This week, U.S. Sen. Marco Rubio, R-Fla., requested an update from U.S. Secretary of Commerce Gina Raimondo after the department reached its own deadline to provide the White House a report with recommendations to protect Americans’ data from foreign adversaries.
On June 9, 2021, President Joe Biden issued Executive Order 14034, which revoked former President Donald Trump’s previous Executive Orders relating to high-risk, foreign-owned apps – including one that would have effectively banned TikTok. Biden’s order also required the Department of Commerce to produce a report for the White House in 120 days with recommendations about how best to protect against harm from the sale to or storage of Americans’ data by foreign adversaries.
The letter is below.
Dear Secretary Raimondo:
On June 9, 2021, President Biden issued Executive Order (EO) 14034, which revoked three of former President Trump’s Executive Orders that would have effectively banned TikTok in the United States and imposed restrictions against several other high-risk, Chinese-owned mobile apps. I write to request an update on recommendations the U.S. Department of Commerce is obligated to produce on how to protect Americans’ data in the wake of President Biden’s decision to rescind the ban on these harmful apps and their continued operation in the United States.
Since President Biden issued EO 14034, the degree of Chinese Communist Party (CCP) control over these apps, and the potential harm that Beijing could inflict upon tens of millions of American users, have only become more self-evident. Throughout the summer, current and former TikTok employees repeatedly attested to the degree of Chinese control over the app. Several have described the boundaries between TikTok and Chinese parent company ByteDance as effectively non-existent, with engineering and product decisions resting with the latter, while others ominously noted that management power at TikTok ultimately rests in China.
Researchers at the University of Toronto’s Citizen Lab noted in March that “[e]ven if no non-Chinese user data is transferred to China, the Chinese government might be able to order changes to TikTok’s source code to enable such transfer or other features they want.” Since the Biden Administration decided to overturn the Trump Administration’s EO that would have banned TikTok, Beijing has only deepened its overt authority to do so. In fact, just this August, Beijing acquired a significant stake and board seat in ByteDance’s key Chinese entity.
In EO 14034, “Protecting Americans’ Sensitive Data from Foreign Adversaries,” President Biden committed to “a criteria-based decision framework and rigorous, evidence-based analysis” to address the risks of such foreign software. The order mandated that the Secretary of Commerce, in consultation with other agencies, produce a report no later than 120 days after its issuance with recommendations on how to best “protect against harm from the unrestricted sale of, transfer of, or access to United States persons’ sensitive data,” as well as against “harm from access to large data repositories by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.”
That 120-day deadline passed yesterday, October 7, 2021. As such, I request answers to the following questions:
Is it the Department of Commerce’s judgment that TikTok truly is independent of the Chinese Communist Party?
What risks are posed to American users, including millions of minors, by TikTok’s newly expanded capacity to collect biometric data, including so-called faceprints and voiceprints?
Given the reported level of CCP access into TikTok’s data, what steps is the Department of Commerce taking to ensure such personal information does not end up in Beijing’s possession?
What recommendations can the Department of Commerce make for additional executive and legislative actions to address the risks associated with foreign adversary-connected software applications?
Thank you for your attention to this matter. I look forward to your prompt response.