Washington, D.C. – House Armed Services Committee Lead Republican Mike Rogers (R-AL) and House Foreign Affairs Committee Lead Republican Michael McCaul (R-TX) sent a letter to Treasury Secretary Janet Yellen, Defense Secretary Lloyd Austin, Secretary of State Antony Blinken, and Commerce Secretary Gina Raimondo requesting key documents and information as recent reports raise serious concerns regarding negotiations between the Committee on Foreign Investment in the United States (CFIUS) and the social media platform TikTok.
Media reports have indicated CFIUS is considering a draft agreement that would allow People’s Republic of China (PRC)-based ByteDance to continue to control TikTok and its algorithm, leaving U.S. security at significant risk. One recent report alarmingly stated that the Department of the Treasury favors such a deal despite national security objections from the Department of Defense (DOD), Intelligence Community (IC), and Department of Justice (DOJ) – but that DOD and the IC will not have a major role in CFIUS’s decision making. The letter makes clear that CFIUS decisions must represent the views of all its members and that Congress must have the opportunity to exercise its oversight responsibilities in examining the risks TikTok poses and the terms of any proposed agreement prior to approval.
The lawmakers wrote:
“Recent indications suggest the deeply concerning possibility that CFIUS may approve an agreement that would allow the People’s Republic of China (PRC) to retain significant influence over TikTok and control of its core technology, most importantly its algorithm despite significant objections from national security agencies.”
“As an interagency committee, it is essential CFIUS decisions represent the views of all its members…It would be unacceptable for the concerns and risk assessments of CFIUS members with core national security roles to be discounted.”
“It is important that Congress exercise its constitutional oversight responsibilities by receiving and understanding the terms of any proposed agreement with TikTok and their security implications prior to approval by CFIUS. CFIUS’s statutory authorities specifically provide for such oversight by exempting Congress from the Committee’s nondisclosure requirements.”
Find the full text of the letter here and below:
Dear Secretary Yellen, Secretary Austin, Secretary Blinken, and Secretary Raimondo:
The Committee on Foreign Investment in the United States (CFIUS) is currently in negotiations with TikTok, a social media company owned by the Chinese company ByteDance, aimed at reaching an agreement to address the national security and other risks its platform poses. TikTok could be further weaponized by the People’s Republic of China (PRC) for intelligence-gathering and disinformation given the vast amounts of sensitive personal data collected by the app, its reach to tens of millions of Americans, and the PRC’s virtually unlimited authority to compel it under China’s National Intelligence Law. Recent indications suggest the deeply concerning possibility that CFIUS may approve an agreement that would allow the People’s Republic of China (PRC) to retain significant influence over TikTok and control of its core technology, most importantly its algorithm despite significant objections from national security agencies.
The Wall Street Journal recently reported CFIUS’s review of TikTok has been delayed due to numerous national security concerns within the executive branch, including ones related to the company’s algorithm, as well as doubts over the adequacy of a deal tentatively reached over the summer. The report indicated that negotiations have been aimed at reducing Chinese government influence on the U.S. operation, without completely severing TikTok’s Chinese ties.” This follows previous reports which similarly stated that the Biden administration and TikTok were negotiating on the basis of a draft agreement under which TikTok would make changes to its data security and governance. However, its owner, ByteDance, would not be required to sell it.
Last week, Politico reported on “a divide between national security agencies and the Treasury Department” on the issue. The report stated the Department of Defense (DOD), intelligence community, and Department of Justice (DOJ) all favor forcing ByteDance to divest TikTok, but Treasury, which chairs and exerts considerable influence over CFIUS, is “wary” of divestment and “amenable” to the solution proposed in the draft agreement. Alarmingly, one of Politico’s sources suggested DOD and the intelligence community would have diminished influence in determining the outcome of this debate. The source “stressed that it would primarily be Treasury and DOJ that come to a decision on the issue, saying that DOD and other national security agencies are not intimately involved.”
TikTok’s own statements have expressed confidence that the review will be resolved to the company’s satisfaction. On September 14, 2022, TikTok Chief Operating Officer Vanessa Pappas testified before Congress, “[a]lthough I will not be commenting on the CFIUS process…I can tell you that we’ve made very significant progress in that process, some of which has been disclosed in the media.” She went on to cite an initiative in which it changed “the default storage location of U.S. user data to the Oracle Cloud Infrastructure.” On November 30, 2022, TikTok Chief Executive Officer Shou Zi Chew went further, calling U.S national security concerns “a very solvable problem.”
With over 100 million American monthly active users and over a billion monthly global users, TikTok’s impact is vast. It has access to extensive amounts of sensitive data from its users, including location, browsing data, and even keystrokes. ByteDance reportedly planned to use the TikTok app “to surveil individual American citizens” through their location data. As the company is owned by PRC-based ByteDance, it is subject to the PRC’s National Intelligence Law, which requires all its citizens and businesses to assist in intelligence gathering and provide information such as user data to the government of the PRC or organs of the Chinese Communist Party (CCP).
