We’ve noted for a while how most of the hyperventilation about TikTok is of the manufactured moral panic variety. We’ve also noted how the folks who’ve been the loudest about TikTok’s privacy and security threats spent decades fighting against competent oversight or privacy legislation, yet now want to pretend that banning a single app somehow fixes the broad problems they themselves created.
With that as backdrop, this week Governor Greg Abbott announced he’s pushing forward with a plan to ban TikTok on all government employee devices. The Texas Governor’s announcement proclaims that TikTok poses a unique threat due to its alleged connection to “Chinese Communist Party members”:
“The security risks associated with the use of TikTok on devices used to conduct the important business of our state must not be underestimated or ignored. Owned by a Chinese company that employs Chinese Communist Party members, TikTok harvests significant amounts of data from a user’s device, including details about a user’s internet activity.”
Here’s the thing. While not quite as dumb as the push to ban TikTok on college campuses (easily avoided by switching from Wi-Fi to cellular), this is kind of silly and performative. There’s no real evidence the Chinese government uses TikTok to influence Americans at scale, and while TikTok has been found to violate privacy in very stupid ways, so has pretty much everymajorcompanydoingbusinessinourbarely regulated data monetization markets across adtech, telecom, and numerous industries.
Abbott’s initiative pretends to address this by also prohibiting WeChat, Alipay, ByteDance, Tencent Holdings, and Russian-owned Kaspersky. The simplistic argument is that by just banning the biggest, clearly foreign-owned companies from devices, you’ve somehow fixed the problem.
But a random student or employee’s phone is absolutely filled with a long parade of dodgy domestic and foreign apps collecting everything from their daily location habits, to detailed online behavior metrics. That data is then feebly “anonymized” (a meaningless term) and access to it is sold to a laundry list of dodgy international adtech companies and data brokers (if your telecom provider hasn’t done so first).
It’s trivial for the Chinese, Russian, or any other government (including our own) to then acquire this data inexpensively, to help them build detailed profiles about Americans daily online habits in granular detail. So again, fixating on a single app doesn’t make any coherent sense. You’ve either got to fix the broader problem with actual policies and solutions, or you’re just making noise.
Republican policymakers in particular have a loud, proud, and not at all subtle history of fighting tooth and nail against privacy legislation for the Internet era, no matter how simple. They’ve also worked tirelessly to ensure privacy enforcers at the FTC lack the funding, authority, or staff to adequately police widespread privacy abuses.
They literally created the policy environment TikTok (and countless other companies, foreign end domestic) exploits. Now they want to pretend that banning a single app somehow fixes the problem they created. They want their cake and eat it too; they want to pretend they’re being “tough on China,” but they don’t want to do things like crack down on U.S. corruption (something clearly and easily exploitable by both Russia and China) or impose any rules that might cost U.S. companies money.
The resulting performance seems designed to distract the public from our multi-decade failure on consumer protection and privacy legislation. And with the occasional fleeting exception, a U.S. press blind to its own patriotic bias seems keen on helping them.
I still argue that policymakers making the most noise about this issue don’t actually care about TikTok’s privacy or national security issues. At all. As Trump’s failed “fix” for TikTok made pretty clear, I believe the end goal is to agitate a xenophobic base and force a sale of TikTok to a U.S. company friendly with the GOP (likely Facebook or Oracle, both with their own long history of privacy abuses), who’ll then immediately turn around and utilize the app to engage in all the same behavior GOP mainstays like Abbott are accusing China of.
Last week, we wrote about the positively ridiculous lawsuit filed by the Seattle Public School district against basically all of social media claiming social media was “a public nuisance.” As we noted, the school district appeared to be wasting taxpayer money, that could have gone to educating their kids, on this lawsuit that screamed out to the public that the school district had totally failed in educating their children how to be good digital citizens, how to use the internet properly, and how to be prepared for living life in the age of the internet.
And, now it appears that the Mesa, Arizona school district has decided to do the same thing. Using the same lawyers. The law offices of Keller Rohrback appears to be trying to carve out this corner of the market as their own: having public school districts waste a shitload of time and resources to publicly proclaim that they can’t prepare the children they’re in charge of educating for the modern internet world.
The Mesa complaint is, not surprisingly, similar to the Seattle complaint. It’s suing the same companies (really: Meta, Google, Snap, Tiktok). Like the Seattle complaint, it argues that social media is a “public nuisance.” Like the Seattle complaint, it says that Section 230 doesn’t protect the companies (it’s wrong). Like the Seattle complaint, it posts a few cherry-picked studies claiming that social media is bad for kids, and ignores more comprehensive studies that argue that opposite. Like the Seattle complaint, it goes hard in proving that Mesa public schools apparently are staffed by administrators and teachers who suck at educating children, and find themselves powerless against… entertainment.
