By Sonni Efron

Sept. 22, 2020 – Despite bipartisan agreement that U.S. adversaries can and do weaponize American data to advance their geopolitical aims, there is little agreement about how best to stop them.

In a National Press Foundation briefing, three experts laid out their views about which data truly pose national security risks, which do not, and how policymakers and the public can better understand the risks.

The discussion was held amid the unfolding struggle by the Trump administration to force either divestiture or meaningful U.S. corporate control over the TikTok social media platform, owned by a Chinese company. A parallel legal battle is unfolding over a second Chinese-owned app, WeChat.

Adam Segal of the Council on Foreign Relations argued that TikTok does not pose a particular threat to national security, although its data collection practices do raise privacy concerns. But he said the preliminary deal TikTok has struck does not answer the Trump administration’s security concerns and is “pretty much a win for China.” (Watch the three panelists discussing the latest developments here.)

“For China, it’s looking pretty good,” agreed Lindsay Gorman of the Alliance for Securing Democracy. Gorman believes that TikTok does pose a national security threat, both because of a Chinese law that requires companies to hand over any data to the government, and because of the power of its algorithm to use the data collected to censor and manipulate TikTok users.

 

Moreover, the proposal by TikTok owner ByteDance to  establish an artificial intelligence education fund could create a  U.S. business opportunity for the two Chinese companies, Gorman warned. The proposal creates more confusion and undermines the original national security goals that prompted the Committee on Foreign Investment in the United States (known as CFIUS) to recommend divestiture in the first place, she said. (Gorman’s full presentation is here.)

Clete Willems, an Akin Gump partner who served as a White House trade official from 2017-2019, said the complex U.S. struggle to counter Chinese attempts at information dominance will continue to play out no matter which party wins the White House in November.

“It is difficult to draw these lines in the right ways,” Willems said, noting that the administration’s actions against TikTok and WeChat will set important legal precedents. The U.S. concerns about data, surveillance and propaganda “apply to a broad range of Chinese companies. And this really is just the tip of the iceberg, and so how they draw these lines is going to be incredibly important.”

He warned: “We're going to be dealing with this issue for years to come." (Watch Willems’ presentation here.)

Segal presented a taxonomy to help journalists understand the five different types of risk posed by various Chinese data-collection and cyber activities.  (See his chart here for the activities and U.S. countermeasures.)

The largest national security threat comes from Chinese theft of data through hacking and operations that have been taking place for the past 15 years, Segal said. One of the best-known is “Cloud Hopper,”  a  massive Chinese state-sponsored cyberespionage attack that stole U.S. officials’ security clearances, a trove of intellectual property, and other valuable data.

Other threats emerge from China’s espionage, including the ability to disrupt supply chains and coerce its targets. Data collection advances espionage and intelligence – and these activities that are facilitated by WeChat and other apps. Data also enables and influence operations, which China has conducted on Facebook and WeChat.

Least dangerous to U.S. national security – although of immense importance to human rights – is China’s use of personal data to control the behavior of its own citizens and advance digital authoritarianism, Segal said.

The Chinese could retaliate against the United States for the crackdown against TikTok and WeChat, but the irony is that China has already banned nearly all of the major American-owned software platforms from its market, Willems said. That list includes Facebook, banned after riots in China in 2009, as well as Google, Twitter, YouTube, Instagram and Wikipedia.