Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

US Drops Trump Order Targeting TikTok, Plans Its Own Review

The White House dropped Trump-era executive orders intended to ban the popular apps TikTok and WeChat and will conduct its own review aimed at identifying national security risks with software applications tied to China, officials said Wednesday.

The White House dropped Trump-era executive orders intended to ban the popular apps TikTok and WeChat and will conduct its own review aimed at identifying national security risks with software applications tied to China, officials said Wednesday.

A new executive order directs the Commerce Department to undertake what officials describe as an “evidence-based” analysis of transactions involving apps that are manufactured or supplied or controlled by China. Officials are particularly concerned about apps that collect users’ personal data or have connections to Chinese military or intelligence activities.

In revoking some of President Donald Trump’s blanket-style orders against Chinese tech companies and replacing them with a narrower approach, the Biden administration has not actually weighed in yet on whether TikTok and other apps pose a danger to Americans.

But a senior administration official said Wednesday that the Trump actions weren’t “always implemented in the soundest fashion” and the aim of the review is to set up clear criteria to evaluate specific data security and privacy risks for each app. He said that could lead to a range of potential future actions on an app-by-app basis.

“We want to take a tailored, tough approach here,” he said.

The department will also make recommendations on how to further protect Americans’ genetic and personal health information, and will address the risks of certain software apps connected to China or other adversaries, according to senior administration officials.

TikTok on Wednesday declined to comment. WeChat did not respond to a request for comment.

The Trump administration’s attempted bans didn’t hold up legally as courts blocked them, and also “ran up against this critique that they were mimicking China’s Great Firewall,” said Samm Sacks, a fellow at Yale Law School’s Paul Tsai China Center. “What the Biden administration wants to do is maintain an open, secure internet that doesn’t take a page from Beijing’s playbook, while addressing legitimate risk.”

Advertisement. Scroll to continue reading.

The Biden administration’s move reflects ongoing concern that Americans’ personal data could be exposed by popular apps tied to China, a chief U.S. economic and political rival. The White House and Congress have both taken action to address Beijing’s technological advancement.

The Biden administration last week expanded a Trump-era list of Chinese companies that Americans can’t invest in because of purported links to the Chinese military and surveillance. Companies on the list include China’s state-owned telecommunications companies, telecom equipment maker Huawei and Chinese oil company China National Offshore Oil Corp.

On Tuesday, the Senate passed a bill that aims to boost U.S. semiconductor production and the development of artificial intelligence and other technology in the face of growing international competition. The bill would also ban the federal government’s use of Chinese-made drones.

The new executive order should lead to a framework for protecting Americans’ data from China, rather than targeting specific companies, and could pressure Congress to enact a data-security law in the years ahead, said Paul Triolo, a tech policy expert at the Eurasia Group consultancy.

Biden also on Wednesday revoked a Trump order from January that had banned transactions with digital wallets Alipay and WeChat Pay and six lesser-known Chinese apps over unspecified data security concerns.

Courts had blocked the Trump administration’s efforts last year to ban TikTok, a video app widely popular with young people, and the main WeChat messaging service. But a national-security review of TikTok by a government group called the Committee on Foreign Investment in the United States, or CFIUS, is ongoing. CFIUS had set deadlines for TikTok to divest its U.S. operations, but such a sale never happened.

Last year, the Trump administration brokered a deal that would have had U.S. corporations Oracle and Walmart take a large stake in the app on national security grounds. Oracle didn’t returned requests for comment on Wednesday. Walmart declined to comment.

The Biden administration earlier this year sought to delay its legal defense of Trump’s attempts to ban TikTok and WeChat as it reviewed national security threats posed by Chinese technology companies. The U.S. Court of Appeals for the District of Columbia Circuit has put on hold a case challenging Trump’s TikTok divestment order.

A cybersecurity and privacy analysis of TikTok published in March by the internet watchdog group Citizen Lab found no evidence of malicious behavior and said TikTok’s practices of collecting personal data and tracking users’ behavior were no worse than other major social platforms such as Facebook.

“Our research shows that there is no overt data transmission to the Chinese government by TikTok,” the report said. It added that TikTok’s service did not contact any servers within China, but it was still theoretically possible that servers outside China could later transfer user data to China-based servers.

Citizen Lab, based at the University of Toronto, also described a “plausible” though speculative scenario in which the Chinese government could use one of its national security laws to force TikTok’s parent company, ByteDance, to turn over user data, but said there’s no evidence China has yet exerted such pressure on the company.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.