In short, it’s pathetic.
The one main “difference” between the Seattle complaint and the Mesa one is that in Mesa they’ve added a “negligence” claim, saying that social media companies “owe” the school district “a duty not to expose Plaintiff to an unreasonable risk of harm….”
This is all laughably stupid, and not at all how the law works. I mean, it’s possible that the lawyers at Keller Rohrback figure that if they file enough of these lawsuits, eventually they’ll find a judge who lets the moral panic of “social media is bad for kids” overwhelm the actual legal issues, but it’s difficult to see it standing up to any legitimate judicial scrutiny.
Of course, now that we have these two lawsuits, it means it’s almost certain that they’re shopping for similar lawsuits. One hopes that other school districts will reject this nonsense. The whole point of these lawsuits is almost certainly to try to shake down the social media companies to get them to settle, but that seems unlikely.
Either way, if you’re a parent of a student in the Mesa public schools, you should be asking why your school’s administrators seem to be publicly admitting that they can’t teach your children how to deal with the modern internet world.
Insurrectionist sprinter Josh Hawley has joined the growing chorus of GOP politicians who’ve spent years doing jack shit about U.S. consumer privacy abuses, and now want to pretend that banning a single app — TikTok — will protect American consumers from a problem they themselves created.
“TikTok is China’s backdoor into Americans’ lives. It threatens our children’s privacy as well as their mental health,” he said on Twitter. “Now I will introduce legislation to ban it nationwide.”
The problem, as we note every time GOP FCC Commissioner Brendan Carr puts on a similar performance, is that these guys have spent their entire careers fighting against meaningful privacy and security standards, creating the very problem they’re now pretending to address.
They oppose privacy legislation of any kind. They oppose holding companies and executives accountable for privacy abuses. They oppose fighting corruption. They oppose expanding mental health care. And they fight tooth and nail to ensure that privacy regulators at the FTC routinely lack the staff, resources, or authority to police bad actors in adtech/telecom/apps consistently at any scale.
That has resulted in a parade of companies over-collecting consumer data and then selling access to it to any imbecile with a nickel. As such, banning TikTok does nothing. You’ve singled out one company in an ocean of international companies and services all doing effectively the same thing. And the Chinese government can buy all of this data from a rotating crop of dodgy data brokers.
The motivation here isn’t consumer privacy or national security. The Trumpist GOP hasn’t shown itself to be consistent enough politically, ethically, or intellectually to deserve having any of their comments or proposals taken at face value.
I still think the GOP hyperventilation over TikTok is, as most things the modern GOP does, a dumb performance. It agitates a xenophobic base and creates the flimsy impression the GOP is “doing something about China.” And, I’d all but guarantee the GOP-coddling execs at Facebook are working overtime behind the scenes to spread moral panic about a competitor.
But, more realistically I think, this hyperventilation over TikTok nudges the ball toward the GOP’s ultimate goal: forcing the sale of the most popular video app in America to one of their cronyistic BFFs. At which point, said BFFs will engage in all the same (or worse) behavior TikTok’s now engaged in.
Trump clumsily gave this game away a while back when he tried to offload the company to his Republican-allied buddies at Walmart and Oracle. I still think that’s the ultimate goal here. And not because the GOP cares about national security and privacy, but because some rich folks are in their ear drooling over the possibility of owning TikTok’s growing ad revenue.
I just wrote about Utah’s ridiculously silly plans to sue every social media company for being dangerous to children, in which I pointed out that the actual research doesn’t support the underlying argument at all. But I forgot that a few weeks ago, Seattle’s public school district actually filed just such a lawsuit, suing basically every large social media company for being a “public nuisance.” The 91-page complaint is bad. Seattle taxpayers should be furious that their taxes, which are supposed to be paying for educating their children, are, instead, going to lawyers to file a lawsuit so ridiculous that it’s entirely possible the lawyers get sanctioned.
The lawsuit was filed against a variety of entities and subsidiaries, but basically boils down to suing Meta (over Facebook, Instagram), Google (over YouTube), Snapchat, and TikTok. Most of the actual lawsuit reads like any one of the many, many moral panic articles you read about how “social media is bad for you,” with extremely cherry-picked facts that are not actually supported by the data. Indeed, one might argue that the complaint itself, filed by Seattle Public Schools lawyer Gregory Narver and the local Seattle law firm of Keller Rohrback, is chock full of the very sort of misinformation that they so quickly wish to blame the social media companies for spreading.
