TikTok and the Restrict Act, good for data security or bad for free speech?
Earlier this month FAU received a memo from the chancellor of the Florida State University System Board of Governors directing the university to protect itself from potential threats posed by certain applications and websites of concern. The list includes applications like TikTok, Wechat, Vkontakte, Kaspersky, and Tencent QQ, all of which are controlled by companies that are affiliated with Chinese or Russian state enterprises.
Many students at FAU are familiar with applications like TikTok and Wechat as they are some of the most popular social media services available on the app stores. Most of the students I have asked on campus Wi-Fi disagree with the restrictions and do not believe that it will be effective in preventing students from accessing the applications on campus because students can still use their mobile data networks to access these services. The restrictions imposed on the use of these applications on Wi-Fi networks controlled by public universities in Florida come as an extension of the public debates on federal legislation currently proposed in Congress. In lieu of federal action being taken to restrict access to applications considered dangerous for national security and data privacy, Florida and a number of other states have taken steps to act ahead of Congress.
It is important to understand the arguments made by proponents of the Restrict Act and opponents of TikTok to understand if the currently proposed federal legislation will resolve the issues at hand and whether or not the legislation in question would have some unforeseen impact that legislatures may not be aware of. Furthermore, the allegations levied against TikTok and their CEO, Shou Zi Chew, during his testimony at the House Energy and Commerce Committee hearing should be investigated in order to ascertain how much substance should be given to them.
Currently, the Restrict Act is the most sweeping legislation that would regulate internet applications and services that are offered by companies based in China, Russia, and a number of other countries. However, there was an attempt to pass a bill by unanimous consent that was introduced by Josh Hawley that only banned TikTok itself. Unfortunately for Hawley, Rand Paul was the sole objector and his proposal failed to gain unanimous consent. Citing the principle of free speech, Rand Paul made the case against protecting Americans by banning social media platforms deemed security risks because we would be effectively governing like China by doing so. He argued that many of the conservatives railing against censorship on social media are now advocating censoring social media apps they worry are influencing American citizens at the behest of the Chinese government. Free speech, he asserts, protects Communism as well.
The crux of Senator Paul’s argument is that the first amendment protects not just an individual’s right to speak their mind, but also their right to seek out and view content that other people produce, regardless of what other people think of that content. So long as a video or post does not violate the law, the government should not take action to restrict people from seeing or accessing that content. However, a distinction between the use of certain applications on privately owned and government devices should be highlighted.
For government officials with access to sensitive materials on their government issued phones, restrictions on the type of applications that can be installed makes a lot of sense. Applications like TikTok may attempt to gain access to data from other apps, as has been alleged for Facebook when they implemented a service called Onavo Protect, which “established a secure connection to direct all of your network communications through Onavo’s servers” by collecting all “mobile data traffic” from your device. This is certainly a security risk for government issued phones, but it is less concerning for privately owned devices because the only data that could be gleaned from personal devices is personal information as opposed to state secrets. Currently, TikTok cannot be installed on any government issued devices and that kind of targeted ban makes a lot of sense.
A ban on private devices, however, runs afoul of first amendment protections afforded by the constitution. Users should be aware of the potential for apps to track all kinds of user data if they are installed on their devices and is precisely what media organizations and oversight committees ought to explain to their viewers and constituents. However, evidence must be used to confirm allegations that TikTok is in fact tracking all data from devices that have the application installed.
Indeed, TikTok’s terms of service (TOS) are quite broad when it comes to data collection. Information about your IP address, mobile carrier, time zone, model of your device, screen resolution, and operating system seem necessary to collect in order to improve the user experience. However, their TOS also states that TikTok collects app and file names, keystroke patterns or rhythms, audio settings and connected audio devices, identifiers for advertising purposes, and user agent data.
One of the concerns of the members during the TikTok House oversight committee was whether TikTok accesses other devices that are connected to the Wi-Fi network the phone is using to access TikTok. However, there does not appear to be anything in the terms of services that indicates TikTok has access to other devices’ data on a Wi-Fi network. Mr. Chew responded in the negative when asked that question and seemed perplexed by the question itself, perhaps because if TikTok actually did infect a Wi-Fi network it would mean a great degree of legal liability for TikTok.
While it is important to understand what TikTok does and does not have access to while installed on your mobile device, it is perhaps more important to understand what the Restrict Act would do if enacted. Senate bill S.686, known colloquially as the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, was introduced in the Senate on the 7th of March. The bill does not mention TikTok but it would effectively ban TikTok if the parent company Bytedance does not sell its subsidiary to a U.S. firm.
The legislation authorizes the Secretary of Commerce to review and prohibit certain transactions between persons in the United States and foreign adversaries. The bill designates a foreign adversary as “any foreign government or regime, determined by the Secretary,…,to have engaged in a long term pattern or serious instances of conduct significantly adverse to the national security of the United States”, and lists China, Cuban, Iran, North Korea, Russia, and Venezuela under Nicolas Maduro as foreign adversaries.
The expansiveness of the bill is apparent by the provision that allows the secretary of various executive agencies to unilaterally declare new foreign adversaries without another approval from Congress. These secretaries include; the Secretary of Treasury, Secretary of State, Secretary of Defense, the Attorney General, Secretary of Homeland Security, the United States Trade Representative, the Director of National Intelligence, the Administrator of General Services, the Chairman of the Federal Communications Commission, and other executives as appropriate.
The power to declare new foreign adversaries, if passed, would be delegated to the executive bureaucracy rather than to Congress. Additionally, the Restrict Act provides civil and criminal penalties for persons in violation of the Secretary’s regulation, order, direction, prohibition, or other directive issued by the Act. Namely, a civil fine of not more than $250,000 for a transaction that violates the act, and a criminal fine not more than $1,000,000, or if a citizen, they may be imprisoned for not more than 20 years, or both. If convicted, an individual would also forfeit their property to the United States.
Perhaps the most concerning aspect of this legislation is the provision which makes it unlawful for a person to “violate, attempt to violate, conspire to violate, or cause a violation of any regulation”, because it would seem to make the act of using a VPN to bypass a directive banning access to TikTok from US soil a criminal offense. I believed this was something only the authoritarian Chinese and Russian governments did, but now the United States must make it a criminal offense to bypass internet restrictions in order to protect Americans from our foreign adversaries.
To put the cherry on top of this very dystopian cake, the Restrict Act also states that the Freedom of Information Act is inapplicable to any information submitted to the Federal Government in accordance with the act, as well as any information the Federal Government may create relating to review of the covered transaction. This provision could be understood to mean that any information or classified material, that would prove one way or another to demonstrate that an entity or individual violated the act, would remain hidden from public view.
It appears that Libertarian concerns about expansive bureaucratic power are indeed based on specific provisions within the Restrict Act that empower the federal government with mechanisms to spy and enforce adherence to directives of the bureaucracy. For those of us who advocate government should take a hands off approach when it pertains to regulating the personal lives of Americans, this Act is a glaring reminder that more often than not governments act to exert controls over what information their populations can seek out in the name of national security, even if their constitution affords them inalienable rights to freedom of expression.