Tik . . . tik . . . boom? On Friday, the US Supreme Court will hear arguments over the fate of the massively popular social media platform TikTok. Last year, Congress passed a law setting a January 19 deadline for the video app’s parent company, Chinese-owned ByteDance, to divest from TikTok or else it would be banned in the United States, due to national security concerns. ByteDance says the law violates First Amendment free speech protections. US President-elect Donald Trump, meanwhile, has asked the court to pause enforcement of the law, and he has indicated support for TikTok.
For more context and to make sense of all the competing arguments, we turned to our experts on China and technology.
Click to jump to an expert analysis:
Graham Brookie: The Supreme Court’s decision will shape global tech competition
Shelly Hahn: To China, algorithms are a national interest
Kenton Thibaut: The US data security problem is bigger than TikTok
Mark Scott: Worries around TikTok’s data collection and security apply to all social media giants
Matt Geraci: US data privacy laws are not up to the task
Samantha Wong: The national security risks will remain whether TikTok is banned or not
Konstantinos Komaitis: A TikTok ban would be a direct attack on the open and global internet
Kitsch Liao: ByteDance’s First Amendment argument is a distraction from its refusal to divest
The Supreme Court’s decision will shape global tech competition
The United States Supreme Court is set to start 2025 with a blockbuster case on a tight timeline with significant domestic tech and geopolitical ramifications.
The law in question in the case of TikTok v. Garland—the Protecting Americans from Foreign Adversary Controlled Applications Act—was passed by Congress in April 2024 with widespread bipartisan support: a 352–65 vote in the House and 79–18 in the Senate. US President Joe Biden signed the bill into law, giving him the authority to force TikTok’s divestiture from its Chinese parent company or be banned from the United States. The Department of Justice set a deadline of January 19—forcing this dramatic showdown. The Supreme Court will proceed in hearing the case on January 10 despite Trump’s request to delay until after his inauguration and the fact that the high court typically defers to its two co-equal branches of government on matters of national security.
The Atlantic Council previously published an in-depth technical analysis of whether the threats of legal control, data access, algorithmic tampering, or broad influence efforts by the Chinese government are unique or singularly focused on TikTok. The threat of legal control proved to be real and ongoing. The other potential risks remain considerable with loopholes not specific to TikTok, such as the sheer amount of Americans’ data for sale on the open market or the litany of US-owned platforms the Chinese Communist Party (CCP) has used to perpetrate influence efforts. Chinese ownership of TikTok is undoubtedly a core strength in its global approach to “discourse power.” The key questions remain whether a Chinese company’s ownership of such a popular social media platform poses unique national security risks to the United States, whether banning such a popular app violates the rights of the company or the app’s US users, and how China may react or force ByteDance to react. Beyond TikTok v. Garland, any outcome will shape global tech competition from the global reach of digital platforms to broader tech governance. If new evidence is surfaced, it will shape both.
—Graham Brookie is the vice president of technology programs and founding director of the Digital Forensic Research Lab at the Atlantic Council.
To China, algorithms are a national interest
The TikTok saga highlights Beijing’s strategy of using private companies to exert influence globally, while restricting foreign companies’ operations within China.
Beijing views algorithms as critical tools to exert national power, with Chinese leader Xi Jinping emphasizing the importance of artificial intelligence in military and economic power competition. As TikTok has gained market clout, the Chinese government has taken a more assertive stance on its technologies, especially content recommendation algorithms. Since 2020, China has implemented measures to protect its technological assets, including adding algorithms to the restricted list of technologies from export in August 2020, and passing the “Export Control Law” in October 2020, which governs the sale of these technologies to foreign buyers. China now strongly opposes any forced sale of TikTok, asserting its legal authority to veto such transactions.
Beijing has railed against the United States’ enforcement actions against TikTok, using abusive and inflammatory rhetoric to paint those actions as a violation of international norms. Chinese officials have called these actions “an act of bullying” (Xinhua editorial), “an abuse of national power” (Ministry of Foreign Affairs Spokeswoman Mao Ning), and “hypocritical and double standards” (Xinhua editorial). They have warned of potential consequences for the global economic order.