First: as we’ve detailed, the actual evidence that social media is harming children basically… does not exist. Over and over again studies show a near total lack of evidence. Indeed, as recent studies have shown, the vast majority of children get value from social media. There are plenty of moral paniciky pieces from adults freaked out about what “the kids these days” are doing, but little evidence to support any of it. Indeed, the parents often seem to be driven into a moral panic fury by… misinformation they (the adults) encountered on social media.
The school’s lawsuit reads like one giant aggregation of basically all of these moral panic stories. First, it notes that the kids these days, they use social media a lot. Which, well, duh. But, honestly, when you look at the details it suggests they’re mostly using them for entertainment, meaning that it hearkens back to previous moral panics about every new form of entertainment from books, to TV, to movies, etc. And, even then, none of this even looks that bad? The complaint argues that this chart is “alarming,” but if you asked kids about how much TV they watched a couple decades ago, I’m guessing it would be similar to what is currently noted about YouTube and TikTok (and note that others like Facebook/Instagram don’t seem to get that much use at all according to this chart, but are still being sued):
There’s a whole section claiming to show that “research has confirmed the harmful effects” of social media on youth, but that’s false. It’s literally misinformation. It cherry-picks a few studies, nearly all of which are by a single researcher, and ignores the piles upon piles of research suggesting otherwise. Hell, even the graphic above that it uses to show the “alarming” addition to social media is from Pew Research Center… the organization that just released a massive study about how social media has made life better for teens. Somehow, the Seattle Public Schools forgot to include that one. I wonder why?
Honestly, the best way to think about this lawsuit is that it is the Seattle Public School system publicly admitting that they’re terrible educators. While it’s clear that there are some kids who end up having problems exacerbated by social media, one of the best ways to deal with that is through good education. Teaching kids how to use social media properly, how to be a good digital citizen, how to have better media literacy for things they find on social media… these are all the kinds of things that a good school district builds into its curriculum.
This lawsuit is effectively the Seattle Public School system publicly stating “we’re terrible at our job, we have not prepared your kids for the real world, and therefore, we need to sue the media apps and services they use, because we failed in our job.” It’s not a good look. And, again, if I were a Seattle taxpayer — and especially if I were a Seattle taxpayer with kids in the Seattle public school district — I would be furious.
The complaint repeatedly points out that the various social media platforms have been marketed to kids, which, um, yes? That doesn’t make it against the law. While the lawsuit mentions COPPA, the law designed to protect kids, it’s not making a COPPA claim (which it can’t make anyway). Instead, it’s just a bunch of blind conjectures, leading to a laughably weak “public nuisance” claim.
Pursuant to RCW 7.48.010, an actionable nuisance is defined as, inter alia,
“whatever is injurious to health or indecent or offensive to the senses, or an obstruction to the
free use of property, so as to essentially interfere with the comfortable enjoyment of the life and
property.”
Specifically, a “[n]uisance consists in unlawfully doing an act, or omitting to
perform a duty, which act or omission either annoys, injures or endangers the comfort, repose,
health or safety of others, offends decency . . . or in any way renders other persons insecure in
life, or in the use of property.”
Under Washington law, conduct that substantially and/or unreasonably interferes
with the Plaintiff’s use of its property is a nuisance even if it would otherwise be lawful.
Pursuant to RCW 7.48.130, “[a] public nuisance is one which affects equally the
rights of an entire community or neighborhood, although the extent of the damage may be
unequal.”
Defendants have created a mental health crisis in Seattle Public Schools, injuring
the public health and safety in Plaintiff’s community and interfering with the operations, use, and
enjoyment of the property of Seattle Public Schools
Employees and patrons, including students, of Seattle Public Schools have a right
to be free from conduct that endangers their health and safety. Yet Defendants have engaged in
conduct which endangers or injures the health and safety of the employees and students of
Seattle Public Schools by designing, marketing, and operating their respective social media
platforms for use by students in Seattle Public Schools and in a manner that substantially
interferes with the functions and operations of Seattle Public Schools and impacts the public
health, safety, and welfare of the Seattle Public Schools community
This reads just as any similar moral panic complaint would have read against older technologies. Imagine schools in the 1950s suing television or schools in the 1920s suing radios. Or schools in the 19th century suing book publishers for early pulp novels.
For what it’s worth, the school district also tries (and, frankly, fails) to take on Section 230 head on, claiming that it is “no shield.”
Plaintiff anticipates that Defendants will raise section 230 of the Communications
Decency Act, 47 U.S.C. § 230(c)(1), as a shield for their conduct. But section 230 is no shield for
Defendants’ own acts in designing, marketing, and operating social media platforms that are
harmful to youth.
