Archive for April 24, 2024

Wednesday, April 24, 2024

TikTok Ban

Demetri Sevastopulo and James Fontanella-Khan (2020, Hacker News, CNBC):

TikTok will be removed from US app stores from midnight on Sunday as Washington implements executive orders from President Donald Trump that also target WeChat, a Chinese social media app.


Oracle and ByteDance have submitted a proposal that would spin out TikTok’s global business into a new US company that would have an all-American board and a security committee headed by someone with government security clearances. The new company would initially be majority owned by ByteDance, but would seek to list publicly in the US.

John Gruber:

Be careful of headlines along the lines of “U.S. bans TikTok” — right now it’s just new downloads that will be banned, not use of the app if already downloaded.

Nick Heer:

The theoretical security risks of apps involved in what Secretary of Commerce Wilbur Ross calls “China’s civil-military fusion” are hazy but plausible. These restrictions only apply to TikTok and WeChat, not all apps with Chinese origin. Furthermore, WeChat is effectively the default digital layer for many in China, so it is an essential app for Americans staying in touch.


I get why China’s state-connected businesses are worrying for some Americans, but this order does almost nothing to alleviate those concerns.


“ByteDance says it will not transfer algorithm and technology to Oracle as part of TikTok deal” (So it truly is just a cloud hosting deal... so much for national security)

Nick Heer:

At any rate, the TikTok partial sale of unknown structure is still being vetted as of Monday, contrary to the president’s position on Saturday, but it has all of the trappings of a Potemkin arrangement.

Edvard Pettersson (via Hacker News, 3, BBC):

The Trump administration’s curbs on WeChat were put on hold by a judge, upending an effort to halt use of the Chinese-owned app in the U.S.

Tim Hardwick:

U.S. President Joe Biden has withdrawn a series of executive orders from his predecessor Donald Trump banning Chinese apps TikTok and WeChat in the United States.

Casey Newton (Slashdot):

At a hearing in front of the US Senate’s Committee on Homeland Security and Governmental Affairs, TikTok COO Vanessa Pappas faced stern questioning from lawmakers. They had pointed questions about the company’s relationship with its parent, with the Chinese government, and the potential for Americans’ data to be misused. And while on one level it was simply the latest chance for our Senate to grandstand about the tech industry while doing nothing to regulate it, the hearing also showcased the growing momentum to take more definitive action against the company.


TikTok’s task is impossible because to earn the senators’ trust fully, it must prove a negative: that China has never sought to use the app for influence operations or surveillance purposes, never will, and never could even if it tried. The company swears up and down that nothing of the sort could ever take place.

Nick Heer:

The main thing I am left wondering after reading this New York Times story about a forthcoming deal to resolve U.S. national security concerns is whether anything will be enough to satisfy the biggest TikTok hawks. I can already see the complaints of any agreement not being enough, speculation of the existence of a back door, and general distrust of TikTok.

Brandon Vigliarolo (2022, Hacker News):

TikTok has been accused of preparing to keep covert tabs on the physical whereabouts of certain US citizens using its app.

Bruce Schneier (2023):

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all the effective ones would destroy the free Internet as we know it.

There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government. They collect extreme levels of information about users. But they’re not alone: Many apps you use do the same, including Facebook and Instagram, along with seemingly innocuous apps that have no need for the data. Your data is bought and sold by data brokers you’ve never heard of who have few scruples about where the data ends up. They have digital dossiers on most people in the United States.

If we want to address the real problem, we need to enact serious privacy laws, not security theater, to stop our data from being collected, analyzed, and sold—by anyone. Such laws would protect us in the long term, and not just from the app of the week.

Mike Masnick:

The end result of this might well be that ByteDance divests of TikTok, but we should be clear: the threat, and any potential block, would be a clear, blatant, dangerous violation of the 1st Amendment.

We already know this, from back when former President Trump tried the same damn thing and (rather sloppily) tried to ban both TikTok and WeChat in the US. We called it unconstitutional at the time, and the courts agreed. There were a bunch of lawsuits, and none of them went well.


Banning TikTok won’t solve the issue of any potential privacy violations. As we’ve noted over and over and over again, the supposed data that TikTok is “collecting” on its users is available from basically anywhere to basically anyone with a few bucks. Want to fix that? Pass a real privacy law.

