Critics of the law that gives TikTok a divest-or-leave ultimatum call it a “ban.” TikTok itself argues that the U.S. government has not provided proof that it is a national security risk warranting such heavy-handed measures. Lawmakers and the U.S. Intelligence Community argue that the app poses a grave threat to national security if it remains in the hands of the Chinese communist regime.
On April 24, President Joe Biden signed into law the Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA), a law that requires apps controlled by foreign adversaries to sever that connection to operate in the United States. This created a countdown for China-based parent company ByteDance to sell off TikTok by Jan. 19, 2025. ByteDance and TikTok filed a lawsuit, arguing that the law is unconstitutional on a First Amendment basis.
TikTok Goes to Washington
TikTok entered the U.S. and global markets in September 2017, and two months later, ByteDance acquired Musical.ly with its 200 million users and folded it into TikTok.In 2019, the U.S. government contacted ByteDance by way of the Committee on Foreign Investment in the United States (CFIUS) and flagged national security concerns.
The committee has very specific authority—to review transactions with foreign investment on the basis of national security—and it was challenged as to whether it had the authority to review the purchase of Musical.ly when it had occurred two years prior.
By July 30, 2020, CFIUS had completed a formal review and announced an investigation into ByteDance’s purchase of Musical.ly.
Two weeks later, President Donald Trump issued an executive order requiring ByteDance to divest itself of its American apps, namely TikTok. ByteDance filed suit, and the government lost on procedural grounds. The court questioned why an executive order was needed when CFIUS had yet to complete its investigation. The order was stayed, and the lawsuit was frozen.
From November 2020 on, the executive branch held ongoing meetings with ByteDance and TikTok, reviewing dozens of proposals and having in-depth technical discussions to find a resolution short of divestment.
But after years of discussion, ByteDance was unwilling to agree to terms that would mitigate risks posed by the Chinese Communist Party’s access to user data and its ability to influence the app, he said.
On Aug. 23, 2022, ByteDance submitted its final proposal and has publicly touted the nearly $2 billion it invested in “Project Texas,” meant to house data on U.S. soil. However, extensive review from the government and experts found that this proposal was “insufficient” to address core national security concerns.
It would ultimately require the government to trust that Oracle was reviewing TikTok’s actions in an impossible timeframe and rely on TikTok to voluntarily remedy any wrongdoing only after the government identified it.
Clash of the National Security Laws
As TikTok CEO Shou Zi Chew pointed out in congressional hearings, ByteDance is a privately owned company in the Cayman Islands. However, its headquarters is in China, and companies do not need to be Chinese to be subject to Chinese laws.The Chinese Communist Party (CCP) has passed several laws that require all individuals and organizations operating in China to aid the CCP’s digital authoritarianism, claiming that “digital sovereignty” gives it the authority to enforce these laws even overseas, even if they conflict with foreign laws.
The CCP’s 2015 National Security Law defines security as a state in which the country and the CCP’s interests are “relatively free from danger and internal and external threats.” It requires people and organizations in China to report any evidence that would endanger this state and assist authorities in national security efforts.
A 2015 Anti-Terrorism Law defines terrorism broadly as “propositions and actions that ... coerce state organs or international organizations to achieve their political, ideological, or other objectives” and authorizes state surveillance while requiring all people and organizations in China to assist the CCP in this work.
The 2016 Cybersecurity Law requires companies operating in China to store data in China and allow full access to such data to CCP authorities, requiring networks to “accept supervision from the government.”
The 2017 National Intelligence Law gives the CCP the authority to conduct intelligence work through any “necessary methods, means, and channels” and requires all individuals and organizations in China to cooperate with these operations.
These laws also contain provisions prohibiting these individuals or organizations from disclosing whether they were required to comply with CCP operations.
Put together, the laws create conditions for ByteDance to be called to secretly share with the CCP data pulled from TikTok while publicly denying this, or even without TikTok’s knowledge.
TikTok did not respond to an inquiry from The Epoch Times.
“Because Chinese laws enable the [People’s Republic of China] to exert control over Chinese companies’ U.S. subsidiaries ... the [People’s Republic of China] has and can benefit from those companies’ commercial successes as the Chinese government can leverage its legal regime and other tools to co-opt those companies for geopolitical gain,” FBI counterintelligence assistant director Kevin Vomdran said in a court filing.
The law TikTok is now challenging in federal appeals court is a U.S. national security law.
TikTok argues that the law effectively bans the app in the United States, as divestment is not an option because the Chinese regime will not allow ByteDance to sell TikTok.
What Value Is TikTok to the CCP?
Some critics of TikTok say the app has numerous negative effects on users, particularly young users. They are wary of the CCP’s ability to use the app to influence the American public, pointing to two reports that conclude that the app’s algorithm suppresses content critical of the CCP.Communications attorney Joel Thayer told The Epoch Times that this is not what the law targets and that it would indeed violate the First Amendment if it did.
“Even after you divest, if you want to be the arm of the CCP PR campaign, you can do that. You just can’t be tethered to a company that has this many ties to the CCP,” he said.
Thayer, president of the Digital Progress Institute, represented two groups that filed separate amicus briefs arguing PAFACA’s constitutionality.
Pro-CCP content is probably rather low on the list of national security concerns when it comes to TikTok, Thayer said.
“What the divest law is saying here is, ‘We actually are really worried about the data transmissions that are occurring because of this relationship and also the ability for these individuals to set their algorithms over in China to essentially not just their point of view, but also conduct espionage campaigns,’” Thayer said.
