🔥TikTok ban is no way to address concerns on China’s data security
Beijing’s Global Initiative on Data Security could be the framework for work to bolster confidence in China’s data handling and its global companies.
Before sharing a recent article by Henry Huiyao Wang, Founder and President of the Center for China and Globalization (CCG), from his South China Morning Post opinion column, here is some background.
In the U.S. House Energy and Commerce Committee hearing (transcript) on TikTok, some of the wiser questions concentrate on several articles in China’s standing law.
Rep. Cathy McMorris Rodgers (R-WA):
Today, the CCPs laws require Chinese companies like ByteDance to spy on their behalf.
Rep. Frank Pallone (D-NJ):
The Chinese Communist government can compel companies based in Beijing like TikTok to share data with the communist government through existing Beijing law or coercion.
Rep. Anna Eshoo (D-CA):
how user data, American user data would be protected now under Beijing’s security laws. Article seven compels companies to provide data. Article 10 makes the reach of the law extra extra territorial. Now, this is very clear. I don’t need to read all of it into the record but that those are the laws of the PRC…Why would the Chinese government sidestep their national law, including Article 7, Article 10 in terms of user data?
…And when you look at their national law, and what specifically these two articles, article seven and Article 10 are very clear.
Rep. Bob Latta (R-OH):
Are employees of ByteDance subject to Chinese law, including the 2017 National Intelligence Law, which requires any organization or citizen to support, assist, and cooperate with state intelligence work in accordance with the law.
…Article seven, the article seven of the 2017 National Intelligence Law, which I just said cuz it says in addition, as we was asked a little bit earlier, the 2014 Counter Espino espionage law states that when the state’s security organ investigates and understands the situation of espionage and collect relevant evidence, the relevant organizations and individuals, it does not say may, it says, shall provided truthfully and may not refuse
Rep. Mariannette Miller-Meeks (R-IA):
Bytedance, which as we know is is susceptible to the laws of the Chinese Communist Party…
Rep. Dan Crenshaw (R-TX):
here’s the main point of concern. China’s 2017 national intelligence law states very clearly that quote, any organization or citizen shall support, assist and cooperate with state intelligence, work in accordance with the law and maintain the secrecy of all knowledge of state intelligence work. In other words, ByteDance and also your TikTok employees that live in China, they must cooperate with Chinese intelligence whenever they are called upon. And if they are called upon, they’re bound to secrecy. That would include you. So Mr. Chew, if the CCP tells ByteDance to turn over all data that TikTok is collected inside the US even within Project Texas, do they have to do so according to the Chinese law.
ByteDance owns TikTok. If ByteDance is to, and, and the CCP owns ByteDance because the CCP owns everybody in China. So by law they can make them do whatever they want. And they say that by law you can’t tell anyone about it.
Similar questions have been thrown at other Chinese companies, such as
Financial Times on DJI, the dronemaker
But critics counter that Chinese national security laws require companies to share data with the central government when compelled by Beijing.
Reuters on BGI Group, the gene testing firm
China has released new privacy and data security laws that offer greater protection of personal data, but also allow Chinese national security authorities to access that data.
[BGI’s response to the Reuters report.]
UK government on Hikivision and Dahua security cameras
On 24 November 2022, the Government announced that Departments should cease deployment of visual surveillance systems produced by companies subject to China's National Intelligence Law onto sensitive sites.
WIRED on Chinese cars
Is Your New Car a Threat to National Security? Putting sensor-packed Chinese cars on Western roads could be a privacy issue. Just ask Tesla.
Okay, that’s enough. So what is the Chinese law? Why does it appear so sweeping? Is there anything in the PRC that could be, so to speak, seen as an insurance policy or leveraged to create better conditions for Chinese companies internationally?
[If you subscribe to CCG Update, a sister substack dedicated to keeping subscribers informed on the latest CCG activities, please excuse me for the redundancy because you’ve already read it. Given TikTok stubbornly remains in the headlines, we decide to make it available on Pekingnology as well.
There is apparently some overlap in the subscribers to the two newsletters, but I don’t know how big the overlap is - probably not a lot. We haven’t cross-published anything before, and don’t intend to do this often in the future.
Below is a slightly edited version that includes external links for reference. The South China Morning Post web site apparently only allows links to SCMP content.]
TikTok ban is no way to address concerns on China’s data security
Beijing’s Global Initiative on Data Security, in particular, clearly states respect for how other countries handle data, and could be the framework for work to bolster confidence in China’s data handling.
by Henry Huiyao Wang April 4, 2023
At the heart of the intense scrutiny surrounding TikTok in the U.S. lies the question of whether the Chinese government could access U.S. data through TikTok or its privately-owned Chinese parent company, ByteDance. Amid the numerous reports and analyses following the House hearing on TikTok, one key Chinese initiative has been absent from the U.S. debate, yet it could prove to be crucial.
While concerns about vast amounts of U.S. TikTok data potentially falling into Chinese government hands are not unfounded, the evidence is lacking. A 2021 Citizen Lab report found "there is no overt data transmission to the Chinese government by TikTok," although the respected research body could not determine what happens after data enters TikTok servers. To date, no public evidence has surfaced to suggest that Beijing has exploited TikTok's commercial data for intelligence or other purposes.
Under oath, TikTok's CEO, Shou Zi Chew, testified that "TikTok has never shared, or received a request to share, U.S. user data with the Chinese government. Nor would TikTok honor such a request if one were ever made."
Congress, for the most part, remained skeptical—particularly regarding the last statement. This skepticism is not surprising given the current climate of distrust. The Representatives' most plausible concern cites Chinese laws that, in various forms, state "all organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law" and misinterpret it as ByteDance being legally obligated to turn over TikTok data upon request.