….
Section 230 does not shield Defendants’ conduct because, among other
considerations: (1) Defendants are liable for their own affirmative conduct in recommending and
promoting harmful content to youth; (2) Defendants are liable for their own actions designing
and marketing their social media platforms in a way that causes harm; (3) Defendants are liable
for the content they create that causes harm; and (4) Defendants are liable for distributing,
delivering, and/or transmitting material that they know or have reason to know is harmful,
unlawful, and/or tortious.
Except that, as we and many others explained in our briefs in the Supreme Court’s Gonzalez case, that’s all nonsense. All of them are still attempting to hold companies liable for the speech of users. None of the actual complaints are about actions by the companies, but rather how they don’t like the fact that the expression of these sites users are (the school district misleadingly claims) harmful to the kids in their schools.
First, Plaintiff is not alleging Defendants are liable for what third-parties have
said on Defendants’ platforms but, rather, for Defendants’ own conduct. As described above,
Defendants affirmatively recommend and promote harmful content to youth, such as proanorexia and eating disorder content. Recommendation and promotion of damaging material is
not a traditional editorial function and seeking to hold Defendants liable for these actions is not
seeking to hold them liable as a publisher or speaker of third party-content.
Yes, but recommending and promoting content is 1st Amendment protected speech. They can’t be sued for that. And, it’s not the “recommendation” that they’re really claiming is harmful, but the speech that is being recommended which (again) is protected by Section 230.
Second, Plaintiff’s claims arise from Defendants’ status as designers and
marketers of dangerous social media platforms that have injured the health, comfort, and repose
of its community. The nature of Defendants’ platforms centers around Defendants’ use of
algorithms and other designs features that encourage users to spend the maximum amount of
time on their platforms—not on particular third party content.
One could just as reasonably argue that the harm actually arises from the Seattle Public School system’s apparently total inability to properly prepare the children in their care for modern communications and entertainment systems. This entire lawsuit seems like the school district foisting the blame for their own failings on a convenient scapegoat.
There’s a lot more nonsense in the lawsuit, but hopefully the court quickly recognizes how ridiculous this is and tosses it out. Of course, if the Supreme Court screws up everything with a bad ruling in the Gonzalez case, well, then this lawsuit should give everyone pretty clear warning of what’s to come: a whole slew of utterly vexatious, frivolous lawsuits against internet websites for any perceived “harm.”
The only real takeaways from this lawsuit should be (1) Seattle parents should be furious, (2) the Seattle Public School system seems to be admitting it’s terrible at preparing children for the real world, and (3) Section 230 remains hugely important in protecting websites against these kinds of frivolous SLAPP suits.
We’ve noted a few times how the political push to ban TikTok is a dumb performance designed to do several things, none of which have to do anything with consumer privacy and security. We’ve also noted how college bans of TikTok are a dumb extension of that dumb performance, and don’t accomplish anything of meaningful significance.
It took a little while, but the press and some schools appear to finally be figuring this out.
The Washington Post, for example, penned a piece last Friday highlighting how the evidence justifying banning TikTok on college campuses is largely nonexistent. There’s no evidence that China is using TikTok for influence at any scale, and TikTok’s just one of thousands of international companies and services exploiting our consistent lack of meaningful privacy oversight in the U.S.
Then there’s the problem of the ban literally not doing much. For most students, bypassing such bans is as simple as switching their phone from Wi-Fi to cellular:
But Gamble’s students quickly figured out that they could still scroll TikTok all they wanted just by hopping onto their phones’ data plans. “They’re rolling their eyes, basically,” she said. “I had a couple students who were like, ‘What? I didn’t know it was banned. I’ve been on it all day.’”
Academics also note how the bans are counterproductive to education, especially if you’re a media studies professor. They’re also quick to point out that such bans run counter to many of the values Americans profess to hold about open markets and free expression:
“This is the U.S. adopting a Chinese attitude toward the internet: We’re going to block things we don’t want you to see because everything’s a national security threat,” said Milton Mueller, a Georgia Institute of Technology professor and co-founder of the Internet Governance Project. “It’s really a dangerous attitude — not just for American values of free expression but for this whole idea of an open and interconnected internet.”
Some universities, like the University of Oklahoma, have also started to figure out that these bans are a zero-calorie performance by unserious people, as highlighted by Karl Herchenroeder at Communications Daily.
It’s nice to see WAPO figure this out, but in general overall press coverage of TikTok has been terrible. Claims of dangers are repeated un-skeptically to feed this moral panic for clicks, while allowing the GOP — a party with a forty-year track record of opposing privacy legislation and competent regulatory oversight — to pretend this is about consumer privacy and national security.
