Madison Grady, MPP Staff Writer, Brief Policy Perspectives

When you download an app onto your phone, do you check to see who created the app, or who owns it? Whether the company is American, Russian, or Chinese? When you create an account, do you carefully review the terms and conditions? Are you thinking about who is collecting your data, and how your data is being stored? Maybe you should be.

Most apps downloaded to American’s smartphones are owned and operated by U.S. companies. But in recent years, Chinese-owned and operated apps have become increasingly popular, forcing the Trump administration and Congress to start expanding their efforts to protect citizens from having their data exploited by foreign companies.

Earlier this year, the popular gay dating app Grinder became the first case in which the U.S. asserted that foreign control of a social media app could have national security implications. The Chinese company, Beijing Kunlun Tech, bought 60 percent of the app in 2016 and completed the buyout in early 2018. Shortly after, the Committee on Foreign Investment in the United States (CFIUS) shared its concern that Beijing could use the data collected on Grinder to blackmail and influence U.S. officials. Grinder collects data on users’ personal information, location, messages, and HIV status. This concern was enough for the Trump administration and CFIUS to force the company to sell. Beijing Kunlun Tech agreed to sell the app by June 2020.

Now U.S. officials have turned their concern to the hugely popular “Generation Z” app, TikTok, which allows users to make short videos set to music. The app has been downloaded more than 1.2 billion times worldwide, making it the fourth most downloaded non-game app in 2018.

So how did a Chinese-owned app become the most popular social media app in the United States in under a year? In November of 2017, ByteDance, a $75 billion Chinese internet company, bought the popular app Musical.ly. At the time, the app had 60 million users in the U.S. and Europe. Shortly after, ByteDance merged Musical.ly with an app called TikTok, which has since become a cultural phenomenon among tweens and teens around the world. Almost all of TikTok’s content comes from Western countries because the app isn’t available in China. Instead, the company offers another similar app, Douyin, which can be censored by the Chinese government.

Like Grinder, TikTok concerns policymakers because it involves U.S. citizens transferring personal data to a Chinese firm. Data collected from TikTok users, including videos, names, dates of birth, and voluntary biography information, are stored on servers in Virginia and backed up on servers in Singapore. However, TikTok refuses to provide details regarding the app’s artificial intelligence tools, data on videos that have been removed, or their overall policies. Alex Stamos, director of the Stanford Internet Observatory and former security officer at Facebook, points out the main concern with TikTok is the possible leverage the Chinese government has over the companies who can access the stored data. CFIUS has started reviewing TikTok and the Musical.ly deal, but the specific concerns have not been shared because CFIUS reviews are confidential. Shortly after the announcement of the CFIUS investigation, Sen. Marco Rubio tweeted, “Any platform owned by a company in China which collects massive amounts of data on Americans is a potential serious threat to our country.”

Sen. Rubio isn’t the only policymaker that feels strongly about Chinese foreign investment. Congress recently approved the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which reforms the CFIUS process to include reviews of new kinds of investments, including social media. The act emphasizes the vast importance of foreign investment and its value to the U.S. economy but also notes how current changes in national security have increased potential risks.

With the passing of FIRRMA, the U.S. will begin to see more investigations by CFIUS into investments like Grinder and TikTok, and the question of whether the U.S. should accept or evade Chinese foreign direct investment will be asked more frequently. U.S. officials believe that Chinese-owned firms cannot be trusted to protect U.S. citizen’s data from the Chinese government. If Grinder sets a precedent for future investigations under CFIUS, TikTok could suffer a similar fate, and future investment from Chinese firms could be at risk. The death of Chinese foreign direct investment in technology companies could be here sooner than we think.