Comes Next?

The CFIUS does not comment on in-progress investigations, but sources told Reuters that the regulators are “in talks with TikTok about measures it could take to avoid divesting the Musical.ly assets it acquired.” For its part, TikTok has promoted their “[commitment] to transparency and accountability” and avowed their cybersecurity practices. The company says that US user data is stored in the United States, “with backup redundancy in Singapore;” their data centers are not located in China, nor is their data “subject to Chinese law.” The company has also reinforced that they “[do] not remove content based on sensitivities related to China,” nor have they been contacted by the Chinese government to do so.

Schumer and Cotton have applauded the probe, along with Senators Marco Rubio and Josh Hawley and Facebook CEO Mark Zuckerberg. Its findings will be revealed in the coming weeks, but this particular instance seems more important in the context of its overall trend: Chinese companies looking to purchase US counterparts will be subject to a harsher spotlight where US-citizen user data is concerned.

Quandary Peak Research

Based in Los Angeles, Quandary Peak Research provides software litigation consulting and expert witness services. We rapidly analyze large code bases, design documents, performance and usage statistics, and other data to answer technical questions about the structure and behavior of software systems.