So what is actually motivating the GOP to ban TikTok?
One, the bans are generally designed to agitate a xenophobic base and give the impression the GOP is “doing something about China.” But the party that couldn’t care less about rampant corruption or privacy violations isn’t doing much of anything meaningful to thwart China. In fact, letting adtech, telecom, and app companies run rampant with little oversight runs contrary to any such goal.
Two, the bans distract the public and press from our ongoing failure on consumer privacy and security issues. Banning TikTok, but doing nothing about the accountability optional free for all that is the adtech and data-hoovering space, doesn’t actually fix anything. China can just obtain the same data from a universe of other international companies facing little real oversight on data collection.
Three, the ban is really just about money. Trump gave the game away with his proposal that TikTok be chopped up and sold to Oracle and Walmart. That cronyistic deal fell through, but it’s pretty clear that this moral panic is designed to either help TikTok’s competitors (Facebook lobbyists are very active on this front), or force the sale of the most popular app in modern history to GOP-allies. At which point they’ll engage in all the surveillance and influence efforts they pretend to be mad about.
Most of this really comes down to folks seeing the immense money being made by the most popular app in America, and wanting that money for themselves. They’ve successfully exploited national security concerns to make inroads toward this goal, and I’d suspect they’re only getting warmed up. Usually with the help of “both sides” press coverage that has a hard time differentiating performance from adult policy.
For decades, U.S. policymakers have utterly refused to support any meaningful privacy protections for consumers. They opposed any new Internet privacy laws, however straightforward. They opposed privacy rules for broadband ISPs. They also fought tooth and nail to ensure the nation’s top privacy enforcement agency, the FTC, lacked the authority, staff, funds, or resources to actually do its job.
This greed-centric apathy created a wild west data monetization industry across telecom, app makers, hardware vendors, and data brokers that sees little real accountability, in turn resulting in just an endless parade of scams, hacks, breaches, and other privacy and security violations. You can’t go a week without a major company falling flat on its face on this front.
The same policymakers that created this environment are now freaking out because one app and one app only, TikTok, has taken full advantage of the lax privacy and security environment these policymakers directly created.
Hyperventilating about TikTok has become one of the GOP’s policies du jour, gifting a rotating crop of performative GOP politicians (like the FCC’s Brendan Carr) repeated TV appearances. Last month, Texas Governor Greg Abbott sent out a missive to state leaders urging state organizations to ban the app, claiming the dastardly Chinese might use it to spy on or turn your kids into communists.
So for one, students will simply have to turn off Wi-Fi and use cellular to access TikTok. There are probably also going to be other technical workarounds to get around the ban, depending on how sloppily it’s implemented. There’s also little evidence to suggest TikTok poses an exceptional threat to UT Austin’s network beyond that of numerous, allowed international apps and services, making this all kind of dumb and annoying.
Again, TikTok’s potential privacy risks are only one symptom of a much bigger problem: our failure to implement any meaningful privacy standards or oversight of the multiple, international, data-hoovering industries that over-collect sensitive user data then monetize the hell out of it. And we don’t do anything about this because for decades our top priority has been to make money. At any cost.
So yes, you’ve banned TikTok at the workplace or campus, congratulations. The problem: your students’ and employees’ phones are still filled with numerous apps, many of them (gasp) of dubious international origin, that are hoovering up and monetizing vast troves of sensitive financial, browsing, location, and other datasets, then doing a comically terrible job securing that data or making it truly anonymous.
So again, at the risk of being redundant, fixating exclusively on TikTok is stupid and myopic. Banning TikTok, but doing absolutely nothing to address the underlying problem that created TikTok’s potential abuse of user data, is a dumb performance. And it’s generally been a dumb performance by policymakers (like Abbott) with a long track record of not actually caring about consumer privacy and security.
The modern GOP (and a sizeable chunk of the DNC) doesn’t want privacy laws, even competently crafted ones. They don’t want oversight of companies that traffic in sensitive user data. They don’t want accountability for executives whose companies routinely fail to secure that data. And they don’t want competent, fully staffed and funded privacy regulators with the authority to do anything about any of this.
What do they want? Money and power, silly. They want to agitate a xenophobic base and pretend they’re doing something meaningful about China. But more likely, they want to force Bytedance to ultimately offload TikTok to GOP-friendly U.S. business friends (say Oracle, Walmart or Facebook). And they want to do it while the press un-skeptically portrays them as serious privacy reformers.