Paul Matzko:

FB hired a consulting megafirm to astroturf letters to the editor at 100s of newspapers to hype up a TikTok moral panic. The goal? “Dream would be to get stories with headlines like ‘From dances to danger.’” It’s targeted misinformation on a massive scale.

Nick Heer:

It was very clear, from the outset, that most committee members were not much interested in investigating, but were instead trying to justify a forthcoming likely vote to ban TikTok from the United States.

Yoel Roth (Mastodon):

The basic gist of Project Texas, Lawfare reported earlier this year, is that TikTok will stand up a new US-based subsidiary named TikTok US Data Security (USDS) to house business functions that touch US user data, or which could be sensitive from a national security perspective (like content moderation functions impacting Americans). Along with giving the government the right to conduct background checks on potential USDS hires (and block those hires from happening!), TikTok committed as part of Project Texas to host all US-based traffic on Oracle-managed servers, with strict and audited limits on how US data could travel to non-US-based parts of the company’s infrastructure. Needless to say, Oracle stands to make a considerable amount of money from the whole arrangement.

Yesterday’s appearance by TikTok CEO Shou Zi Chew before the House Energy and Commerce Committee shows that even those steps, and the $1.5 billion TikTok are reported to have spent standing up USDS, may prove to be inadequate to stave off the pitchfork mob calling for TikTok’s expulsion from the US. The chair of the committee, Representative Cathy Rodgers of Washington, didn’t mince words in her opening statement, telling Chew, “Your platform should be banned.”

Even as I believe at least some of the single-minded focus on TikTok is a moral panic driven by xenophobia, not hard evidence, I share many of the national security concerns raised about the app.


The problem is that solutions like Project Texas, and a single-minded focus on China, may end up having the counterproductive result of making the app less resilient to malign influence campaigns targeting the service’s 1.5 billion users around the world.

Michael Love:

One of the big problems with the argument that TikTok can’t be trusted because its executives have to take orders from the CCP is that it naively assumes that Tim Cook does not also have to take orders from the CCP.

Jenny Feng (via Hacker News):

Although Beijing’s opposition to a forced sale of TikTok hasn’t gone beyond words, Chinese internet users seem to have plenty of suggestions as to how China can interfere. “Can we ban iPhone in retaliation?” a Douyin user commented, while another one remarked, “Don’t forget a bunch of American companies like Apple, Tesla, and Microsoft all have businesses in China. We haven’t shown all the cards in our hand yet.”

Adi Robertson (via Hacker News):

It’s hard to describe how strange it feels to sit in New York City in 2023 watching American politicians propose fighting Chinese authoritarianism with their own social media ban.


Banning TikTok is not, as lawmakers claimed in the hearing, a sign that we’re about to get real tech reform. It will almost certainly be a PR move that lets some of the same politicians who profess outrage at TikTok get back to letting everyone from Comcast to the DMV sell your personal information, looking the other way while cops buy records of your movements or arrest you using faulty facial recognition and getting mad you’re allowed to have encryption that prevents the FBI (and probably also foreign governments) from hacking your phone. And it will be a PR move that betrays America’s supposed commitment to free expression in the face of an increasingly splintered internet — born out of a failure to think bigger than one disfavored app.

It’s almost impossible to tell how grounded the national security concerns about TikTok are in solid evidence.

Breaking Points (via Hacker News):

TikTok Ban Bill Is PATRIOT ACT 2.0 Trojan Horse

David Pogue:

TikTok is the most popular app in the United States. 150 million Americans – almost half the population – use it every month. The app offers an endless, scrolling wonderland of humor, music, dancing, tips, opinion and information – short videos posted by fellow TikTok fans, and all delivered to you according to your interests. And for about five million businesses, TikTok is also a marketing tool.


Milton Mueller, a professor of cybersecurity and public policy at Georgia Tech, studied the theory that TikTok’s algorithms attempt to influence ideology. He said, “There’s absolutely no indication that this is in some way manipulated or controlled by the Chinese Communist Party. We just found that to be a complete fabrication. You can find information about Uyghur repression, you can find information that ridicules Xi Jinping. It’s all there.”


