The US government on Wednesday passed an executive order (EO) that revokes the previous administration’s order banning TikTok, WeChat, and other Chinese apps and lays out new steps to protect Americans’ sensitive data from foreign adversaries.
The new order, which expands upon the national emergency declared in Executive Order 13873 of May 15, 2019, does not name specific companies, but rather provides a framework for protecting Americans’ data from “foreign adversaries”, namely China.
“The Biden Administration is committed to promoting an open, interoperable, reliable and secure Internet; protecting human rights online and offline; and supporting a vibrant, global digital economy. Certain countries, including the People’s Republic of China (PRC), do not share these values and seek to leverage digital technologies and Americans’ data in ways that present unacceptable national security risks while advancing authoritarian controls and interests.” – US government executive order
This EO comes a week after the US government passed a different executive order expanding the ban on Americans investing in Chinese companies with purported ties to China’s military to cover companies in the surveillance technology sector.
What does the new order propose?
Evaluate threats posed by foreign apps: Alleging that “foreign adversaries” continue to steal US persons’ data and pose “an extraordinary threat to the national security, foreign policy, and economy of the United States,” the new EO directs the Department of Commerce to “use of a criteria-based decision framework and rigorous, evidence-based analysis to address the risks” posed by apps and services that are developed, owned, or controlled by foreign adversaries, namely China.
Criteria for software that may pose an unacceptable risk: In addition to the criteria prescribed in EO 13873, this EO provides the following criteria for consideration when evaluating apps that may pose an unacceptable risk to US national security. The EO states that apps may present a heightened risk if they
- are owned or controlled by persons that support foreign adversary military or intelligence activities
- are owned or controlled by persons who are subject to coercion or cooption by a foreign adversary
- are owned or controlled by persons involved in malicious cyber activities
- are used to conduct surveillance by accessing sensitive or confidential personal, government or business data
- lack of thorough and reliable third-party auditing
- collect sensitive personal data
Take further steps to protect sensitive data: Stating that apps can access and capture vast swaths of information from users, the EO directs the Department of Commerce to consult with other government agencies and “make recommendations to protect against harm from the sale, transfer of, or access to sensitive personal data” to apps owned or controlled by foreign adversaries. The order specifically identifies personal health, genetic information, and large repositories of data as data that must be protected. The Department is also directed to recommend executive and legislative actions to address the risk associated with apps made by or controlled by foreign adversaries.
Evaluate risks on a continuous basis: The Department of Commerce is expected to continually evaluate foreign apps that may harm the “design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services” in the US, pose an unacceptable risk to security or resiliency of the critical infrastructure or digital economy of the US, or pose an unacceptable risk to the national security of the US and its citizens.
Accountability for human rights abuse: The EO states that the US “seeks to promote accountability for persons who engage in serious human rights abuse” and it will impose consequences on such persons if they own or control software applications that engage or facilitate human rights abuses.
What was the previous administration order against TikTok and WeChat?
Last August, the US government signed three orders that banned TikTok, WeChat and other Chinese apps stating that TikTok collects “vast swaths of information from its users” and “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.” Similarly, the order against WeChat said that the app “captures the personal and proprietary information of Chinese nationals visiting the United States, thereby allowing the Chinese Communist Party a mechanism for keeping tabs on Chinese citizens who may be enjoying the benefits of a free society for the first time in their lives.” In their orders, the US government also mentioned the Indian government’s ban on TikTok, WeChat and 57 other Chinese apps over national security concerns.
The orders against TikTok and WeChat were to come into effect on September 20, 2020, but was postponed to September 27. However, on September 28, a US district judge halted the ban. Later in October, another federal judge blocked the government ban. The ban never took effect, and eventually, the current administration asked both the courts to place a hold on proceedings surrounding the ban while it reviews the situation.
In issuing the new EO, a senior administration official said that the previous administration’s actions weren’t “always implemented in the soundest fashion” and the current administration wants to “take a tailored, tough approach here.”