In addition to overlooking the "in accordance with law" part, which refers to other Chinese laws that include privacy protection, four points should be considered.
First, the Chinese government has repeatedly stated that its laws do not permit the acquisition of foreign data in this manner. In March 2019, then the Chinese Premier said during a televised press conference that asking Chinese companies to "spy" on other countries is "not consistent with Chinese law. This is not how China behaves. China did not and will not do that in the future."
Second, what many Representatives perceive as enabling Chinese government spying through its companies is a result of different legislative traditions, academics observed at least two decades ago. Chinese laws are often seen as general, broad, and vague viewed through the lens of common law because they are modeled after civil law countries' legislation; China, a vast and rapidly changing country, requires broadly drafted laws and regulations to accommodate local conditions; additionally, Chinese laws tend to state general principles that must be interpreted and applied to specific situations.
Third, on a little-known point, China maintains in the United Nations that "States shall not directly collect the data stored in foreign States from enterprises or individuals or by technical means bypassing network security protection measures if such measures are against the laws of that Foreign State."
The Chinese position is actually more protective than the CLOUD Act, which, passed under Donald Trump's administration, says companies subject to U.S. jurisdiction may be compelled, pursuant to a court order, to produce data subject to their control regardless of where the data is stored.
Fourth, China has, in fact, made an international pledge not to request overseas data from Chinese companies. In September 2020, Wang Yi, currently China's top diplomat, unveiled the Global Initiative on Data Security (GIDS), which says, "States should not request domestic companies to store data generated and obtained overseas in their own territory. States should respect the sovereignty, jurisdiction, and governance of data of other States, and shall not obtain data located in other States through companies or individuals without other States' permission. Should States need to obtain overseas data out of law enforcement requirement such as combating crimes, they should do it through judicial assistance or other relevant multilateral and bilateral agreements."
A plain reading means that, in the case of TikTok, China will not request TikTok data to be stored in China. China respects the sovereignty, jurisdiction, and governance of U.S. data and will not obtain TikTok data located in the U.S. through ByteDance, TikTok, their employees, or anyone else—without U.S. permission. In case Beijing needs them, it must do it through the U.S. government.
The GIDS represents "China's commitment to protecting global data security," according to the Foreign Ministry on the day of its publication. President Xi Jinping referenced the GIDS during the G20 summit in 2020. Recently, China's Global Security Initiative Concept Paper reiterated the GIDS, noting its adoption between China and the League of Arab States, as well as between China and Central Asia. China and Russia also mentioned it in their joint statement two weeks ago.
The GIDS seeks, admittedly, to establish China's data security narrative but in doing so reassure foreign nations. A Chinese ambassador in Brussels referenced the GIDS in saying that "we never ask Chinese companies to break the laws of the host countries by handing over overseas data to the Chinese government." A senior researcher at a state think tank wrote in a state publication that the GIDS "responds to some countries' concerns and doubts about where the data generated by Chinese companies in their overseas operations has gone and is stored."
Judging from mainstream U.S. discourse, it seems more likely that politicians and pundits are unaware of the GIDS. If they were aware but skeptical, they would have raised the issue and then dismissed it. However, the GIDS rarely appears in discussions, exposing a gap in U.S. knowledge about its perceived top competitor.
In a more optimistic era, TikTok, initially developed in China and later embraced and refined in the U.S., could have been celebrated as a symbol of success reflecting the deep ties between the world's two largest economies with long people-to-people friendship. Regrettably, it has now become a point of contention, with Washington reportedly - once again - threatening a ban unless a divestment takes place, a move that has been met with "firm opposition" from Beijing.
The two nations already face enough challenges and should avoid exacerbating tensions in repeating a showdown similar to the one surrounding Huawei. Many Americans support TikTok and its competent Singaporean CEO, and China has provided assurances in addition to its stated position of not accessing overseas data through Chinese companies.
There is a constructive way to navigate this minefield. Washington could signal to Beijing, through back channels if necessary, its intention to resolve the matter based on pragmatism rather than paranoia. In turn, China could incorporate the GIDS into domestic laws and regulations, amending or officially interpreting laws accordingly.
Neither side wishes to appear "weak" domestically, but both have interests in finding a compromise.
TikTok proudly boasts 150 million users in the United States, including more Democrats than Republicans. A ban or blocking of further downloads would be extreme, unprecedented, and politically fraught for President Joe Biden. As Congresswoman Alexandria Ocasio-Cortez wisely stated, it is "putting the cart before the horse." After all, an evidence-based approach does not justify a ban.
For China, after two and a half years of promoting the GIDS internationally, proactively implementing key aspects of it domestically is not about appeasing the U.S. but a logical step to further strengthen its global appeal and serve Chinese interests.
The latest Central Economic Work Conference in Beijing stated that China supports its Big Tech in "fully displaying their capabilities" to boost economic growth, job creation, and international competition. Codifying the GIDS would concretely and cost-effectively strengthen not only internet companies but also telecommunications equipment vendor Huawei, drone maker DJI, gene testing giant BGI, and even its thriving automakers. As data becomes ubiquitous in Chinese technology and products, legislation alleviating potential concerns will be welcomed in Europe, Asia, and Africa.
Pragmatism from both sides regarding TikTok could also serve as a starting point for rebuilding trust and signaling that they can handle complex issues.
Finally, broader American online privacy concerns, such as questionable content, addictive algorithms, social media addiction, and the impact on teens' mental health are not unique to TikTok, which has been singled out due to its Chinese roots.(Enditem)
I remember your piece about GIDS from a couple months ago, kinda wish Shou Zi Chew would have mentioned that, but then again only certain laws "matter" for discussion I suppose