Millions of young Americans were sent into a panic last weekend after President Donald Trump told reporters that he was “banning” TikTok from the United States. White House officials had already been discussing action against the social media platform and other Chinese-owned apps over concerns they pose a risk to national security. But as is typical for Trump, it’s not exactly clear what, if anything, will happen next. On Sunday, Microsoft released a statement saying it had spoken with the president and would continue discussions about buying TikTok from its parent company, ByteDance, by September 15. For now, TikTok is still available in the US.
The episode is just the latest flare-up in the ongoing deterioration of relations between the US and China. Whether TikTok is sold or banned, the underlying security concerns it raises—about privacy, espionage, foreign manipulation and propaganda, human rights and civil liberties—are going to remain. In that respect, the drama unfolding around TikTok risks overshadowing larger questions about the future of the world’s two biggest superpowers. “I just think the notion that TikTok is the big issue in US–China relations is silliness, and I think it distracts from very important issues,” says Graham Webster, the editor in chief of the DigiChina Project, a collaboration between Stanford University and New America.
One of the biggest worries about TikTok is whether the Chinese government could compel ByteDance to hand over user data on Americans. TikTok has repeatedly said it wouldn’t share information with the Communist Party even if asked, but the possibility can’t be dismissed. At the same time, focusing on TikTok alone ignores a perhaps even more troubling reality: The United States doesn’t have robust data protection rules in place for any company. “Countries around the world are working on that type of regime, and the US is frankly not,” says Webster. After Facebook’s Cambridge Analytica scandal, Congress briefly appeared interested in passing federal privacy legislation, but that effort seems to have stalled. It shouldn’t have: As more Americans work and socialize online, they’re creating even more personal data. Already, the US government says Chinese hackers have pilfered poorly protected information from a number of American institutions, including government agencies and a major credit bureau.
Another concern is whether the Chinese government could turn TikTok into a vector for propaganda. Not that they need a locally owned app to do that: The Chinese Communist Party has already been accused of launching disinformation campaigns on Facebook and Twitter targeting pro-democracy activists in Hong Kong. But because the algorithms powering TikTok are still largely opaque and its parent company is in Beijing, the fear is that US officials wouldn’t catch state-sponsored manipulation until it was too late, as was the case when the Russian government interfered in the 2016 presidential election. Social media companies also haven’t historically been eager to grant outside researchers or observers access to their technologies. TikTok has announced it is opening a transparency center in Los Angeles, where experts can see in person how it moderates content. And on Monday, the company said it was making it easier for users to report election misinformation and will expand partnerships with fact-checking organizations.
TikTok has over 100 million users in the US, but there are much larger, and potentially more serious, targets for foreign adversaries in the country. That includes the industrial infrastructure powering electric grids and water systems, for example, and experts say those areas could use the same kind of attention now being paid to a single app. “Industrial control systems is where you will see the most sophisticated, well-financed nation-state attacks first,” says Monta Elkins, “hacker in chief” at the security firm FoxGuard Solutions and an instructor at the SANS Institute. Elkins says there’s a shortage of professionals trained to work in industrial control systems and that some of the equipment is decades old. “Right now, we don’t run antivirus on these machines. They’re computers running software that might be vulnerable,” he says.