Yoel RothI’m deeply reluctant to wade into the TikTok ban madness, but: There are some weird edges to the Project Texas stuff that I worry will make TikTok more susceptible, not less, to malign foreign interference.
1/
tlDrewLooking for more context about TikTok and Project Texas? I've turned this thread into a Techdirt guest post (thanks, @mmasnick!) looking at the thorny and counterintuitive national security implications of siloing off US user data:
How Forcing TikTok To Completely Separate Its US Operations Could Actually Undermine National Security
Back in August 2020, the Trump White House issued an executive order purporting to ban TikTok, citing national security concerns. The ban ultimately went nowhere — but not before TikTok and Oracle …
WndlB
Zecharias Zelalem@yoyoel Hope you've been well, great to see you posting!
Doctor Biobrain@yoyoel @mmasnick It’s times like this when I think maybe we need more branches of the federal government.
I’ve already thought we needed a Culture Government led by Trump so all the Culture War MAGA lunatics can screech impotently as the real government gets work done. Maybe we need a Tech Government run by people who actually understand how computers and the internet works.
msgbi Markus Sagebiel
Andrew Couts@mmasnick @yoyoel Great points, thanks for sharing your insights on this! One nagging question I have is, how does storing US user data in the US inherently prevent foreign access? Is just… doesn’t, right? I may have missed how TikTok plans to handle this with Project Texas, but I haven’t heard anyone—besides you touching on it—addressing this specifically.
@infosec_jcp 🐈🃏 done differently
Graham Webster@yoyoel @mmasnick great piece! A question: you mention the Grindr case as an example of a Chinese government strategy to extricate data, yet the Reuters report only notes engineering access in Beijing with unknown transfers. Is there further info about a Chinese gov role or are you making an assumption? (FWIW I think the concern is legit even if it’s just a possibility, but obviously more acute if there’s evidence the possibility has been actualized.)
@gwbstr @mmasnick The short version is, CFIUS are not in the business of explaining the reasons they block transactions or demand divestments, but it's uncommon enough that you can fairly confidently infer that if they do something, there's a reason. More details: https://www.washingtonpost.com/politics/2019/04/03/why-is-us-is-forcing-chinese-company-sell-gay-dating-app-grindr/ and https://www.nytimes.com/2019/03/28/us/politics/grindr-china-national-security.html
That, coupled with Grindr's long-standing and notoriously lax data privacy standards, creates... a lot of risk.
But no, there's no confirmed/known transfers.
@yoyoel @mmasnick thanks for clarifying. I followed pretty closely at the time and thought indeed it was about the risk.
Examples of Chinese government intention to siphon off big piles of data on Americans need not touch on ownership or location of engineers. OPM, Experian, Marriott, etc.
Which is why a focus on nationality of ownership is both reasonable and hilariously blinkered if Chinese intelligence is the adversary of concern.