The pressure on TikTok just won’t let up. Since the beginning of the year, countless governments and authorities, including the EU Commission and Parliament, have banned the massively popular video app from official devices. They cite security risks because TikTok is owned by Chinese corporation ByteDance.
Several cities, including New York, have barred their employees from downloading the app. And in the U.S. state of Montana, Republican Governor Greg Gianforte has imposed a complete ban starting in 2024 – even though it’s not at all clear how it will be enforced.
At the heart of it all is the same question: Does the Chinese government have access to user data from the app or not? TikTok recently invested millions to convince Western governments otherwise. It built data centers, hired international executives and spent big on lobbying. In the US, TikTok spent years negotiating a national security deal that would give the government unprecedented control over the app. All just to be able to continue operating.
The question is not one that can be solved on a technical level: TikTok does not collect significantly more or different user data than Facebook, Twitter or Instagram do, security experts keep emphasizing. Instead, the dispute is a geopolitical one: it’s about China and a relationship in which trust is increasingly being lost.
Which is why China experts like Rebecca Arcesati are the best bet to get answers. As an analyst at the Mercator Institute for China Studies (MERICS) in Berlin she has been researching China’s digital policies for years. Arcesati explains how China’s data policies have changed over the past years – and why Western governments should rightly be careful around the app.
netzpolitik.org: Rebecca Arcesati, in the US TikTok is being framed as a threat to national security, because it is owned by a Chinese company. Is it reasonable to treat TikTok this way?
Rebecca Arcesati: When I see that a social media app is being framed as a national emergency, I’m a bit concerned. Not because I do not think that there is merit in the accusations that have been moved towards TikTok. All social media platforms should be scrutinized for how they handle user data and distribute information – and TikTok as a Chinese owned company poses unique challenges and risks.
netzpolitik.org: What are those risks?
Rebecca Arcesati: The main risk I see is the potential for authoritarian manipulation of democratic information spaces. But from a European perspective, it is concerning to see proposals to ban companies based on their country of origin or the location of their headquarters. Even in the United States this would amount to significant government overreach – and indeed something the Biden administration currently lacks the legal authority to do, because of the First Amendment.
netzpolitik.org: …which guarantees the right to freedom of speech and arguably the right to choose what platform to speak on as well. What’s the danger here?
Rebecca Arcesati: Well, the guiding principle of US cyber diplomacy for a long time has been the promotion of a free and open internet. The Restrict Act, short for Restricting the Emergence of Security Threats that Risk Information and Communications Technology, is a bipartisan bill which would give significant power to the executive branch of the US government. Power to exclude hardware, software and digital technologies made by vendors that are seen as threats to national security. If passed, this bill would justify sweeping restrictions on the free flow of information in the name of national security.
„China’s own practices cannot justify going against fundamental principles“
netzpolitik.org: China has been firewalling its internet for a long time and pushed US tech companies out or forced them to comply with Chinese rules. Why shouldn’t the United States do the same?
Rebecca Arcesati: I think we are seeing a reaction to the fact that China has become a global digital power. A power ruled by an authoritarian government with the ability to influence companies that have achieved massive global reach – not just in advanced economies, but also in large parts of the developing world.
But justifying certain policies on the basis of „China has been doing that for years“ is dangerous. China has decoupled from the global digital economy in many ways and has chosen to have the government determine which connections should be made and cut off. It has firewalled the internet and pretty much closed the domestic market to foreign digital platforms. Still, China’s own practices cannot justify going against fundamental principles that we hold dear in liberal democratic societies. Especially not if the United States is serious about countering China’s so-called digital authoritarianism and proposing a different model that is grounded in fundamental human rights and democratic values. If the United States goes down that path, there will be major implications for the free and open internet, for fundamental rights, freedom of expression and debate. And that concerns me.
netzpolitik.org: What does it mean for TikTok to be run by a Chinese company?
Rebecca Arcesati: TikTok’s Chinese ownership means that they cannot decline requests for data or information manipulation by the Chinese government, because of political and legal requirements in China which Bytedance needs to comply with. We simply cannot ignore the fact that Chinese companies‘ ability to say no is very limited when the Chinese government asks them to share data, or to support national security and intelligence in other ways. And that ability to say no is shrinking by the day, considering the sweeping rectification campaign that has hit the consumer internet sector over the past three years.
„Chinese authorities want access to many kinds of personal information“
netzpolitik.org: How so?
Rebecca Arcesati: For years Chinese companies resisted requests by the Chinese Communist Party (CCP) to hand over data. We saw it for example with Alibaba or with the digital transportation company Didi. For the Chinese government, it was not as straightforward to get access to any data it wanted as some people thought. Now, we are seeing a trend towards greater state visibility into and access to data that is privately held. China now has a data security law which clearly says, reiterating obligations spelled out in preexisting Chinese laws, that if state or public security organs demand access to data in performing their duties, companies and individuals shall comply – otherwise there are financial penalties involved.
netzpolitik.org: Have these kinds of laws and crackdowns affected other companies?
