On March 13, the U.S. House of Representatives passed a bipartisan bill that would ban Americans from accessing the video app TikTok if its parent company, ByteDance, headquartered in China, does not sell its stake within six months. In some ways, the so-called TikTok bill appeared to be a remarkably strong piece of legislation: it passed by an overwhelming 352-vote majority, reflecting a rare degree of cross-party consensus. And it went beyond TikTok, banning other apps controlled by ByteDance. The bill also put other existing or future apps linked to the United States’ top strategic competitors—China, Iran, North Korea, and Russia—on notice, warning that they, too, could become subject to penalties such as fines, forced divestment of ownership, or forced termination of operations.

The legislation is meant to address a wide variety of problems: one of the bill’s co-authors, Republican Representative Mike Gallagher, of Wisconsin, has cited national security briefings that indicate that TikTok violates user privacy, targets journalists, and facilitates election interference. FBI Director Christopher Wray suggested in congressional testimony that the Chinese government could control millions of devices via the app, likely without the knowledge of users. Beyond these national security concerns are economic ones. ByteDance, unlike its U.S. competitors, can operate in both China and the United States, which gives it an advantage in developing social media algorithms and AI products.

Although the bill focuses on TikTok, it applies to all apps substantially linked to the four countries U.S. law defines as “adversaries.” This broader remit avoids violating the Constitution’s bill of attainder clause, which prohibits legislation from imposing a punishment on a specific person or group of people without a trial. But the TikTok bill retains a problematic focus on individuals—individual firms and certain kinds of people. That focus risks entrenching an overall U.S. policy that targets specific companies and people instead of systematically reviewing the safety of different categories of technology products.

Although U.S. senators from both main political parties share a desire to regulate TikTok, the TikTok bill is currently stalled in the Senate as legislators discuss revising its language and approach. The United States’ drawn-out effort to scrutinize TikTok itself demonstrates that attempting to regulate individual firms takes too long and yields uncertain results. And the bill’s components related to foreign individuals would encourage discrimination based on national origin against kinds of people who compose an irreplaceable part of the U.S. tech sector’s workforce. If it is passed in its current form, the bill will put pressure on corporate and personal relationships that are vital in their own way to U.S. national security—the collaborations between Chinese and U.S. tech entrepreneurs, which help disincentivize outright hostility between their countries’ governments.

Rather than ferreting out individual companies, as the TikTok bill demands, the U.S. government should align with allies and partners such as Europe and Japan—and even individual states such as California, Utah, and Virginia, which have already passed data-privacy laws designed to protect how consumer data is collected and used. This push needs to occur in a larger regulatory environment that supports increased consumer data protection, improved user education, and new digital trade agreements. TikTok does present the United States a distinctive national-security challenge because of its soaring popularity among Americans and where its parent company is located. But TikTok’s hazards constitute only part of a much larger, porous, and underregulated U.S. tech ecosystem. The TikTok bill is the wrong solution to a real problem.

TRENDING THREAT

TikTok, in its current form, began its life in 2018 when ByteDance, a leading Chinese Internet technology company, merged a niche Chinese youth entertainment app with Musical.ly, an internationally popular Chinese music-video-creation app it had acquired the year before. By late 2019, the app had 55 million North American users, on par with LinkedIn; this put TikTok 15th in the ranking of the most popular social media apps in America. U.S. politicians began to voice concerns about TikTok, however, only after Americans’ use of it exploded during the lockdowns instituted in the early months of the COVID-19 pandemic.

Alleging TikTok constituted a threat to national security and to the U.S. economy, in the summer of 2020 President Donald Trump attempted to ban the app from operating in the United States via an executive order. He also issued an executive order prohibiting American individuals and companies from conducting transactions with another Chinese-owned social media app, WeChat, effectively seeking to shutter the app’s U.S. operations. ByteDance filed a series of legal challenges stalling the proposed ban, insisting that it would prefer halting the app’s U.S. operations to selling it.

In June 2021, President Joe Biden revoked Trump’s orders banning Chinese apps. But the Biden administration continued to direct the U.S. Committee on Foreign Investment in the United States, the interagency committee that reviews the national security implications of foreign investments, to investigate TikTok. In December 2022, President Biden signed the No TikTok on Government Devices Act, prohibiting TikTok’s use on all devices issued by the federal government.