At present, it does not appear the draft agreement reportedly favored by Treasury would require ByteDance, and by extension PRC authorities, to give up control of its algorithm. If the source code for the algorithm stays under the authority or influence of the PRC government, or organs of the CCP, it may be used to suppress or amplify content according to CCP preferences or PRC laws. Indeed, PRC authorities are actively controlling social media platforms to suppress free speech, violate basic liberties, and manipulate public opinion on the peaceful civil society demonstrations in the PRC right now. Allowing PRC authorities to continue to collect sensitive data, compromise security, and influence the views of tens of millions of Americans represents a grave failure to protect our democracy.
Disturbingly, interference in U.S. politics is already occurring. An analysis by a nonprofit media lab found TikTok was “consistently and dramatically suppressing nonpartisan voting videos on its platform.” TikTok also hosts CCP propaganda accounts airing videos attacking and supporting various U.S. elected officials. These facts are unsurprising considering Zhang Fuping, who is the editor in chief of ByteDance and secretary of the company’s CCP committee, said in 2018 that ByteDance should “take the lead” across “all product lines and business lines” to ensure that the algorithm is informed by the “correct political direction” and “values.” ByteDance also reportedly signed an agreement with the PRC’s Ministry of Public Security’s Press and Publicity Bureau to boost “network influence and online discourse power” and enhance “public security propaganda, guidance, influence, and credibility.”
Numerous leading Biden Administration officials have acknowledged TikTok poses serious security risks. Secretary Yellen recently stated there are “legitimate national security concerns” about TikTok. Federal Bureau of Investigation Director Christopher Wray went further in his November 15, 2022 testimony before Congress, stating that he is “extremely concerned” about TikTok. Of note, he said “the possibility that the Chinese government could use it to control data collection on millions of users. Or control the recommendation algorithm, which could be used for influence operations if they so choose. Or to control software on millions of devices, which gives it opportunity to potentially compromise personal devices.”
Central Intelligence Agency William Burns agreed that TikTok poses a threat given the PRC’s ability to use the app to extract data and shape content to “suit the interests of the Chinese leadership” and advised parents, “I’d be really careful.” Similarly, Director of National Intelligence Avril Haines commented earlier this month on the “extraordinary” degree to which China is developing “frameworks for collecting foreign data and pulling it in” and stated parents “should be” concerned about their children using TikTok.
In the bipartisan Foreign Investment Risk Review Modernization Act of 2018, Congress called upon CFIUS to consider “the extent to which a covered transaction is likely to expose, either directly or indirectly, personally identifiable information, genetic information, or other sensitive data of United States citizens to access by a foreign government or foreign person that may exploit that information in a manner that threatens national security” in its review of covered transactions. On September 15, 2022, President Biden formally incorporated such factors into CFIUS’s consideration of the effects of a covered transaction on U.S. national security through Executive Order 14083.
As an interagency committee, it is essential CFIUS decisions represent the views of all its members. The Department of Defense, Department of State, and Department of Commerce are CFIUS members with significant equities relevant to the security risks posed by TikTok. The Department of Defense also served as a co-lead agency on the TikTok review, and the State Department and Commerce Department provide vital input to the CFIUS process. It would be unacceptable for the concerns and risk assessments of CFIUS members with core national security roles to be discounted.
It is important that Congress exercise its constitutional oversight responsibilities by receiving and understanding the terms of any proposed agreement with TikTok and their security implications prior to approval by CFIUS. CFIUS’s statutory authorities specifically provide for such oversight by exempting Congress from the Committee’s nondisclosure requirements.
To provide Congress a better understanding of CFIUS’s review of TikTok, we request the following no later than December 30, 2022:
- All documents and communications referring or relating to CFIUS’s review of TikTok, including but not limited to:
- All documents related to the Department of Defense, Department of State, and Department of Commerce’s participation in the review;
- All Covered Transaction Analyses;
- All National Security Threat Assessments, Risk Based Analyses, and/or any other threat/risk assessments (including any assessments of privacy risks or election interference) whether prepared by a CFIUS agency, the Director of National Intelligence, or another entity;
- All Proposed Mitigation or final Draft National Security Agreements (whether considered prior to the divestment order or in the course of litigation);
- All communications by U.S. officials, contractors, and consultants concerning the review, whether at the CFIUS agencies or other executive branch entities;
- All communication by U.S. officials, contractors, and consultants concerning the review, whether at the CFIUS agencies or other executive branch entities, with TikTok, ByteDance, and their representatives, including legal counsel;
- All documents and communications related to the August 14, 2020 divestment order, as well litigation challenging the divestment.
We look forward to your prompt responses.