So, sell TikTok, or ban it? Selling it might be impossible – though worth a lot, the Chinese Communist Party may object to a sale. As for banning TikTok, Mueller said, “There’s probably a 90% chance that that would be ruled unconstitutional [because of] the First Amendment. You’re banning an information source, you’re banning a publication. I have to emphasize this: if you ban TikTok, it’s not the Chinese Government that would be silenced; it’s the 150 million American users of the app. Those are the ones whose free speech rights would be violated by a ban.”

David Shepardson (via Hacker News):

Montana Governor Greg Gianforte on Wednesday signed legislation to ban Chinese-owned TikTok from operating in the state to protect residents from alleged intelligence gathering by China, making it the first U.S. state to ban the popular short video app.

Montana will make it unlawful for Google and Apple’s app stores to offer TikTok within the state, but will not impose any penalties on individuals using the app.

John Gruber:

Putting aside the fact that Montana is a small state (44th in population, 1.1 million people), it just doesn’t seem feasible to ban TikTok at the state level. Even if this goes into law and Apple and Google comply, Montanans can just cross state lines to download it.


I do think the U.S. should ban TikTok nationwide. But it seems futile — silly even — for states to do it piecemeal.

Dan Whateley and Ashley Rodriguez (via Hacker News):

An explosive new lawsuit claims TikTok’s owner built a ‘backdoor’ the CCP could exploit

Alexandra S. Levine (via John Gruber):

TikTok has stored the most sensitive financial data of its biggest stars — including those in its “Creator Fund” — on servers in China. Earlier this year, CEO Shou Chew told Congress “American data has always been stored in Virginia and Singapore.”

Makena Kelly:

New York City is banning TikTok from city-owned devices and requiring agencies to remove the app within the next 30 days.

Dan Milmo (via Hacker News):

TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.

The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

Gavin Bade (via Hacker News):

Fast forward to the fall and little has changed. Biden’s national security review of the app is still frozen by legal concerns and Congress’ headline TikTok bill — the RESTRICT Act — is stuck in the mud despite backing from senior members of both parties. In an effort to break the logjam, the administration is now throwing its support behind alternative legislation that has yet to be released.

Alexandra Sternlicht (2024, via John Gruber):

Some ex-TikTok employees say the social media service worked closely with its China-based parent despite claims of independence

Sahil Kapur and Kyle Stewart (via Hacker News):

The House also voted Saturday to force TikTok’s parent company to sell it or be banned in the U.S. According to the bill, China-based ByteDance would have to sell TikTok within nine months — which the president could extend to a year — or face a nationwide ban. The policy, which would lengthen the time frame for a sale from an earlier House bill, has Senate buy-in along with Biden’s support, putting TikTok closer than ever to being banned in the U.S.

Cristiano Lima-Strong (via John Gruber):

Congress late Tuesday passed legislation to ban or force a sale of TikTok, delivering a historic rebuke of the video-sharing platform’s Chinese ownership after years of failed attempts to tackle the app’s alleged national security risks.

The Senate approved the measure 79 to 18 as part of a sprawling package offering aid to Israel, Ukraine and Taiwan[…]

Lauren Feiner (Hacker News, MacRumors):

It now heads to President Joe Biden, who already committed to signing the TikTok legislation should it make it through both chambers of Congress.


Warner added that TikTok’s earlier proposed solution to concerns around its data governance, Project Texas, were inadequate. “Project Texas would still allow TikTok’s algorithm, source code, and development activities to remain in China,” Warner said. “They would remain so under ByteDance control and subject to Chinese government exploitation.”

But he also addressed the concerns of many young Americans who use TikTok and fear this legislation means it will go away. “I want to make clear to all Americans, this is not an effort to take your voice away,” Warner said. “Many Americans, particularly young Americans, are rightfully skeptical. At the end of the day, they’ve not seen what Congress has seen. They’ve not been in the classified briefings that Congress has held, which have delved more deeply into some of the threats posed by foreign control of TikTok.”

Eric Schwarz:

This is a dangerous precedent—the nursing home government hasn’t provided clear-cut data for this, only vibes and fear-mongering. While I’m personally not against aiding our allies, how about we work on fixing ourselves first?


I’m not so much as giving TikTok a pass as asking why this is the most pressing thing and why we aren’t addressing poor behavior by domestic social media companies?