Rebecca Arcesati: We saw how Alibaba’s affiliate company Ant Group was forced to split into nine different subsidiaries. Access to consumer credit data is now being managed by a state affiliated company. This is part of a trend where the Chinese government wants more control over user data. In the past, a lot of that data was in the hands of large private tech firms, but now the Chinese government wants that to change. Not only have they curbed on the mishandling of personal data by large platform businesses, which is a response to longstanding public concerns and complaints: Authorities also want preferential access to many kinds of personal information – ranging from individuals’ spending habits to their personal communications and movements.
netzpolitik.org: So there is legitimate cause for concern around user data on TikTok and China accessing this data?
Rebecca Arcesati: Yes, but there is still a double standard in the way Congress and two subsequent US administrations have been treating TikTok. TikTok is receiving scrutiny to the point that a ban is on the table, when at the same time there are other ways for the Chinese government – or any other malicious actor – to access the data of American citizens.
You can legally buy that data from data brokers. There have also been successful cyber attacks which appeared to have originated in China, including the hack into the Office of Personnel Management of the US Government. We do not have a full picture of all the data the CCP and its intelligence services have been able to obtain to date, but it is certainly more useful than the kind of data they might get from TikTok.
All this is to say I agree with those critics who point out that focusing on data risks too much has been a distraction in the debate.
„As a Chinese government official, I would try to influence TikTok“
netzpolitik.org: Why?
Rebecca Arcesati: The bigger question to me is content manipulation: whether TikTok might prioritize content that is more favorable to the CCP, and even manipulate democratic processes like elections. Information manipulation is something that the CCP is very much interested in: The idea that you do not just shape public opinion domestically, but also try to shape how other societies think and talk about China and its ruling government.
We have seen that in the aftermath of the Covid-19 pandemic, when Chinese diplomats posted a wave of disinformation on Western social media. Researchers have also documented the activities of entire networks of accounts which appear to be linked to the Chinese government. These accounts have been very active in spreading the official Chinese government line on many topics – from Covid-19 to Hong Kong, Xinjiang, and the war in Ukraine. There has also been great research into Chinese authorities’ procurement of public opinion analysis services from private companies, also to aid online propaganda and surveillance overseas.
So, when you have a platform of the size of TikTok, controlled by a company that is headquartered in China and thus subject to clear obligations under Chinese law, that is not insignificant. If I were a government official in Beijing, I would find a platform with such a global reach very interesting. And I would try to influence them to place the content I like.
netzpolitik.org: Is there any proof that this happened in the past?
Rebecca Arcesati: There is evidence that TikTok does just that, spreading government propaganda while censoring information that may upset Beijing. In terms of successful Chinese government operations to manipulate public opinion at scale, however, so far there is little evidence. Yet we know from the Cambridge Analytica scandal that the risk of large-scale manipulation on Western platforms like Facebook is very real. If even political parties in liberal democracies will strategically place ads to influence public opinion, why would the CCP not try to do the same?
The CCP is eager to shape the world in a way that makes it safer for authoritarianism. When it comes to China, European institutions must think very seriously about the nexus of digital power, emerging technology and geopolitical interests.
„The vendor matters“
netzpolitik.org: Banning TikTok from peoples phones, banning Huawei components from telecom networks: What is the problem underneath these geopolitical conflicts?
Rebecca Arcesati: When it comes to exporting data-intensive services and products, especially those that go into critical information infrastructure, you kind of need trust as a precondition for doing business. In 2015, the EU happily signed a partnership with China to cooperate on 5G and no one was even questioning Chinese companies‘ roles in building telecommunication networks in Europe. The risk of data exfiltration was not something that policymakers, let alone the public, preoccupied themselves with.
netzpolitik.org: Now we have TikTok on our phones and Huawei technology in our telecom infrastructure.
Rebecca Arcesati: And obviously, when it comes to these kinds of technologies, the vendor matters. Because to guarantee the security of technologies as complex and virtualized as 5G networks, robust technical standards are only one precondition. You need vendors who you can trust to not shut down your network remotely or not install backdoors.
That is why in terms of digital diplomacy, we have seen the Chinese government attempting to debunk what they want to portray as a myth: That they will try to coerce companies into handing over data.
netzpolitik.org: How are they making that point?