That is interesting rhetoric given that Beijing would not allow a US or other foreign company to operate similarly in China. China maintains a restrictive environment for foreign media and technology companies, blocking most foreign social media platforms, search engines, and news outlets. When probed about this disparity, a Ministry of Foreign Affairs spokesperson claimed that “China’s policy on overseas social media is completely incomparable to the US’ attitude towards TikTok . . . as long as foreign media companies comply with the requirements of Chinese laws and regulations, all foreign media platforms and news agencies are welcomed.” In reality, these laws give the CCP firm control over data flows and information within its borders.
Beijing’s robust defense of TikTok and its underlying technology underscores China’s growing confidence in its tech sector and its willingness to challenge what it perceives as unfair treatment in the global marketplace.
—Shelly Hahn is the deputy director of the Atlantic Council’s Global China Hub.
The US data security problem is bigger than TikTok
There is no doubt that People’s Republic of China (PRC) state entities see the value in collecting data on Americans for intelligence purposes. However, the proposed actions on TikTok leave open serious questions on how effectively a ban or divestment would protect Americans’ data from exfiltration.
The Atlantic Council’s Digital Forensic Research Lab previously conducted a technical, policy, and legal analysis of the stated national security risks posed by TikTok. Our research found that TikTok can be said to present a unique risk in terms of its Chinese ownership, in that the PRC’s National Intelligence Law does give the government broad leeway to potentially compel the company to grant it access to TikTok’s data, including on Americans. In addition, even under the circumstances of outside control of TikTok’s data storage, it would be almost impossible to know if Chinese intelligence authorities somehow maintained a backdoor into these data streams.
At the same time, however, we found that TikTok’s data collection practices on Americans are not outside what is commonly practiced by social media companies, including Meta, X, and others. More importantly, the data that TikTok can provide on Americans pales in comparison to what the Chinese government has accessed through both its illegal hacking activities and what is available legally on the open market through US-based third-party data brokers.
In fact, a report from Duke University’s Sanford School of Public Policy found that via data brokers, it is “not difficult to obtain sensitive data about active-duty members of the military, their families, and veterans, including non-public, individually identified, and sensitive data, such as health data, financial data, and information about religious practices,” noting that location data was also available for purchase. A narrow, national-security oriented focus on TikTok to address potential threats to the US data ecosystem risks overlooking much broader security vulnerabilities and thus undermines more effective policy solutions. That is to say, while there is much about TikTok’s data gathering and privacy policy to side-eye, the challenge is far wider than TikTok alone and requires a more wide-ranging policy solution to address.
—Kenton Thibaut is a senior resident China fellow at the Digital Forensic Research Lab of the Atlantic Council’s Technology Programs.
If you’re interested in protecting civil society, you should be concerned about TikTok
The debate surrounding TikTok is about a tool that empowers China to extend its high-tech surveillance state beyond its own borders. While it’s true that other social media platforms engage in similar surveillance, other platforms are not beholden to the government of a foreign adversary.
TikTok’s owner, ByteDance, is a Chinese company. In China, the CCP has absolute control over companies. In China’s authoritarian system, the party is always above the law, but the CCP took the extraordinary step of enshrining this capability into law, likely to make very clear to Chinese companies exactly what they should expect. Article 7 of the National Intelligence Law of 2017 states that “all organizations and citizens shall support, assist, and cooperate with national intelligence efforts,” meaning the government has the right to secretly demand TikTok user data, and the company must share it.
When defending against these allegations, TikTok has insisted that it stores all US user data in the United States, but the company has also acknowledged that nevertheless, China-based employees can still access US user data, and those same employees must obey any and all edicts from the CCP. In fact, thanks to leaked audio from internal meetings, we now know that China-based employees have repeatedly done so. This includes two cases in which a China-based team at TikTok planned to use the app to monitor the location of specific US citizens.
