[Shank]

> The discussions with ByteDance will build upon a notification made by Microsoft and ByteDance to the Committee on Foreign Investment in the United States (CFIUS).

For me, this was the first time I've actually had to do a lot of thinking about CFIUS and its implications. I definitely didn't understand the scale and impact of CFIUS before, but now I'm at least aware of the power. I'm undecided as to whether or not this is an appropriate power for the president to have, but I think I'm much more relieved to understand the mechanism by which the "TikTok ban" is being implemented than the very nebulous term "ban."

The reality is that this is the type of thing that can affect each and every one of us in a new set of unexpected ways. Lawfare's explanation was particularly shocking to me:

> TikTok (then called “music.ly”) was bought by ByteDance in 2018 for nearly $1 billion. Of course, music.ly like ByteDance was a Chinese company. So you might think that CFIUS would have no say over that acquisition. But you’d be wrong. For purposes of CFIUS review, a covered “U.S. business” is any entity that engages in interstate commerce in the United States—even if that entity is a foreign corporation. [0]

In other words, I'm at least thankful that I now know that the US has a legal framework for this set of actions -- even if they're a bit shocking in the first place.

[0]: https://www.lawfareblog.com/tiktok-and-law-primer-case-you-n...

[andrewem]

See also the case of Grindr and CFIUS, for instance https://www.washingtonpost.com/politics/2019/04/03/why-is-us...

[rswail]

CFIUS was also the committee that was dragged into the "scandal" concerning Uranium One (a Canadian company) and the supposed involvement of Hillary Rodham-Clinton beaten up by Fox News et al.

[mike00632]

Yes, the CFIUS needs to be reexamined because its use in this case seems objectively capricious. It boggles my mind that all of this can be done with no evidence presented of wrongdoing. I understand that some aspects of cyber-security in the government are classified but there should at least be an effort to explain precisely what types of data TikTok is suspected of collecting. Instead we have Mike Pompeo giving glib answers to questions, saying that TikTok sends "personal information" to the Chinese Communist Party (operative word being "communist" I guess).

Another reason the executive branch should give detailed reasoning for their decision is to avoid the appearance of impropriety. Right now it seems like Trump is simply mad at TikTok because some users allegedly reserved tickets to his Tulsa rally in order to spoil turn out (it should be mentioned that this also was reported by the media without hard evidence).

[someperson]

I think the reasoning of the US government is that every private company in China is an arm of the state since everybody in China is required by law to help China's intelligence service via article 7 of China's National Intelligence Law (and any company with more than 50 people including Douyin/TikTok is required to have a Chinese Community Party secretary so even more state influence)

And because the government of China's long track record of data theft for commercial gain the Trump administration sees it best to use CIFIUS to ban all companies from China that collect any sensitive information (whether personal or corporate), even if they haven't found a smoking gun that the government of China has misused the data yet.

I don't believe the Trump administration is going for complete economic decoupling with China at this stage (though I personally wish they were), but they certainly are going for banning applications with any access to sensitive information at all. Through this reasoning I am fully expecting applications such as AirDroid (made by Beijing-based Sand Studio) to be banned sooner rather than later.

[mike00632]

1. If the reasoning is that a hostile foreign government could use sensitive data against the US and thus shouldn't be allowed to collect such data then such policy is being arbitrarily enforced. There are other companies (FaceApp comes to mind) that collect data on Americans that don't have such scrutiny from the executive branch. Furthermore, American companies that collect sensitive data regularly give access to foreign entities (e.g. Cambridge Analytica, which abused Facebook's sharing agreement with academic institutions but there nonetheless exists such sharing agreements). If the use of CIFIUS is a part of a broader strategy against China then such a strategy should be outlined somewhere, announced and debated in Congress. This is a special decision taken unilaterally against TikTok.

2. I don't think the executive branch's reasoning is limited to the potential of abuse. Representatives of the Trump administration have stated that they are concerned with data that TikTok currently collects, which they say merits a national security concern. It seems like they are making these claims to get the public on board with the measures, but claims like this require specifics and evidence. Even if I agree with TikTok being banned from the US over security concerns, I don't want to feel propagandized by the US government.

3. What sensitive data are we talking about!? This is the elephant in the room. It seems like the big concern is over email address + geographical location + TikTok viewing history + images of faces. TikTok still lives on platforms that are heavily sandboxed and secured by very interested teams at Google and Apple. Nobody has made a credible accusation that TikTok is exploiting some zero day to gain access to users' sensitive data.

4. This isn't a part of a broader talk about the dangers of tech companies collecting too much data. There doesn't seem to be any plans to restrict data collection nation-wide. Maybe the executive branch is taking this on a case-by-case basis but a more reasonable explanation seems to be that Trump simply doesn't like TikTok or is using his power to muscle out foreign businesses as a bargaining chip in a larger China dispute.

[someperson]

I agree with you that the use of CIFIUS as a broader strategy should be debated by Congress rather than just using executive action.

The sandboxing by Google and Apple is not relevant given users are willingly giving TikTok access to the camera, GPS etc. The sensitive information includes the ability to build detailed user profiles (including psych evaluations) of every TikTok user in the world. At least that's my impression from my research into this so far.

[bromuro]

Well the US companies that control our smartphones could force the app to not access most of these data, eg like blocking the GPS.