“That is an enormous national security concern, and it’s got nothing to do with whether or not the content is favorable or disfavorable to the American population, to the American government.”
Some critics of the law have argued that most social media platforms collect much of the same data TikTok collects, and the bill does not remedy this. PAFACA does not target TikTok’s data collection either, which would require a much more complex law.
“If you shoot a high-definition video, I can do a facial dynamic analysis of you. If you have pictures of your fingers that are at high definition, I can collect your fingerprints,” he said.
Steinberg said one can’t rule out that spies within U.S. tech and social media companies could help foreign adversaries obtain the same data, or worse, that there are hardware vulnerabilities in popular devices such as phones used by American companies that can collect much more than software ever could. He noted that the data have value to businesses and foreign adversaries, but it is impossible to say just how valuable it could be.
Steinberg pointed out how much the teens and pre-teens of TikTok document through the app. He said that if a foreign government, decades later, were to have incriminating or exonerating evidence of a high-profile individual, that might create an opportunity for blackmail.
“Storage is cheap. Storing everything about everybody can be valuable to adversaries,” Steinberg said.
Cybersecurity expert Steve McKeon, CEO of Macguyver Tech, told The Epoch Times that he has seen TikTok send data to China. McKeon recalled one job during which he helped a company deal with ransomware and found that the malicious software was sending TikTok-collected data to China.
His associates in Quokka Cybersecurity separately found that TikTok engages in what they call “app collusion,” collecting data where it shouldn’t and sending the data to China, as they told members of Congress last year during a risk briefing. App collusion means that TikTok obtains data gathered by other apps, which is usually a hallmark of malware.
McKeon said they could see where the data were going but not what the data were being used for.
McKeon pointed to federal charges against CCP hackers for intellectual property theft and said with the amount of information the average person shares online, it’s possible for a malicious actor to impersonate key personnel to deceive, for instance, an employee of a targeted company to obtain key information or access—a situation he’s encountered more than once.
McKeon said the TikTok app functions very unusually compared with industry best practices, but it’s not necessarily illegal activity because technology moves at a speed far swifter than lawmaking. Plus, software updates mean an app can act maliciously for a period of time then release an update to remove evidence of that behavior before it can be proven. Intelligence officials stated similar concerns in court filings in the TikTok lawsuit.
“There’s just a cloud around this app,” McKeon said.
The suspicious behavior includes the way TikTok contacts networks. Normally, when an app connects to the internet, it reaches out to the closest server.
“TikTok’s not doing that. TikTok’s going halfway around the world to the first target in China,” he said, and there isn’t a particularly good reason to do that. “It’s not going to a couple of different servers and eventually making it there.”
He noted that housing data on American soil doesn’t mean much if personnel in China receive the data before they are even stored, which would explain why TikTok’s final proposal did not persuade the government.
If the CCP has easy access to this vast dataset, digital surveillance is possible. Because the CCP enforces laws extraterritorially, a CCP-tethered TikTok poses the risk of allowing the regime to track Chinese dissidents and human rights activists who the regime has vocally declared should be extradited to China for punishment by force if necessary. The FBI and international human rights groups call this “transnational repression.”
“It’s not just a national security issue, it’s a human rights issue,” Thayer said.
One of the amicus groups he represented was a coalition of several human rights groups advocating on behalf of Uyghurs, Hong Kongers, and Tibetans—groups deeply familiar with the CCP’s digital surveillance and persecution.
Rushan Abbas is founder and executive director of the nonprofit Campaign for Uyghurs, and for this, the CCP has labeled her a “terrorist.” On Sept. 5, 2018, Abbas spoke out about the regime’s persecution of Uyghurs, including 24 of her husband’s missing family members, at a panel event in the United States.
Five days later, Abbas’s sister, Gulshan Abbas, disappeared. It was only in December 2020 that Abbas received confirmation that her sister had been abducted and detained by the Chinese regime, given a 20-year sentence on charges of terrorism and social disruption.
“I am the target of the CCP’s ongoing harassment, threats, libel, and blackmail, both in-person and online, aimed at discrediting my activism for the Uyghur people suffering genocide,” Abbas told The Epoch Times.
TikTok’s ability to track not just users but also people in their network creates real safety concerns for human rights activists and their family members who are in China, Abbas said.
“TikTok, under the control of the CCP, is legally required to share user data with the Chinese government,” she said. “This creates a serious risk to our privacy, exposing sensitive information while facilitating the CCP’s transnational repression.”
TikTok’s parent company, ByteDance, also has a record of targeting dissenters.
Last year, former ByteDance executive Yintao “Roger” Yu sued his former employer for damages after allegedly being fired for raising concerns about the company’s intellectual property theft. In court filings, he also alleged that personnel in China had direct access to American data and broad administrative powers to influence the apps.
“Under extreme fear, my mother was crying and informed me that my father had been detained,” reads the statement, which was submitted to support Yu’s argument that certain witnesses should have their identities protected from ByteDance. “Based on personal experience, I believe that ByteDance considers employees who speak out against the company’s practices as ‘traitors’ who need to be destroyed at any cost.”
TikTok and its supporters argue that the U.S. government has not provided any proof that it is a bad actor to warrant a divestiture law, but lawmakers argue that this misunderstands the role of policymaking.
Lawmakers should, instead, be looking for “loaded guns” such as companies beholden to the CCP’s national security laws, he said.
