Congress is just touching the TikTok tip of the Chinese espionage iceberg

Opinion

From Elaine Dezenski And Joshua Birenbaum

Senate Republican leader Mitch McConnell this week called on the chamber to adopt the bipartisan bill that the House overwhelmingly passed last month requiring Chinese company ByteDance to sell its shares in the popular social media app Sell ​​TikTok, otherwise there is a risk of a ban on TikTok operations in the United States.

This is an important first step in addressing TikTok's known surveillance risk, but leaves most of China's intelligence apparatus untouched.

As the Senate begins consideration of the bill, it has an opportunity to address the widespread threat posed by China's weaponization of its high-tech private sector.

Under Chinese law, particularly the National Intelligence Law, all private Chinese companies and individuals must hand over any data they collect to the government upon request.

The law states: “All organizations and citizens must support, support and cooperate with national intelligence efforts.”

“National intelligence efforts” could be anything that, as the bill makes clear, involves information relevant to the “interests of the People’s Republic of China.”

Chinese President Xi Jinping has left no doubt that technology sector data meets this criterion and is considered relevant to the interests of the People's Republic of China.

More than a decade ago, shortly after taking office as president, he declared: “The vast data ocean, like oil resources during industrialization, holds immense productive power and opportunity.” Whoever controls big data technologies will have the resources for development control and have the upper hand.”

The TikTok bill would therefore pose a significant and very real risk to American data and privacy.

Given the legal framework, it is likely that the Chinese Communist Party is seeking and receiving data from TikTok.

But the problem is much bigger than just TikTok.

Like the risks posed by Huawei's 5G network and Chinese cargo cranes, any Chinese company collecting information on Americans poses a major problem.

In fact, it's a problem not just in America but all over the world.

Chinese companies collect data in Canada, Europe and Latin America; near U.S. military bases abroad and international ports; online and on site; and across personal, governmental and commercial interests.

Given the international risk, America and its allies need a unified approach to prevent Chinese multinational companies from undermining our shared security.

Together, we must take a comprehensive view of the significant surveillance gap that exists across a wide range of Chinese companies on our shores.

Beijing's bold public statement that it will legally require its private companies to share sensitive and private data collected abroad poses a global threat and requires a global solution.

We need to understand data comprehensively.

This is not just information gained from social media profiles, locations and preferences.

A huge number of mainstream brands are Chinese-owned; They make items that can collect personal or confidential information – such as Volvo cars, Lenovo computers and Lexmark printers.

That doesn't mean we know that these or other companies are sharing data with the CCP, but that's exactly the point: we don't know What Private American information reaches China.

This lack of information security is a critical national security concern.

Congress is aware of this threat.

But we can't tackle TikTok alone and stop there.

We need a comprehensive registration requirement for all Chinese-owned companies that operate in the United States or impact U.S. assets abroad.

Chinese companies should be required to disclose the scope and scope of the data they collect and the steps they take to protect that data from the Chinese government.

This information should be verifiable and subject to audit and oversight.

Chinese-owned multinational companies should also disclose any requests they receive from Beijing for information.

Companies that do not or cannot comply with the regulations should be barred from operating on U.S. soil and conducting business with U.S. public and private entities.

At the same time, we should encourage our allies to follow a similar pattern.

This approach is not intended to single out China, but we must recognize that China has enacted and is now living by a uniquely dangerous law that poses a concrete surveillance threat to U.S. national security.

There is an urgent need to improve our knowledge of information gathering in China by corporate actors.

Improving transparency around Chinese surveillance is a prudent and measured response to the aggressive use of private espionage.

Congress cannot adequately address this risk for each individual Chinese company.

We need a more comprehensive approach that takes into account the full extent of the threat.

The Chinese Communist Party seeks to control Chinese citizens through a vast surveillance network.

If we don't take significant steps to protect our data, the CCP will inevitably try to control us too.

Elaine Dezenski, senior director and director of the Center on Economic and Financial Power at the Foundation for Defense of Democracies, served as acting and deputy undersecretary for policy at the U.S. Department of Homeland Security. Joshua Birenbaum is the center's deputy director.