Chinese intelligence services have a well-documented history of harassing and intimidating human rights activists and journalists on US soil. Even if you don’t mind the PRC surveilling you, and even if you don’t care about US-China competition, if you’re interested in protecting civil society, you should be concerned about TikTok.
There is one important caveat, though. As demonstrated in a report from the Atlantic Council’s Digital Forensic Research Lab, foreign adversaries can also buy this data from brokers that rely on US-based companies surveilling their users. In fact, US-based companies have been accused of using targeted surveillance against civil society, as in the cases of Uber and Meta reportedly tracking the location of journalists reporting on their apps. TikTok is just one piece of a broader data security vulnerability perpetuated by US platforms.
—Caroline Costello is a program assistant at the Global China Hub.
Worries around TikTok’s data collection and security apply to all social media giants
Central to concerns around TikTok is how the app collects, stores, and uses information it gathers on users. The fear, according to US officials, is that such data may be weaponized by Beijing, though no evidence of such activity has yet to be proven. Based on a review of TikTok’s privacy policy and external analysis, the social media platform does collect a lot of information on users if they give the company permission. That includes information on individuals’ exact location, their phone numbers and those of their contacts, people’s other social media accounts, and detailed information about individuals’ devices (often used by marketers to target specific demographics).
That may sound creepy. But TikTok’s data collection practices are no different than those of US social media giants, which similarly gather as much information as possible on their users to tailor these firms’ advertising offerings. That also includes in-app web browsers built into the likes of Instagram and X that allow these companies to collect just as much information on people’s web habits—so long as they are surfing the internet from within these social media networks.
So would forcing TikTok off of US app stores make Americans’ data more private and secure? The short answer is no. While US officials have raised concerns about how Americans’ data may be accessed by Chinese government officials via TikTok, such personal information—from people’s phone numbers and home addresses to internet activity to consumer purchasing history—is already available commercially, via so-called domestic data brokers. The outgoing Biden administration tried to tackle that problem with the Protecting Americans’ Data from Foreign Adversaries Act and prohibitions placed on these data brokers from transferring such sensitive data to foreign adversaries like China.
Yet, in reality, the lack of comprehensive federal privacy legislation means that Americans’ data—no matter what eventually happens with the potential TikTok ban or sale—remains significantly more at risk compared to their counterparts in other Western countries. State-based laws, particularly those in California and Virginia, have provided a modest degree of greater control for people in how companies gather and use their personal information. But the removal of TikTok from US app stores, which have similarly set baseline levels of privacy protections for users, will not make Americans’ overall data either more private or more secure.
—Mark Scott is senior resident fellow at the Democracy + Tech Initiative within the Atlantic Council Technology Programs.
US data privacy laws are not up to the task
The absence of common-sense data privacy laws in the United States created an environment that allowed TikTok to become a security risk. Removing TikTok from app stores will not change this. As a 2022 Consumer Reports investigation revealed, TikTok uses many of the same data harvesting techniques employed by companies like Meta and Google for targeting ads. They also concluded that claims by TikTok and others that data is used solely for advertising cannot be verified by consumers or privacy researchers.
The Cambridge Analytica scandal, which involved unauthorized data collection from millions of Facebook users for targeted political ads, remains fresh in the minds of Americans who are skeptical about the stated reasons for removing TikTok. Although the Federal Trade Commission forced new privacy restrictions on Facebook, the scandal has not led to national legislation like the European Union’s General Data Protection Regulation (GDPR) that could be applied to all companies, including TikTok. Despite this, various US states have endeavored to draft their own laws since the scandal. Yet, companies like Meta, Google, and Amazon often attempt to thwart these efforts through lobbying.
Regulatory changes are essential to mitigate data security threats from Beijing. However, US tech companies seem to lack enthusiasm for supporting new data protections, and Congress has struggled to make progress. Nearly all the major US tech companies have been fined for violating the European Union’s GDPR (including Amazon, Google, Meta, and Twitter/X), so clearly this is an area that needs improvement. Companies are not ideal self-regulators. TikTok adds another layer given that it must answer to an authoritarian regime and thus poses even larger risks when allowed to operate in an unregulated environment.
