Mar 26 2023

TikTok and the Bigger Picture

The recent push by the Biden administration to ban TikTok, and the international wave of restrictions on the installation and use of the app on government phones, all tie back to new risk that hasn’t been seen in quite this way before.

What’s special about the TikTok situation is the combination of the following factors, when viewed through an adversarial lens. In particular, it is the combination of these factors that present a unique risk as each of these factors are present in other social media companies or Chinese tech companies, but only present all together in the case of TikTok.

  1. Capability - large user base and algorithmic feed - Social media platforms of the past (Facebook, MySpace, Instagram, Twitter) depended on users to curate their connections to others and the data sharing was user-to-user with little intermediation. TikTok, YouTube (to some extent), and recent changes in Facebook and Instagram, have given rise to the algorithmic feed” where the owners of the applications play a much more direct role in choosing what is displayed to users. The net result is that those in control of the applications are also in control of what users are served, and therefore what they consume. This increases the risk of manipulation of the user base by those in control of the feed.” Combine the control with an absolutely enormous user base (over a billion monthly active users) and high consumption level among the users (95 min a day, on average!), and the risk rises in kind.
  2. Opportunity - no federal data protections for US citizens - With the exception of COPPAA for children, CCPA for Californians, and a hodge-podge of state and local regulations around data collection and sharing, there are no robust federal data protection and privacy laws that could be leveraged here. The FTC could exercise its power to bring enforcement actions, in the event of unfair or deceptive practices, that is a retroactive action and not a preventative measure.
  3. Motive - consistent, pervasive, and well-documented aggression - This angle could be a dissertation in and of itself, but suffice to say that China and the US are at odds with each other and the Chinese government has ratcheted up their direct involvement in Chinese tech companies over the past 3-5 years. From the recent Biden administration’s cyber policy update: *“the People’s Republic of China (PRC) now presents the broadest, most active, and most persistent threat to both government and private sector networks,’’ and says China is the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.’* Additionally, ByteDance, the parent company of TikTok said”an internal investigation found that employees had inappropriately obtained the data of U.S. TikTok users, including that of two reporters.” Furthermore, Christopher Wray, Director of the FBI, stated back in 2020 that China’s laws allow its government to compel any Chinese company to provide any information it requests—including American citizens’ data. On top of that, Chinese companies of any real size are legally required to have Communist Party cells” inside them to keep them in line.”

This unique mix of issues means the United States and other allied governments have essentially three options:

  1. Force the Sale - This may seem like an odd move, given it’s not something the average American is used to seeing the US government require, but when US companies expand internationally into countries such as India or China, the existing laws and regulations in those countries essentially force the expanding US corporations to jump through similar ownership hoops in advance. An interesting side-effect of this move is that TikTok is in over 150 countries with over a billion users so the US would be forcing a change in ownership of a foreign entity while the US only represents around 10% of the user base - domestic priorities with international impacts.
    1. In certain sectors, the Indian government requires foreign companies to partner with a local Indian company in order to operate their business in India. Additionally there must be more than 1, but less than 200 shareholders for a private business and 1 member of the board must be an Indian national. Foreign Direct Investment is limited to certain percentages in particular sectors, like 74% in the Pharmaceuticals industry.
    2. China has similar joint venture requirements that set a requirement for foreign corporations, expanding into China, to enter into joint ventures with local Chinese companies.
  2. Ban the App - This is a coarse tactic that will address the risk posed by the app, but will come at a significant cost” to the 100 million active users in the US. While some portion of the user base will get around geo-blocks and may find ways to continue their usage, for most folks, this’ll mark the end of their usage. However, the ban of TikTok in the US will not curtail usage in other countries, unless they engage in similar bans.
  3. Protect the Data - Really this is the correct” action, but the least likely to happen. The US congress could institute a federal data protection privacy framework, similar to GDPR or CCPA that would provide the protections and penalties needed to both secure American’s data and provide the transparency needed to make everyone more comfortable with what TikTok collects and how it uses it. The irony is that China has a more stringent data protection framework than the US and if the US took a page from China’s book, it would help the US address the risk posed by China.

