On Sunday, the D.C. district court handed down a preliminary injunction that blocks the Trump administration’s TikTok ban order. The decision, which after being pushed back one week was slated to take effect on Sunday evening, has dealt a setback to Trump’s efforts to mitigate the app’s national-security risks in the United States.
And with that injunction, we’re likely nowhere closer to the end of this saga. The administration has vowed to press forward, though a few other outcomes remain possible. Trump could move to implement the Oracle deal and the Chinese government could block it altogether. It’s a mess, really.
However, TikTok’s push to secure that injunction has led to a debunking of how the company’s representatives say it handles the data of its American users. The opinion granting the injunction notes a previously redacted claim made by the Commerce Department in a separate filing:
The Secretary also concluded that the TikTok data of U.S. users is especially vulnerable because TikTok keeps a backup of all its U.S. data in Singapore with a Chinabased company called Alibaba. Commerce Memo [Sealed], ECF No. 21-1, 15. Like ByteDance, “Alibaba is a Chinese company . . . beholden to PRC laws that require assistance in surveillance and intelligence operations.” Id.
TikTok, though, based on its previous statements, would have you believe that its Singapore-based user data is completely impervious to Chinese demands. Here’s a statement issued by TikTok in 2019, as the app started to face more scrutiny:
First, let’s talk about data privacy and security. We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.
There’s no way around it: If the Commerce Department’s findings hold up, TikTok has just been caught in a big lie. U.S. user data, despite the company’s claims to the contrary, is vulnerable to Chinese government requests under the 2017 National Intelligence Law.
And that lie is one that too many journalists accepted uncritically. Sure, many serious observers assumed that TikTok — a subsidiary of ByteDance, which has a long history of cooperation with the CCP — would not hesitate to comply with Beijing’s orders.
But the company’s impressive, U.S.-targeted publicity campaign featuring American executives and press flacks did trick some credulous columnists into using TikTok’s talking points as an important basis for their conclusions. Here, for example, is what the Washington Post’s Geoffrey Fowler wrote in July:
“Protecting the privacy of our users’ data is of the utmost importance to TikTok,” said spokeswoman Ashley Nash-Hahn. “TikTok collects much less U.S. user information than many of the companies in our space and stores it in the U.S. and Singapore. We have not, and would not, give it to the Chinese government.”
My takeaway: TikTok doesn’t appear to grab any more personal information than Facebook. That’s still an appalling amount of data to mine about the lives of Americans. But there’s scant evidence that TikTok is sharing our data with China, and we should be wary of xenophobia dressed up as privacy concerns.
Why were some journalists so quick to believe TikTok’s assertions? It’s not as though there was a lack of available analysis about its likely data management practices. China watchers and national-security experts had been pushing back against the company’s falsehoods for months. And what else is TikTok lying about?