TikTok’s popularity, data collection practices, and Chinese ownership create a unique national security challenge requiring careful consideration. Tech companies should work with the US government to improve data privacy protections, rather than targeting TikTok under the guise of national security while simultaneously perpetuating a harmful regulatory status quo.
—Matt Geraci is an associate director at the Global China Hub.
If TikTok was a tool of Chinese foreign interference, someone forgot to tell China
It’s true that the push for TikTok’s divestment from ByteDance is deeply rooted in fears of Chinese information manipulation. In a March 2024 House Committee on Energy and Commerce report on the forced divestment measure, the committee cited China’s potential use of TikTok to “push misinformation, disinformation, and propaganda on the American public.”
It’s also true that these fears were never substantiated. The CCP’s propaganda strategy—its quest for “discourse power”—has always been premised on the incremental manipulation of information across many different platforms at the same time. The idea that Beijing built a shiny red button to turn TikTok into a tool of mass brainwashing never accorded with reality.
Indeed, so far it appears that only a single fake CCP-adjacent TikTok account sought to influence the 2024 US election. Ironically, far more CCP accounts on other platforms sought to stir resentment about a potential TikTok ban. By contrast, Russia—which has had no unique claim to TikTok—extensively used the service for the purposes of information manipulation. In December 2023, the Digital Forensic Research Lab and the BBC uncovered a massive Russian campaign that used artificial intelligence to instrumentalize more than 12,800 accounts to undermine Ukraine.
Perhaps the CCP was just subtly tweaking the TikTok algorithm to achieve its goals? But this is also unlikely. One of the few available independent studies of TikTok content policy suggests that the platform may have actually reduced the salience of certain hashtags in line with the wishes of US lawmakers. The bizarre nature of some of the material that goes viral on TikTok is explained by the tastes of TikTok’s Millennial- and Gen Z-majority user base, not a global conspiracy. TikTok has repeatedly failed the American people in the realm of transparency and public accountability. So has every US-based social media platform.
—Emerson T. Brooking is director of strategy and resident senior fellow at the Digital Forensic Research Lab.
The national security risks will remain whether TikTok is banned or not
Last February, Biden issued a much-needed executive order limiting the sale of sensitive personal US data or US government-related data to “countries of concern,” including China, to prevent them from “engag[ing] in espionage, influence, kinetic or cyber operations or to identify other potential strategic advantage over the United States.” This is supported by additional legislation, such as the Protecting Americans’ Data from Foreign Adversaries Act of 2024 and the Protecting Americans from Foreign Adversary Controlled Applications Act, both aimed at protecting sensitive US data from being accessed by “foreign adversary nations.”
However, these new measures are not foolproof. The executive order only targets data brokers from “countries of concern,” and the bill doesn’t address data. One way China can easily circumvent these laws is by purchasing data from companies in third-party countries that obtained it through domestic data brokers that sold the data without knowledge of the final recipient or its intended use. Essentially, if TikTok was a US company, China would still be able to purchase personal US data from TikTok through third-country entities.
Furthermore, China could easily access any sensitive, critical data through hacking US infrastructure. China is constantly investing and building up its offensive cyber ecosystem to train Chinese hackers to target and acquire critical US intelligence. Although the ban on TikTok would prevent Chinese firms from easily accessing US data, China has the resources to access this sensitive information illegally and is not afraid to implement these illicit operations if it feels the need to do so.
Ultimately, the TikTok ban addresses only a small aspect of a much larger issue. Even if TikTok were banned or became a US-owned company, the core national security risks would remain. The United States should instead implement broader legislation aimed at strengthening domestic cybersecurity infrastructure and closing any third-party loopholes that could undermine existing protective laws.
—Samantha Wong is a program assistant with the Global China Hub.
