General leeway for The Secretary of Commerce to classify things as they see fit. Chevron Deference, the idea that courts defer to executive branch agency interpretations of the law, might go away so this hedges against that - Sec 3-(a)-1-2 - https://www.congress.gov/bill/118th-congress/senate-bill/686...
Judicial Review in Section 12. I think this is the section most resembling what we think of with respect to The Patriot Act. Basically feels like it will be very hard to challenge decisions made under this law. I don't read these things often tho so perhaps I am way off base. https://www.congress.gov/bill/118th-congress/senate-bill/686...
I think the VPN concern comes from a misreading of what is meant by "holding". A "holding" in this context is a financial asset like a stock. The section you highlighted:
> (B) includes any other holding, the structure of which is designed or intended to evade or circumvent the application of this Act, subject to regulations prescribed by the Secretary.
This is referring to intermediary holding companies intended to disguise an ownership stake by foreign nationals (like a shell company). Nothing to do with VPN or any other technology.
While it wouldn't blanket ban VPNs, a VPN is fairly clearly a "communication technology" and a provider could be targeted by this bill. I'm pretty sure they wouldn't even need to do anything malicious, just be large enough and have some malicious users.
The provider would have to be controlled by China or other designated foreign adversary, and they would indeed have to be doing something determined to be a serious threat to the US.
The provider would be acting to abet the violation of this act. Whether or not they are Chinese doesn't matter in that subsection. If they were Chinese they wouldn't care about a US fine anyways. It's even possible that one would argue that a user using a VPN to access TikTok would be violating the bill.
The bill applies to only to financial transactions ("covered transactions" in the bill) and holdings ("covered holdings"), there's nothing in it at all directly regulating access to data or websites by individuals.
Here is the definition that the bill uses for "transaction":
> (17) TRANSACTION.—The term “transaction” means any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology product or service, including ongoing activities such as managed services, >>>data transmission<<<, software updates, repairs, or the provision of data hosting services, or a class of such transactions.
As you can see here, mere data transmission is considered to be a transaction. I strongly suggest that you read the bill, in its entirety.
> (B) includes any other holding, the structure of which is designed or intended to evade or circumvent the application of this Act, subject to regulations prescribed by the Secretary.
This is referring to intermediary holding companies intended to disguise an ownership stake by foreign nationals (like a shell company). Nothing to do with VPN or any other technology.