TikTok is by no means the only app operating in America that platforms disinformation.

Congress ramped up its scrutiny of TikTok in 2023: in March of that year, Democratic Senator Mark Warner of Virginia introduced the RESTRICT Act, which authorized the Commerce Department to review certain transactions between the United States and foreign adversaries and to take actions to, in the language of the bill, “identify, deter, disrupt, prohibit, investigate, or otherwise mitigate … any risk” that the review identified. That same month, the House Energy and Commerce Committee called TikTok CEO Shou Chew to testify about the app’s data privacy and child-safety practices. In January 2024, members of the Senate Judiciary Committee also grilled Chew in a hearing on child online safety. And on March 5, Gallagher and Democratic Representative Raja Krishnamoorthi, of Illinois, introduced the TikTok bill, moving it to passage in the House within a week.

TikTok is by no means the only app operating in America that platforms disinformation and facilitates election interference. But TikTok does differ meaningfully from its American competitors when it comes to the oversight of its algorithm. Many social-media apps seek to obscure how they train and run their algorithms, increasing the risk that they will platform misinformation or engage in exploitative data-gathering practices. The Chinese government’s regulations, however, offer a much larger variety of legal mechanisms by which to pressure Chinese apps both politically and economically. 

The Chinese government has added additional layers of control over TikTok specifically: in 2020, China added content recommendation algorithms to its list of controlled exports, indicating that Beijing views TikTok’s algorithm as so key to Chinese national security that the government can ban it from being accessed by foreign powers. Under China’s 2021 Data Security Law and its 2021 Personal Information Protection Law, ByteDance is also now subject to national security data audits. Such moves raised legitimate concerns among American lawmakers about whether China may seek to access foreign users’ data or deploy TikTok to run disinformation and political influence campaigns.

CONTENT MISMANAGEMENT

A bipartisan consensus in the House is an exceptional thing. The TikTok bill has drawn new attention to the app’s profound influence on the U.S. tech and information ecosystem. Its effort, in particular, to ensure that users can regain access to their data before any ban of the app goes into effect sets an important precedent. In 2020, after the Committee on Foreign Investment in the United States forced the Chinese tech company Beijing Kunlun to sell the LGBTQ social media app Grindr, users did not have such data protections.

But the act has more drawbacks than benefits. Apps may be designated as “controlled by a foreign adversary” if their owners or parent companies are subject to direct regulatory oversight by the Chinese, Iranian, North Korean, or Russian governments—for instance, by being headquartered in those countries. But they may also get the designation if they are at least 20 percent owned by firms linked to those countries or by those countries’ citizens. And the bill states that apps can even acquire the designation merely if they are “subject to direction or control” by companies linked to U.S. adversaries. The bill does not explain what “subject to direction or control” means.

That vagueness generates a major deficiency: how the bill approaches the challenge of determining the national origin of corporations operating in the United States. ByteDance, for example, is headquartered in Beijing but registered in the Cayman Islands. The location of a company’s headquarters plays a significant role in how it is governed, yet where firms are headquartered does not fully indicate which governments have leverage over their operations. Companies such as Tesla have broad business exposure to the Chinese market. Trying to pin down apps’ ownership structures and financial influences would require regulators to become forensic accountants.

The TikTok bill infuses new uncertainty into the U.S. tech industry.

And determining the national origin of shareholders in publicly held firms, let alone private ones, presents a huge logistical challenge—to say nothing of the 20 percent control as a metric for influence. Vaguer still is the bill’s definition of a person “subject to the direction or control of a foreign adversary.” Such a broad definition could apply to many U.S. firms or individuals operating within China that must follow Chinese regulations and policy directives to maintain their operations.

Practically speaking, the act also infuses uncertainty into the U.S. tech industry. The 180-day divestment timeline fails to reflect the realities of divestment and acquisition for large tech companies. Beijing Kunlun’s forced divestment of Grindr took a year, and that firm was smaller than many that the bill might force to divest, with far fewer users and less antitrust risk.

The lack of procedural clarity in the process of designating foreign-adversary-controlled apps makes it likelier that the process will become politicized, too. Chinese firms in the United States are gathering sensitive user data in areas such as health, gaming, baby monitoring, and home security. A process focused on naming and shaming individual firms rather than one protecting the entire tech ecosystem would likely primarily benefit lobbying firms, which will undoubtedly be retained for lucrative contracts by firms concerned about their risk exposure.