Pieter Arntz:

The Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in the US, says it opposes this bill, mainly because it is afraid that TikTok will not be the last app to face this type of ban.


Update (2024-04-26): See also: TikTok CEO Shou Zi Chew’s response.

Rob Jonson:

US Government: TikTok must be banned because the Chinese Government could demand that the owners hand over data on users.

Also US Government: Everyone must hand over data on their users to US. (FISA 702)

Lauren Feiner (Hacker News, Slashdot):

President Joe Biden signed a foreign aid package that includes a bill that would ban TikTok if China-based parent company ByteDance fails to divest the app within a year.

Louise Matsakis:

The version of TikTok impacted by the legislation is not the same platform that then-president Donald Trump first tried to abolish back in 2020, citing national security concerns about its links to China. TikTok, its user base, and the ecosystem of creators making a living from the platform have grown, transformed, and matured since then. And the potential consequences of the app disappearing have become more significant.

Mike Masnick:

We’ve discussed this a few times before, but the move to ban TikTok is particularly stupid. It demonstrates American hypocrisy regarding its advocacy for an open internet. It goes against basic First Amendment principles. It overreacts to a basic moral panic. And it does fuck all to stop the actual threats that people justifying the ban talk about (surveillance and manipulation/propaganda).

It’s particularly stupid to do this now, just as Congress was finally willing to explore a comprehensive privacy bill.


This leaves out some fairly important elements, including powerful lobbying by companies like Meta (who were clearly threatened by TikTok) to spread a moral panic about the app. It also leaves out the massive financial conflicts of many of the lawmakers who pushed for this bill.

Kane Wu and Julie Zhu (Slashdot):

TikTok owner ByteDance would prefer to shut down its loss-making app rather than sell it if the Chinese company exhausts all legal options to fight legislation to ban the platform from app stores in the U.S., four sources said.

The algorithms TikTok relies on for its operations are deemed core to ByteDance’s overall operations, which would make a sale of the app with algorithms highly unlikely, said the sources close to the parent.

Update (2024-05-08): Rebecca Kern:

TikTok and its parent company ByteDance sued Tuesday to challenge a law President Joe Biden signed to force the sale or ban of the video sharing app.


The companies argued that the law would amount to a Bill of Attainder, or a determination of guilt and punishment by law without trial, which the Constitution prohibits.

Via Nick Heer:

TikTok frames a jettisoning from ByteDance as something which would treat the United States as its own distinct company but, surely, an alternative interpretation of the U.S.’ intent is for the entire TikTok enterprise worldwide to be distinct from ByteDance.

Emma Roth (MacRumors:

TikTok argues that a ban in the US wouldn’t be feasible, as it would force TikTok to move “millions of lines” of software code from ByteDance to a new owner. It adds that limitations from the Chinese government would not allow the sale of TikTok with its algorithm. TikTok claims the ban would make the US version of its app an “island” that gives Americans a “detached experience” from the rest of its users while undermining its business.

Update (2024-05-28): Nick Heer:

This law is very bad. It is an ineffective and illiberal position that abandons democratic values over, effectively, a single app. Unfortunately, TikTok panic is a very popular position in the U.S. and, also, here in Canada.


A mistake I have made in the past — and which I have seen some continue to make — is assuming those who are in favour of legislating against TikTok are opposed to the kinds of dirty tricks it is accused of on principle. This is false. Many of these same people would be all too happy to allow U.S. tech companies to do exactly the same. I think the most generous version of this argument is one in which it is framed as a dispute between the U.S. and its democratic allies, and anxieties about the government of China — ByteDance is necessarily connected to the autocratic state — spreading messaging that does not align with democratic government interests. This is why you see few attempts to reconcile common objections over TikTok with the quite similar behaviours of U.S. corporations, government arms, and intelligence agencies. To wit: U.S.-based social networks also suggest posts with opaque math which could, by the same logic, influence elections in other countries. They also collect enormous amounts of personal data that is routinely wiretapped, and are required to secretly cooperate with intelligence agencies. The U.S. is not authoritarian as China is, but the behaviours in question are not unique to authoritarians. Those specific actions are unfortunately not what the U.S. government is objecting to. What it is disputing, in a most generous reading, is a specifically antidemocratic government gaining any kind of influence.


