TikTok national security inquiry is the latest US show of force on Chinese access to American data
A TikTok logo is seen on a mobile device in Mountain View, California on November 2, 2019 as a photo illustration.
Yichuan Cao | NurPhoto | Getty Images
TikTok lets its millions of users record 15-second clips to trendy tunes. It has caught on with theatrical millennials and helped turn Lil Nas’ “Old Town Road” into a smash. Now, according to the U.S. government, it may be a national security risk.
The Committee on Foreign Investment in the United States, or CFIUS, has contacted TikTok’s Chinese parent, Bytedance, over concerns that its acquisition of social media app Musical.ly poses a national security risk, a person familiar with the situation told CNBC. The inquiry, first reported last week by Reuters, stems in part from the dangers the committee perceives from the Chinese government’s access to the app’s data and user profiles, the person said.
CFIUS reached out to Bytedance after a number of U.S. lawmakers, including Sen. Marco Rubio, R-Fla., Senate Minority Leader Chuck Schumer, D-N.Y., and Sen. Tom Cotton, R-Ark., publicly called for an inquiry into the company, the person familiar with the situation said.
The inquiry, which has not yet turned into a full investigation, is a sign of CFIUS’ increased focus on the vulnerabilities that data affords, amid rising geopolitical tension and a growing focus on Big Tech.
“When this deal closed two years ago — in November 2017 — there wasn’t any real indication that CFIUS was going to care about something like this,” said Scott Flicker, chairman of the Washington office at law firm Paul Hastings.
Since then, CFIUS has put an emphasis on the potential national security risks involving data.
In last year’s U.S. Foreign Investment Risk Review Modernization Act, CFIUS explicitly defined its purview to include companies holding “sensitive personal data.” Access to “sensitive personal data” was at the heart of CFIUS’ decision earlier this year that the Chinese parent of Grindr must divest its stake in the gay dating app. CFIUS worried China could blackmail users of the gay dating app who were trying to hide their sexual identity.
Grindr’s Chinese parent has until 2020 to find a buyer.
In September, CFIUS, which is chaired by the Treasury Department, further defined companies under its watch as those with access to “sensitive populations” or ones, by nature of sheer breadth, that have data on sensitive populations. It defines such businesses as those with more than 1 million accounts.
“It’s not entirely clear if CFIUS’ focus will be primarily on cybersecurity and espionage or if it intends to target big data for marketing’s sake: ‘Is there somebody out there who can use these gigantic datasets to target messaging?'” said Paul Marquardt, a partner at law firm Cleary Gottlieb.
If CFIUS turns its TikTok inquiry into a formal investigation, it may be an indication of where the agency is headed.
There are global economic and political struggles playing out in the background that add another dimension to the TikTok story. While CFIUS is an independent agency filled largely with career professionals, it is operating while the U.S. and China are engaged in high-stakes talks over trade and internet issues.
President Donald Trump has repeatedly accused China of cheating on trade. While there have been signs of progress in talks of late, they come after a series of tit-for-tat tariffs between the two nations. Lawmakers on both sides of the aisle have pointed to China’s thef t of intellectual property from U.S. companies, as well as its dire human rights record under President Xi Jinping.
This, in turn, could create pressure for CFIUS to at least request more information if not launch a full investigation.
“Their response to political scrutiny is to make sure they’re able to say they did their jobs and defend their process,” Marquardt said.
A Treasury spokesperson told CNBC that CFIUS “does not comment on information relating to specific CFIUS cases, including whether or not certain parties have filed notices for review.”
A spokesperson for TikTok said the company “cannot comment on ongoing regulatory processes” but that the company “has made clear that we have no higher priority than earning the trust of users and regulators in the U.S. Part of that effort includes working with Congress.”
‘Powerful vector of risk’
The TikTok inquiry comes as U.S. regulators are questioning whether their country’s own companies have access to data that is more threat than bounty.
“So much of the promise of technology over the past 20 years was how to build a business model around monetizing personal data. Now, in 2019, CFIUS is making clear that personal data can also be a very powerful vector of risk,” said Mario Mancuso, who leads the international trade and national security practice at law firm Kirkland & Ellis.
Twitter and Facebook disclosed in August they had suspended numerous accounts that they said were tied to a Chinese disinformation campaign against pro-democracy protesters in Hong Kong. Facebook and Google are both battling multiple antitrust probes and defending the power that data access affords them.
Rep. David Cicilline, D-R.I., who is leading the House antitrust investigation into Google and other technology companies, last week blasted Google over its plans to acquire health app Fitbit, arguing the deal gives it access to “deep insights into Americans’ most sensitive information — such as their health and location data,” which he argued will “further entrench its market power.”
New York Attorney General Letitia James has said the 47 attorneys general investigating Facebook for anti-competitive activity are looking into whether it “may have put consumer data at risk.“
Facebook’s own attempts to expand in China were thwarted, despite CEO Mark Zuckerberg’s well-publicized run through smoggy Beijing. The social media giant, meantime, now faces direct competition from TikTok, which opened an office close to Facebook’s headquarters so it can poach employees. Zuckerberg took aim at TikTok for censoring its content in a recent speech amid criticism of Facebook’s policy against taking down fake political ads.
Under intensified regulatory spotlight, some tech leaders have put the focus on China, arguing data is better served if owned only by U.S. companies.
“I heard this in private meetings from both sides of the aisle, that while people are concerned with the size and power of tech companies, there is also a concern in the United States about the size and power of Chinese tech companies, and that, you know, realization that those companies are not going to be broken up,” Facebook Chief Operating Officer Sheryl Sandberg told CNBC in May.
“And so, the question is for us is how do we make sure we protect privacy, how do we make sure we work with authorities to safeguard elections, how do we make sure the right content is on Facebook and how do we make sure that the right regulatory framework is in place? And we’re working hard on all of that.”
— CNBC’s Lauren Feiner contributed to this report.