Press Release
Washington, D.C. — Senators Tom Cotton (R-Arkansas), Ben Sasse (R-Nebraska), Mike Braun (R-Indiana), Marco Rubio (R-Florida), Todd Young (R-Indiana), and Roger Wicker (R-Mississippi) sent a letter to Treasury Secretary Janet Yellen demanding answers about actions the Biden administration is taking to combat the national security risks associated with TikTok, a social media platform developed and owned by Chinese company ByteDance Ltd.
In part, the senators wrote, “The Biden Administration has seemingly done nothing to enforce the August 14 order nearly two years since its promulgation. The results of the security reviews, likewise, have not been publicly released after one year. Instead, news reports indicate TikTok is nearing a deal with a U.S. company to ‘store its U.S. users’ information without its Chinese parent ByteDance having access to it, hoping to address U.S. regulatory concerns.’”
“The proposed TikTok deal would do little to address the core security concerns that motivated the August 14 order. That order was not simply concerned about data, but about a Chinese company’s ownership of a social media platform in America. If the Biden Administration focuses solely on data storage and integrity to the exclusion of the critical issue of ByteDance’s ownership, control, and influence of TikTok, serious security risks will remain and the August 14 order will go unenforced,” the senators continued.
Text of the letter may be found here and below.
The Honorable Janet Yellen
Secretary
Department of the Treasury
1500 Pennsylvania Avenue, NW
Washington, DC 20220
Dear Secretary Yellen,
We write to inquire about the Biden Administration’s delayed response to the national security and privacy risks posed by TikTok, the video-sharing social media platform developed and owned by the Chinese company ByteDance Ltd.
On August 6, 2020, President Donald Trump issued Executive Order (E.O. 13942) restricting the use of TikTok in the United States. The order noted that the app “captures vast swaths of information from its users, including… location data and browsing and search histories.” TikTok’s data-collection practices threatened to “allow the Chinese Communist Party access to Americans’ personal and proprietary information—potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.” Shortly afterward, ByteDance sued in federal court and secured a preliminary injunction that halted a pending prohibition against downloading the TikTok app.
President Trump issued an additional Presidential Order on August 14, 2020 (the August 14 order) directing ByteDance to divest its American assets and destroy any data it acquired through TikTok. The order also blocked ByteDance’s acquisition of another video-sharing social media platform, Musical.ly. The August 14 order was based on “credible evidence” that the acquisition threatened to “impair the national security of the United States,” likely including evidence unearthed by a review of the Committee on Foreign Investment in the United States (CFIUS).
On June 9, 2021, President Joe Biden revoked E.O. 13942 and ordered security reviews of TikTok and similar apps developed in adversary countries. The next month, the Biden Administration petitioned to dismiss ongoing federal litigation against ByteDance. President Biden did not, however, revoke the August 14 Presidential Order requiring ByteDance to divest its American assets, property, and data.
The Biden Administration has seemingly done nothing to enforce the August 14 order nearly two years since its promulgation. The results of the security reviews, likewise, have not been publicly released after one year. Instead, news reports indicate TikTok is nearing a deal with a U.S. company to “store its U.S. users’ information without its Chinese parent ByteDance having access to it, hoping to address U.S. regulatory concerns.”
The proposed TikTok deal would do little to address the core security concerns that motivated the August 14 order. That order was not simply concerned about data, but about a Chinese company’s ownership of a social media platform in America. If the Biden Administration focuses solely on data storage and integrity to the exclusion of the critical issue of ByteDance’s ownership, control, and influence of TikTok, serious security risks will remain and the August 14 order will go unenforced.
Please answer the following requests in writing:
Identify all CFIUS member agencies that are “lead” agencies for this matter.
Given recent press reporting that TikTok may partner with a U.S. company to store Americans’ data in the United States:
a. Are these arrangements part of a CFIUS-ordered plan to address national security risk?
b. Will such arrangements appropriately and adequately effectuate the directives contained in the August 14 order? If so, how?
c. What assurances does the U.S. government have that TikTok will store U.S. data and adopt privacy policies with adequate protections?
d. How will the U.S. government enforce any such data protection and storage arrangements vis-à-vis an independent third-party U.S. company?
e. What steps will be taken with regard to the storage, protection, and integrity of the extensive U.S. data that has already been acquired by TikTok and ByteDance both prior to and since the August 14 order?
f. Will the United States impose requirements for destruction of data previously acquired and not stored within U.S. jurisdiction, and how will such a requirement be enforced and verified?
g. How will the U.S. government ensure the TikTok app contains no malicious code and does not manipulate information and content? How will this be accomplished and verified on an ongoing basis? If an independent third party is responsible to the U.S. government for these functions, how will any failure to protect Americans and U.S. national security be remedied and enforced? Has the U.S. government considered adequate means of accountability?
h. Will TikTok be locally managed in the United States?
i. If the control and operation of TikTok’s algorithm remains in the Chinese company’s hands, does that mean that U.S. persons’ data will be transferred to China to inform said algorithm?
j. Will the U.S. government have the ability to routinely access and inspect the algorithm’s source code?
k. What safeguards will the United States have to ensure protection of U.S. persons’ data in the event the CCP were to invoke its National Security Law and direct ByteDance to provide U.S. data to the Chinese government?
l. Will only U.S. persons be the officers and employees responsible for all operations and activities of TikTok in the United States? How will the decision-making of U.S. officers and employees be isolated from any and all influence of ByteDance’s officers and employees?
If the divestment ordered by the August 14 order will not be effectuated, will the President issue a superseding Presidential or Executive Order?
If divestment ordered by the August 14 order is not effectuated, to what extent will ByteDance or other Chinese persons retain ownership or control over TikTok’s operations in the United States? Describe in detail both the ownership and control structure contemplated for TikTok in the United States.
Are the actions that CFIUS may be taking to address the threat posed by TikTok being considered and applied by U.S. government agencies to WeChat, Didi, and other Chinese-owned or controlled apps?
Please respond to these questions no later than July 22. Thank you for your prompt response to this important matter.