ChatGPT4’s Response

I fed the analysis above to ChatGPT (using the GPT4 model as of 2023-03-26) and asked it to present a counter argument. The response is pretty good, so I am including it below, with my notes in the margin, because it’s often good to hear the other side of the argument, so you can form your own opinion.

“The analysis presents a well-structured argument on why the TikTok situation poses unique risks to users’ data and national security. However, there are counterarguments to be considered:

Yes, other platforms have this power, but it’s the power + reach + factors 2 and 3 below in combination that is important. ChatGPT brings up a great argument with advertising, but that’s a can of worms for another time.

  1. Capability - While the algorithmic feed indeed gives the app owners greater control over what users consume, it is important to note that other social media platforms have also started adopting similar algorithms. YouTube, Facebook, and Instagram all use algorithmic recommendations to some extent, which means that the risks associated with TikTok’s algorithm are not entirely unique. Additionally, it could be argued that users have always been subjected to external influence on social media, whether through advertising or tailored content.

    This is a solid point, but while TikTok, and its parent company ByteDance may be more careful in the near-term, that will be a voluntary measure and TikTok/ByteDance can change course at any time.

  2. Opportunity - Although the analysis highlights the lack of robust federal data protection and privacy laws, it does not consider the possibility of TikTok being more careful with user data due to the scrutiny it has been under. The company may have a higher incentive to avoid negative publicity and legal consequences by ensuring that its data practices are compliant with existing regulations. Moreover, the app has announced plans to open a transparency center in the U.S. to allow outside experts to review its data privacy practices, indicating a willingness to cooperate.

    I agree, but the examples of Chinese companies participating in state aims (looking at you Huawei) highlight the risk and increase the likelihood. I do agree, however, that the risk is not universal and care should be taken not to paint with too wide of a brush. On the second point, yes other countries also pose a risk, but the hey they are doing it too” is not a valid rebuttal here.

  3. Motive - While there is well-documented aggression between China and the U.S., it is essential to avoid assuming that every Chinese tech company is inherently working against U.S. interests. Chinese companies, like any other business, primarily focus on growth, profitability, and serving their user base. It is important not to generalize the actions of the Chinese government to every Chinese tech company. Furthermore, it is also worth noting that other countries have also exhibited cyber aggression, and the focus on China may overshadow risks posed by other nations.

Regarding the proposed options:

This is absolutely true. A forced sale for such a high profile company would have drastic effects on future foreign investment in the US. Additionally a sale of TikTok would likely still involve some ownership stake, direct or otherwise, in the new owner.

  1. Force the Sale - Forcing the sale of a foreign entity raises questions about the U.S. government’s power and potential overreach. The move may create tensions between countries and set a precedent for future conflicts over business ownership. Moreover, it may not effectively mitigate the risks since the new owner could still have ties to the Chinese government or be subject to influence.

    Agreed

  2. Ban the App - Banning the app may not only deprive millions of users of a platform they enjoy but also potentially harm freedom of expression and set a precedent for banning other apps in the future. Bans can also be circumvented through VPNs or other workarounds, rendering the measure less effective.

    The irony of an LLM algorithm, trained on an enormous corpus of scraped data, being an optimist about data privacy. I otherwise agree that ultimately this solution is the most effective and address the underlying risk for potential future situations similar to this one.

  3. Protect the Data - The analysis presents this option as the least likely to happen, but it should be noted that the U.S. has been making strides towards stronger data protection laws. As public awareness and concern about data privacy grow, the push for comprehensive federal data protection and privacy laws might gain momentum. Implementing a federal data protection framework similar to GDPR or CCPA would not only address the risks posed by TikTok but also help protect user data across all platforms and companies, including both domestic and international entities. This approach would create a more balanced and effective solution to data privacy concerns, without targeting specific companies or countries.

Couldn’t agree more, well done robot.

In conclusion, while the analysis does identify certain risks associated with TikTok and its unique combination of factors, it is important to consider counterarguments and alternative perspectives. Assuming that every Chinese tech company poses a threat, or that banning or forcing the sale of TikTok is the only viable solution, may lead to unintended consequences and fail to address broader data privacy concerns. A more comprehensive and balanced approach, such as implementing robust federal data protection laws, may be more effective in the long run.