Pretending that you’re actually fixing the world’s privacy and national security issues by banning TikTok is just so very hot right now. Numerous states have passed new rules banning TikTok on government employee devices. And Marco Rubio has proposed a federal law that would ban TikTok unless ByteDance is willing to sell the popular app to an American company (presumably GOP-aligned Oracle).
Joining the festivities is University of Oklahoma, which this week announced its own ban of TikTok on any and all campus devices and networks. The university vaguely waves in the direction of “ongoing national and cybersecurity concerns with the TikTok application,” but doesn’t actually explain what the ban is supposed to accomplish:
In compliance with the Governor’s Executive Order 2022-33, effective immediately, no University employee or student shall access the TikTok application or website on University-owned or operated devices, including OU wired and wireless networks. As a result of the Executive Order, access to the TikTok platform will be blocked and cannot be accessed from the campus network. University-administered TikTok accounts must be deleted and alternate social media platforms utilized in their place.
As with the other bans, this is mostly a dumb performance by people who don’t actually care about user privacy. The app will continue to be used on employee and student personal phones, meaning nothing actually changes outside of the fact that students and employees won’t be able to access the site when connected to campus Wi-Fi. The net gain of such a ban is fairly negligible.
Yes, there have been concerns about TikTok and ByteDance sharing user data with the Chinese government. But singularly focusing on TikTok as the root of all evil in a reality where most peoples’ phones are jam-packed with services and apps from around the world that are every bit as privacy intrusive as TikTok.
The last five years have shown there’s simply no limit of app-makers, telecoms, hardware companies, services, and data brokers that hoover up every last bit of data from your phone, from how many milliseconds you spent on a website, to the exact route you take to work each morning.
Those companies then routinely do a terrible job securing that data, often hiding under the false claim that “anonymizing” it (a meaningless term) magically protects your identity from any shenanigans. As such, it’s pretty easy for the Chinese government (or any other government) to buy access to vast troves of data to build detailed profiles on American consumers, even if you ban TikTok.
Which is why singularly focusing on TikTok alone is so stupid. Most of the Republicans suffering embolisms about TikTok have opposed absolutely any guardrails on consumer data collection and monetization. They’ve opposed even a basic new privacy law for the Internet era. They oppose staffing and funding FTC privacy regulators. They oppose accountability of any kind for most executives.
These policymakers literally created the zero accountability environment that allows TikTok (and everybody else) to violate consumer trust. Banning only TikTok doesn’t fix it. Forcing TikTok to partner with Oracle (a company with its own dodgy history of privacy abuses) doesn’t fix it. Forcing students to browse TikTok on private cellular networks (where consumer tracking is also rampant) doesn’t fix it.
I’d go so far as to argue these bans aren’t even about protecting consumers from TikTok privacy abuses. It’s mostly about pretending to a xenophobic GOP base that the GOP is being “tough on China.” While simultaneously laying the groundwork to force ByteDance to sell TikTok to some GOP-allied company, likely Facebook, Oracle, or Walmart (recall this was Trump’s cronyistic plan all along).
Because let’s be honest: most of these folks are perfectly fine with rampant privacy abuses as long as it’s U.S. companies profiting off of it and the US government doing the surveillance. Actual consumer privacy doesn’t really enter into it.
Yet when I read mainstream media coverage of these TikTok bans, absolutely none of this context is even mentioned. At no point are readers informed that this is just a bad faith performance. If U.S. policymakers actually cared about privacy, we’d properly fund the FTC. We’d pass a privacy law. We’d embrace real penalties for companies and executives that fail to secure user data.
We’re not doing any of that. Instead, GOP policymakers (like FCC Commissioner Brendan Carr) are putting on a zero-calorie performance for cable news, declaring mission accomplished with a dumb, constipated look on their face.
Back in June we wrote about a blockbuster article in Buzzfeed by Emily Baker-White detailing how ByteDance engineers in China were still accessing data on US TikTok users. That was notable, given that ByteDance had signed this big deal with Oracle, while former President Trump held a proverbial gun to its head, to try to separate out its US data and keep it separate. It’s also still not entirely clear what Oracle is really doing with regards to TikTok, as each announcement seems less and less informative.
Either way, in October, we again wrote about another story by Baker-White, now at Forbes, talking about how ByteDance appeared to use TikTok data to try to spy on certain US citizens, though the details were vague. As we said at the time, this seemed like the sort of thing that should spur people to pass a comprehensive federal privacy law, not that that’s happened. Instead, we’ve just been getting more and more performative nonsense focused exclusively on TikTok, rather than on the underlying problem.