Similarly, this U.S. TikTok law does not actually solve potential espionage or influence for a few reasons.

Extending Section 702 of FISA


Section 701(b)(4) is amended[…] by inserting after subparagraph (D) the following new subparagraph[…] any other service provider who has access to equipment that is being or may be used to transmit or store wire or electronic communications[…]

Elizabeth Goitein:

Buried in the Section 702 reauthorization bill (RISAA) passed by the House on Friday is the biggest expansion of domestic surveillance since the Patriot Act.


If the bill becomes law, any company or individual that provides ANY service whatsoever may be forced to assist in NSA surveillance, as long as they have access to equipment on which communications are transmitted or stored—such as routers, servers, cell towers, etc.

That sweeps in an enormous range of U.S. businesses that provide wifi to their customers and therefore have access to equipment on which communications transit. Barber shops, laundromats, fitness centers, hardware stores, dentist’s offices… the list goes on and on.


None of these people or businesses would be allowed to tell anyone about the assistance they were compelled to provide.


The NSA, having wholesale access to domestic communications on an unprecedented scale, would then be on the “honor system” to pull out and retain only the communications of approved foreign targets.

Edward Snowden (via Hacker News):

The NSA is just days from taking over the internet, and it’s not on the front page of any newspaper--because no one has noticed.


President Biden on Saturday signed legislation reauthorizing a key U.S. surveillance law after divisions over whether the FBI should be restricted from using the program to search for Americans’ data nearly forced the statute to lapse.

Barely missing its midnight deadline, the Senate had approved the bill by a 60-34 vote hours earlier with bipartisan support, extending for two years the program known as Section 702 of the Foreign Intelligence Surveillance Act.


One of the major changes detractors had proposed centered around restricting the FBI’s access to information about Americans through the program. Though the surveillance tool only targets non-Americans in other countries, it also collects communications of Americans when they are in contact with those targeted foreigners. Sen. Dick Durbin, the No. 2 Democrat in the chamber, had been pushing a proposal that would require U.S. officials to get a warrant before accessing American communications.

Elizabeth Goitein:

It’s a gift to any president who may wish to spy on political enemies, journalists, ideological opponents, etc.

Update (2024-04-26): Richie Koch:

This article examines some of the most important privacy legislation and law enforcement policies in the US and how they impact privacy online.

Update (2024-05-10): Matt Novak (via Hacker News):

But an internal FBI email, leaked to Wired on Wednesday, may accidentally reveal how the federal law enforcement agency plans to overstep the spirit of the law, while technically maintaining the letter of the law.


Wired spoke with Rep. Zoe Lofgren, a Democrat from California who notes this newly leaked email “directly contradicts earlier assertions” by the FBI when the agency was trying to get the law reauthorized.

Update (2024-05-15): Tim Cushing:

Rather than acknowledge the near-miss, the deputy director went the other way, insisting the best way to demonstrate the real-world value of warrantless access is to engage in even more warrantless access. Abbate’s email is couched in language that suggests analysts should do all they can to ensure they don’t violate internal policies or FISA-ordered restrictions. But it still encourages FBI agents to “look for” reasons to obtain US persons’ communications, which suggests at least some caution should be thrown to the wind if necessary.


But there’s another reason the FBI shouldn’t be encouraging more use of a program that has been abused incessantly since its inception: more use means more opportunities for abuse. That’s just the way things are. There’s no getting around it. While it may result in a smaller overall percentage of abusive searches, it will result in more total abusive searches. You would hope an agency that nearly got hit with a warrant requirement would show a bit more caution as it moved forward, rather than send out a “do as many searches as you can” email to FBI analysts with access to 702 collections.


So, there’s no telling how many searches are actually being performed. The FBI has only been reporting these numbers for three years and it has already changed its “counting methodology” once. That could mean internal and external restrictions have actually resulted in less access to US person’s communication. Or it could mean analysts are accessing these communications just as often as they did in 2001, but have found a way to report these numbers to make it look as though the agency has reined in this access a bit. Then again, it might mean the FBI is doing more but reporting less by bundling searches to lower the total number of searches while giving it access to a greater number of communications. And there’s no way we’ll ever know what the FBI is actually doing without an outside audit of its Section 702 activities, something the agency is likely to oppose, obstruct, and otherwise delay from being made public.