DIGITAL DIVIDE

Beyond these particular defects, the TikTok bill’s weakness reveals a more foundational challenge in the U.S. digital regulatory landscape. When regulating their digital ecosystems, most of the United States’ allies prioritize giving users the rights to their data. Such an approach anticipates the new risks that emerging technologies may present before the technologies begin to operate at scale. Unlike in the United States, all firms operating in the European Union and Japan must follow national laws in those markets regarding the use and processing of personal data. By targeting individual firms rather than securing the U.S. digital ecosystem, the United States is moving further away from consensus with its allies and partners on data security issues.

The United States has long regulated technologies only after they have become pervasive or problematic. With a few notable exceptions, the U.S. regulatory system affords personal data limited protections. This approach has stimulated innovation: in the United States’ fast-paced, cash-rich tech landscape, the ability to access large swaths of user data has allowed for the emergence of global powerhouse apps and tech platforms.

The U.S. government’s comparatively hands-off approach when it comes to the tech sector, however, may be becoming a hindrance to national security. U.S. tech firms increasingly rely on exploitative data-gathering practices to support their business models. The extent to which the United States’ regulatory framework is driven by corporate financial interests poses increasing dangers when it comes to new technologies such as AI, because it tends to prioritize profit over security and ethics. A lack of regulatory oversight and user protections means that in the United States, Chinese companies are not required to offer the kinds of assurances and transparency that they appear willing to provide elsewhere. In response to Europe’s more stringent regulations on the use of personal data, for example, TikTok has made its European terms of service attentive to data protection.

BUG FIX

The TikTok bill is a response to a real risk in the U.S. digital ecosystem. But if the Senate passes the legislation and President Biden signs it, it will likely introduce new challenges to tech regulation, requiring lawmakers to monitor a rapidly evolving field continuously rather than putting the onus on corporations operating in the United States to track how they put consumers and national security at risk. If the TikTok bill fails to gain passage in the Senate, lawmakers would do well to push for more comprehensive protections.

Rather than target individual firms, the government must think bigger. It must first better enforce existing regulations, increasing the fines that firms face for violating existing laws. Divestment bans offer an intriguing option, but they should not be the first line of defense against data trafficking.

Currently, different states have different regulations on data protection, and the federal government must fulfill its duty to regulate the U.S. economy by working to align these policies. It should scrutinize underregulated data brokers and companies that gather biodata, including firms that are located in the United States. In July 2022, a much more comprehensive bill—the American Data Privacy and Protection Act—was approved by the House Energy and Commerce Committee with near unanimous support. Its progress toward a vote stalled in part because of lobbying by the tech industry. While that bill was imperfect, reviving it would be a good place to start establishing a more panoramic, affirmative vision for digital security that brings the United States’ practices more in line with those of other democracies.

Ultimately, the United States must enhance its data security without targeting firms or individuals based on their national origin or on their relationships with foreigners as a first line of defense. This is essential to protecting the dynamism of the country’s innovation and the dignity of its workers, especially crucial in an era of strained U.S.-Chinese relations. Encouraging the flourishing of relationships between the country’s tech sectors can help prevent political tensions from evolving into outright hostilities.

Any effort to respond to the risks associated with Chinese apps is likely to fail unless the United States first shores up its own digital protections—especially because new technologies’ ownership structures and user bases increasingly transcend national borders. Passing more comprehensive national data-security regulation may sound like a tall order for the current Congress, but it should not be if members care as much about technology’s national security implications as the House’s remarkably unified vote on the TikTok bill suggests. Such a move would also give the United States more international credibility in countering Chinese efforts to expand its extraterritorial data oversight by allowing the U.S. government to work more constructively with allies and partners. In its current form, however, the TikTok bill reveals—and will likely entrench—an increasingly inadequate American approach to regulating technology.

You are reading a free article.

Subscribe to Foreign Affairs to get unlimited access.

  • Paywall-free reading of new articles and over a century of archives
  • Unlock access to iOS/Android apps to save editions for offline reading
  • Six issues a year in print and online, plus audio articles
Subscribe Now