Now, Baker-White has the third piece in this trilogy that ties them all together. Apparently one of the US citizens ByteDance was trying to spy on… was Baker-White herself, and it was because of the original Buzzfeed article, as the company sought to track down how the initial info was leaked. It’s quite a story and you should read the whole thing, though here’s just a snippet.
According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of storiesexposing the company’s ongoing links to China. As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.
“I was deeply disappointed when I was notified of the situation… and I’m sure you feel the same,” Liang wrote in an internal email shared with Forbes. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals. … I believe this situation will serve as a lesson to us all.”
That is to say, it’s unfortunate, but true, that tech companies have a bit of a history attacking critical journalists, and abusing their own access to data to do so. It’s very, very bad, and it should not be allowed, but (once again), it’s not unique to TikTok, nor will any solution focused solely on TikTok do anything to “solve” this issue.
It is certainly yet another frightening example, though, and it remains ridiculous that this is how any company responds to a little critical press coverage. Tech execs need to realize that the press covers them critically. It’s how things work.
For several years we’ve noted how most of the calls to ban TikTok are bad faith bullshit made by a rotating crop of characters that not only couldn’t care less about consumer privacy, but are directly responsible for the privacy oversight vacuum TikTok (and everybody else) exploits.
The Act (pdf), according to the two lawmakers, vaguely attempts to “block and prohibit all transactions from any social media company in, or under the influence of, China, Russia, and several other foreign countries of concern.” It comes on the heels of numerous state bills attempting to ban state government employees from using TikTok on their personal devices.
Rubio’s new federal bill attempts to leverage the authority of the International Emergency Economic Powers Act (IEEA) to ban TikTok from operating domestically here in the States, despite the fact that judges have ruled several times now that the IEAA doesn’t include such authority. Violating the act would result in criminal penalties of up to a $1 million fine and 20 years in prison.
Rubio trots out the now familiar argument that we simply must ban the hugely popular social media app because the Chinese could use it to propagandize children or spy on Americans:
“The federal government has yet to take a single meaningful action to protect American users from the threat of TikTok. This isn’t about creative videos — this is about an app that is collecting data on tens of millions of American children and adults every day. We know it’s used to manipulate feeds and influence elections. We know it answers to the People’s Republic of China. There is no more time to waste on meaningless negotiations with a CCP-puppet company. It is time to ban Beijing-controlled TikTok for good.”
So there are always two underlying claims when it comes to justifying a ban on TikTok. One, that the Chinese could use the app to propagandize children, of which there’s been zero meaningful evidence of at any coordinated scale. The other, more valid but overstated concern, is that TikTok-owner ByteDance will simply funnel U.S. consumer data to the Chinese government for ambiguous surveillance purposes.
Here’s the thing though: for decades the GOP (and more than a few Democrats) have worked tirelessly to erode FTC privacy enforcement authority and funding, while fighting tooth and nail against absolutely any meaningful privacy legislation for the Internet era. That opened the door for countless app makers, data brokers, telecoms, and bad actors from all over the world (including TikTok) to repeatedly abuse this accountability and oversight free for all.
For years, all you had to do to dodge any scrutiny was claim that the data you’re collecting is “anonymized,” a gibberish term with absolutely no meaning. Most anonymized users can be easily identified with just a smattering of additional datasets, allowing companies all around the globe to build detailed profiles of nearly every aspect of consumer behavior, from shopping and browsing habits to real-world movement and behavior patterns. Not even your health or mental health data is safe, really.
Bluntly, it’s because we spent two decades prioritizing making money over consumer safety or market health. The check is long overdue, and you see the impact every time you turn around in the form of another hack, breach, or privacy scandal.
Of course, this free for all was abused by foreign governments. It was never a question that corruption and a lack of market oversight would be exploited by foreign governments. If you actually care about national security, holding all companies and data brokers accountable for privacy abuses should be your priority. A basic, helpful, well-written privacy law should be your priority. A working, staffed, properly funded FTC should be your priority.
The GOP (and several Democrats) aren’t doing that because U.S. companies might lose some money. Instead, they’re pretending that banning a single app somehow fixes the entirety of a much bigger problem. A problem they genuinely helped create by opposing pretty much any meaningful oversight for any data-hoovering operation, provided they pinky swore they weren’t doing anything dodgy with it.
As we’ve noted several times now, you could ban TikTok immediately and the Chinese government could simply buy this (and more) data from a rotating crop of dodgy data brokers and assorted middlemen. As such, banning TikTok doesn’t actually fix any of the problems here, no matter how many times FCC Commissioner Brendan Carr claims otherwise on the TV.