Rebecca Arcesati: In 2019 Trump proposed the Clean Network program. The idea was to cleanse US networks from Chinese equipment and technology across all levels, from subsea cables to social media apps. Shortly after that, the Chinese Foreign Ministry launched a diplomatic move in response, the Global Data Security Initiative. At its core, it was a pledge not to ask Huawei and other Chinese companies to spy or to hand over data to the Chinese government. I think the reason they felt compelled to say that was precisely because they know that in this particular historical moment, characterized by rapid technological change and fierce great power competition, trust is key to continued technological and economic interdependence.
netzpolitik.org: ByteDance is doing anything it can to convince Western politicians it is not Chinese and CCP data access is not a problem. They moved headquarters to Singapore, user data is being stored in Europe and the US. Is that enough?
Rebecca Arcesati: I am skeptical that this action can alleviate the concerns at hand. The level of influence the party state can exert on Chinese tech firms domestically is a liability for these companies as they seek to broaden their global expansion. That has become quite clear with the controversy surrounding TikTok, and Huawei before it. This is the dilemma of Chinese founders who built successful tech companies with the ambition of going global, an ambition which the Chinese government itself encourages and actively supports. But when ByteDance acknowledges having access to TikTok user data, it means that data can be accessed by a key subsidiary of the company in which the China’s cyber regulator literally controls a board seat. So the prospects for them to be trusted with European and US user data are quite grim.
„Shou Zi Chew is not free in expressing his opinion“
netzpolitik.org: In March TikTok CEO Shou Zi Chew was questioned by US Congress for four hours. It felt more like a hostile grilling than a hearing.
Rebecca Arcesati: Shou Zi Chew was asked whether the Chinese government is committing genocide in Xinjiang and whether he supports that. And then some folks were surprised that he was not forthcoming. We have to realize that these companies operate in a certain domestic political and legal context where their ability to cultivate positive relations with the Chinese party-state not only determines their survival, but also the personal safety of their executives and their families. Shou Zi Chew and others are not free in expressing their opinion in front of the US Congress the way Mark Zuckerberg can. Obviously, it is concerning that he did not answer the question, but I would not have expected anything different.
netzpolitik.org: In the EU TikTok is also increasingly seen as a security threat. Recently the European Union has banned TikTok from official devices across all three government institutions. This is a step no one has suggested for apps by Meta, Google and other US companies. A double standard?
Rebecca Arcesati: I would disagree. American platforms have been the main focus of EU data protection and antitrust authorities for a long time. It is also important to distinguish between US and Chinese companies. Sure, we know the extent and reach of US government surveillance. But we are still allies and share values. That is not the case with China. When the CCP has access to personal data, it might facilitate espionage on European soil. It could help them influence political leaders, or gain deeper insights into our societies than they had before. We should take that very seriously.
netzpolitik.org: The European Union has just passed a new law that will set the rules for online platforms in Europe, the Digital Services Act (DSA). Part of the plan is independent oversight over how social media platforms are moderating content and serving information to their users. Is that a better way to handle the problems with TikTok than enforcing a ban?
Rebecca Arcesati: From the perspective of many stakeholders in Washington, the European approach is often seen as technocratic and slow. But I do think this model could work. It could establish a more neutral and legally sound ground for eventually excluding companies that fail to comply. How can lawmakers be talking about bans, when they are not holding all companies to the same high standards?
The DSA has provisions demanding digital platforms submit their algorithms for an independent third-party review and auditing. If we are concerned about algorithmic manipulation and how TikTok might prioritize Chinese government-sponsored content, which I think we should be, the DSA could help address those concerns. That said, algorithmic auditing is quite complex. Real transparency and explainability are hard to enforce. This is new territory for regulators, and we will have to see how the DSA will work in practice, but I think this path is very much worth exploring.
„Banning TikTok would not be legitimate or desirable“
netzpolitik.org: Are we going to see an effort to eventually ban TikTok entirely in the EU?
Rebecca Arcesati: I do not think we will ever see a push for bans of Chinese social media apps in Europe – beyond the very narrowly targeted bans we have seen for EU and government officials. Those bans make sense from a national security and data security perspective because government employees have access to sensitive information, so their risk profile is totally different. But that does not mean banning TikTok to protect society at large would be a legitimate or even desirable course of action. China bans foreign platforms. The EU, by contrast, cares about constitutional rights, such as freedom of speech.
netzpolitik.org: What about investigative journalists or lawyers, would it be wise for them to have the app on their phones?
Rebecca Arcesati: Probably not, if you look at what happened with Forbes journalists last year. Someone inside ByteDance used location data to monitor whether employees were meeting with Forbes journalists who were investigating TikTok. These kinds of episodes really do not inspire confidence in TikTok’s data handling practices. That was just their own bad decision, but it was a wake-up call in many ways. Just imagine a scenario where the Chinese government might want to coerce ByteDance into a specific behavior with regards to TikTok, such as spying on dissidents or journalists who are critical of Beijing.
0 Ergänzungen