A TikTok ban would be a direct attack on the open and global internet
In the conversation about whether the United States should or should not ban TikTok, there is one parameter that no one is mentioning: what will this mean for the internet? The answer is straightforward. If the United States proceeds with banning TikTok, such a move will be nothing short of a direct attack on the open and global internet.
The internet is based on a decentralized architecture, which means that there is no center of control. The value of the open internet is that networks should be able to connect without any restrictions. The internet was not designed so that only specific networks could connect; rather, any network should be able to connect as long as it is willing to abide by certain rules—the internet’s open standards and protocols. Banning TikTok will affect how networks get to interconnect.
At the same time, a potential ban will also affect the internet’s global reach and integrity. The whole idea of the internet is that no entity should inspect or modify packets carried through different networks beyond what might be necessary to route the packet as advertised. This is an expectation that users have no matter where they are in the world, and it will not be met should the ban take effect.
The United States has historically and unequivocally been a strong supporter of the open and global internet. In fact, for more than two decades, the United States has been at the forefront of pushing back at attempts by authoritarian governments to centralize internet control. A TikTok ban will be a setback to all these years of effort and will legitimize the narrative by other authoritarian states that the internet should be subject to government control and management. It will also weaken the United States’ position globally, especially at the United Nations, where conversations about the future of internet governance are currently taking place.
—Konstantinos Komaitis is a resident senior fellow and Global Democracy and Technology lead with the Democracy + Tech Initiative.
ByteDance’s First Amendment argument is a distraction from its refusal to divest
ByteDance has yet to provide a rationale commensurate with freedom of speech or national security regarding why TikTok cannot be a US company without ties to the Chinese Communist party-state. Yet, on January 10, the nation will focus on the US Supreme Court’s hearing for the “TikTok ban,” highlighting First Amendment concerns.
This is a distraction. The government has already successfully argued in court against TikTok on both national security and data collection grounds. ByteDance has sidestepped the national security argument by pointing to the lack of public evidence and argued that TikTok’s data collection practices are the same as those of other platforms. TikTok, however, failed to argue against its intent to endanger US national security, and it’s a point that bears reiterating.
A series of reports from 2019 to 2021 detailed TikTok’s extreme security risks, including that the app allowed remote downloading and execution of binary files, essentially acting like a pre-installed backdoor ready for payload delivery. This sets it apart from other social media platforms and established its intent to harm. A “black hat” hacker would usually have to compromise a target’s devices through phishing or other means before it can achieve what TikTok pre-installed for its users. A Washington, DC court ruling also stressed TikTok’s continued malicious intent to abuse data collected from US citizens, even after the establishment of TikTok US Data Security.
Until TikTok’s cord with the PRC is cut, it will continue to test the waters and find legal and illegal means to endanger US national security, as it clearly possesses both the intent and capability to do so.
The essence of security is to make it harder for an adversary to do you harm. Just because China can obtain US user data through other ways doesn’t mean we should let them do so through TikTok. Deterrence through cost imposition is a foundational concept in international security, and the “cost,” be it through financial means or legal risks should China decide to furnish data through other social media giants operating within the United States, is very real.
—Kitsch Liao is an associate director at the Global China Hub.
Further reading
Wed, Mar 13, 2024
Will the US crack down on TikTok? Six questions (and expert answers) about the bill in Congress.
New Atlanticist By
The US House has just passed a bill to force the Chinese company ByteDance to either divest from TikTok or face a ban in the United States.
Fri, Mar 31, 2023
Banning TikTok alone will not solve the problem of US data security
New Atlanticist By Jonathan Panikoff
TikTok is just a symptom of a much bigger problem involving China-based technology. Here are some steps US policymakers can take now.
Mon, Aug 12, 2024
Tech regulation requires balancing security, privacy, and usability
Fintech Frontlines By
Good policy intentions can lead to unintended consequences when usability, privacy, and security are not balanced—policymakers must think like product designers to avoid these challenges.