You can also ban TikTok if you genuinely think it helps, but if you’re not doing the other stuff, you’re not actually doing anything. Another TikTok will simply spring up in its place because you haven’t done anything about the underlying conditions that opened the door to U.S. consumer data abuse by foreign governments. In any way. You’ve just put on a dumb play.
If you’re genuinely concerned about national security and privacy, you’d take the time to actually study the bigger problem. Vaguely pretending you’re standing up to the dastardly Chinese helps agitate and excite an often xenophobic GOP base, but what you’re actually doing is comprised of little more than some hand waving and a few farts unless you take meaningful, broader action.
I tend to think the real motivation here is actually just the usual: money. The GOP wants to force ByteDance to offload TikTok to an American billionaire of its choice. If you recall, Trump’s big “solution” for the “TikTok problem” was to sell the entire app to his buddies over at Walmart and Oracle, the latter with a long track record of its own various privacy abuses.
I’d wager this entire performance about TikTok is the lobbying off-gassing of some company that either doesn’t want to compete with TikTok directly (Facebook lobbyists can often be found trying to cause DC moral panics around TikTok), or some company or companies that hope to leverage phony privacy concerns to force ByteDance to sell them one of the most popular apps in tech history.
This is context you’ll find largely omitted from most press coverage of the story. Instead, you can watch as most press outlets unquestioningly frame politicians with an abysmal track record on consumer privacy (Brendan Carr or Marsha Blackburn quickly come to mind) as good faith champions of consumer privacy, despite the documented fact they’re directly responsible for the problem they’re pretending to fix.
For decades, U.S. politicians leaders utterly refused to support most meaningful privacy protections for consumers. They opposed any nationwide privacy law, however straightforward. They opposed privacy rules for broadband ISPs. They also fought tooth and nail to ensure the nation’s top privacy enforcement agency, the FTC, lacked the authority, staff, funds, or resources to actually do its job.
This greed-centric apathy created a wild west data monetization industry across telecom, app makers, hardware vendors, and data brokers that sees little real accountability, in turn resulting in just an endless parade of scams, hacks, breaches, and other privacy and security violations.
Those same policymakers are now freaking out because one app and one app only, TikTok, has taken full advantage of the lax privacy and security environment these policymakers directly created.
Hyperventilating about TikTok has become one of the GOP’s policies du jour, gifting a rotating crop of performative GOP politicians (like the FCC’s Brendan Carr) repeated TV appearances.
Not to be outdone, Texas Governor Greg Abbott has announced he’s working on a similar ban. In a letter to state lawmakers, Abbott lamented the potential privacy violation TikTok represents:
“TikTok harvests vast amounts of data from its users’ devices—including when, where, and how they conduct Internet activity—and offers this trove of potentially sensitive information to the Chinese government.”
Here’s the thing these grandstanding politicians either don’t understand or are ignoring: nearly every app, service, and device in your home is hoovering up just an endless trove of information on your every waking moment, from when you wake up in the morning, to which path you took to work, then selling that poorly protected data to absolutely any nitwit (including governments) for a nickel.
In this reality, fixating exclusively on TikTok is both dumb and performative. Yeah, TikTok probably shouldn’t be on government employee phones. That said, neither should dozens if not hundreds of other apps and services repeatedly found to be over-collecting and poorly securing user data. The delusion that you’re safe simply if the app isn’t Chinese is just toddler thinking.
These policymakers have created such an unaccountable dumpster fire, you could ban TikTok today and the Chinese government could simply turn around, and in a matter of hours, buy most if not more of the same sensitive user data from a rotating crop of data brokers. Brokers who increasingly face only the lightest of occasional wrist slaps for the overcollection and oversharing of user data, something that’s become exponentially more problematic post-Dobbs.
Actually fixing this problem requires properly funding and staffing privacy regulators. It requires passing a baseline nationwide privacy law for the Internet era. It requires holding companies (and executives personally) meaningfully accountable for lax security and privacy standards.
We, of course, don’t want to actually do that, because actually caring about privacy, security, consumer empowerment, and market health would cost numerous U.S. companies billions of dollars annually. So instead we’ve embraced silly performances, such as singularly freaking out about a single app in a sea of problematic apps, devices, hardware, and services.
What’s dressed up to resemble a good faith concern about national security and privacy is really just a distraction from our longstanding failures on consumer protection, privacy/security standards, and accountability.
Again it’s your right to singularly hyperventilate about TikTok as the root of all evil, and TikTok absolutely has been caught doing sleazy things. But if you’re focusing on TikTok and TikTok only, completely oblivious as to how our repeated abandonment of privacy and accountability created the problem, you’re just flapping your arms around and making noise for the camera.
