January 23, 2023

IntelBrief: National Security Concerns Continue to Grow Over the Use of Social Media App TikTok

AP Photo/Kiichiro Sato

Bottom Line Up Front

  • The recent banning of TikTok from all federal devices is the latest restriction of the platform by the U.S. government over its perceived threat to national security.
  • The national security debate around the social media platform comes amid intensified strategic competition between the United States and China (PRC)—including in the fields of espionage, data harvesting, and emerging technologies.
  • Given China’s record of censorship, propaganda, and influence operations, the question concerning data access and content control by the app’s parent company is key to understanding national security implications.
  • U.S. allies like the European Union are also re-evaluating critical infrastructure safeguards, research and development into dual-use technologies, and trust and safety online.

TikTok’s perceived national security threat has resulted in a number of U.S. government restrictions, with the U.S. Congress most recently enacting legislation banning the app from all federal government devices. With over one billion users worldwide, including more than 130 million based in the U.S., the app has gained popularity since launching in 2017, especially among children, teens, and young adults. Other countries have also voiced concerns over its potential national security implications; in June 2020, India banned TikTok and other Chinese apps. The platform’s national security concerns stem from ties between TikTok’s Chinese-owned parent company, ByteDance, and the Chinese Communist Party (CCP). There have been reports about data harvesting for malicious purposes, as well as CCP-aligned censorship on the platform.  The national security debate around TikTok comes amid intensified strategic competition between the United States and the People’s Republic of China (PRC)—including in the fields of espionage, data harvesting, and emerging technologies. ByteDance is headquartered in Beijing, China, and like most Chinese-owned and operated companies, expectations of CCP influence exist within the company. ByteDance’s organizational chart includes a CCP committee whose purpose is to ensure the company adheres to party values, ideology, and policies, such as “Xi Jinping thought.” Wu Shugang, a CCP official on ByteDance’s board of directors, has spent most of his career in the party working on propaganda, internet regulation, and censorship. While such influence is not uncommon in privately held Chinese companies, especially large tech companies, it highlights the party’s potential control over and access to TikTok, and by extension, its global user base. ByteDance and its platforms—including TikTok—are legally required to comply with requests from PRC law enforcement and security agencies and may be forced to hand over sensitive user data if asked.  While TikTok is currently negotiating with U.S. regulators and has made promises and plans to safeguard American user data, experts remain skeptical given the company’s CCP links and broader challenges of managing data privacy online. While it’s common practice for social media platforms to gather sensitive user data, the possibility that government and security actors might use this data for malicious purposes—such as tracking political dissidents and regime critics, influencing opinion and elections, and aiding the development of dual-use technologies —is concerning. While TikTok has repeatedly denied sharing U.S. user data with the Chinese government, ByteDance acknowledged in December 2022 that employees in China and the United States attempted to identify the sources of two U.S. journalists by querying personal data belonging to the journalists and their connections on TikTok.  The possibility that the app’s algorithm could be manipulated to influence users in the CCP’s favor has also been highlighted as a security concern, while the possibility that ByteDance—and by extension TikTok—being beholden to CCP-directed/aligned censorship, propaganda, and disinformation presents key challenges to freedom of expression, speech, and national security in democratic countries. Leaked documents from TikTok’s moderation team, as well as independent research and analysis, revealed how the platform’s algorithm suppresses content critical of the CCP, including criticism of the party’s human rights abuses against ethnic minorities. Meanwhile, whistleblower reports—which ByteDance has denied—suggest the company’s defunct English-language news app, TopBuzz, promoted content that portrayed China in a positive manner while censoring content that cast the country in a negative light. Indeed, while TikTok’s leadership and employees in the United States may install guardrails, its parent company is still influenced by and beholden to CCP-mandated laws and measures.  Given the CCP’s track record of censorship and propaganda, as well as its recent affinity for utilizing dis- and misinformation as a foreign policy tool, understanding the extent to which company leadership and employees’ access and control promoted content promoted users is key to understanding the app’s national security implications. However, dis-and misinformation linked to state actors is a critical issue prevalent across all major social media platforms. The threat of state-backed espionage and infiltration of platforms is equally concerning—as illustrated by the ex-Twitter employee convicted for using the social media platform to spy on Saudi dissidents. The evidence of authoritarian governments’ interest in accessing and influencing content across social media platforms underscores the importance of questioning TikTok’s data and metadata flows, organizational structure, and transparency of adherence to ByteDance and, in turn, the CCP.  U.S. allies like the European Union, are also re-evaluating safeguards to protect privacy, critical infrastructure, and research and development into dual-use technologies. On January 19, EU Internal Market Commissioner Thierry Breton warned the app could be banned if it did not comply with content rules. The announcement follows a recent ruling by the Irish Data Protection Commission which resulted in a $400 million fine being levied against Facebook’s parent company over its violations of the EU’s General Data Protection Regulation. The European Commission is also pursuing multiple investigations into TikTok for reportedly sending EU user data to China. Both Japan and the Netherlands are discussing instituting export controls on semiconductors like those unveiled by the Biden administration unveiled in October.