Naina Bora
Amidst its growing popularity, Tiktok has faced severe backlash from some governments viewing the mobile application as a national security threat. On 6th August 2020, the Trump Administration passed an executive order under the International Emergency Economic Powers Act (“IEEPA”) stating that Tiktok shall be banned within 45 days.
In the aftermath of this, Tiktok filed a lawsuit against the US government claiming that the executive order was politically motivated and unconstitutional because due process was not followed. This article critically examines the executive order and considers the merits of this case.
The International Emergency Economic Powers Act
The first emergency declared under IEEPA was against Iran in 1979. Section 1701 of title 50 of the United States Code which deals with IEEPA states:
“(a) Any authority granted to the President by section 1702 of this title may be exercised to deal with any unusual and extraordinary threat, which has its source in whole or substantial part outside the United States, to the national security, foreign policy, or economy of the United States, if the President declares a national emergency with respect to such threat.
(b) The authorities granted to the President by section 1702 of this title may only be exercised to deal with an unusual and extraordinary threat with respect to which a national emergency has been declared for purposes of this chapter and may not be exercised for any other purpose. Any exercise of such authorities to deal with any new threat shall be based on a new declaration of national emergency which must be with respect to such threat.”
These provisions clearly fail to define what constitutes a national security threat, rendering it extremely easy for Presidents to use the same arbitrarily.
Section 1708 (b) of Title 50 allows the President to impose sanctions if he/she identifies a foreign country engaging in economic or industrial espionage of trade secrets, or proprietary information in cyberspace. Proprietary information, as per the Act includes information that is “not generally known or readily ascertainable through proper means by the public.” Hence, the location data of users that is collected by the application, which is not made available in the public domain, would be covered by the scope of the Act.. In addition to this, Section 1708 (a) requires the President to submit a report to the appropriate congressional committees regarding such espionage. Therefore, this provision does not provide for transparency during the process of imposing sanctions.
The Question of Due Process
Guaranteed under the Fifth Amendment to the US Constitution, due process of law stipulates that governmental actions cannot be arbitrary. This also entails that before an executive order can be issued, the other party should be notified and given an opportunity to engage with the government.
Tiktok has claimed that it was denied an opportunity to prove that there was no threat and that the order was solely based on outdated news articles. In fact, even the Central Intelligence Agency has not found Tiktok to be of any major concern. In addition to the IEEPA order, the Committee on Foreign Investment in the United States (CFIUS) issued an order giving ByteDance 90 days from the date of the order to divest from US operations of Tiktok and destroy the data of US citizens stored by it. Further, it allows the government to access data stored by ByteDance for national security reasons and to ensure compliance until divestment is successful.
Although Tiktok has challenged the IEEPA order, it will be hard for Courts to question a presidential order based on national security concerns. Previously, courts have refused to rule against the government hence giving the president absolute power under the IEEPA. One such case is that of Al Haramain Islamic Foundation v. U.S. Department of Treasury wherein the assets of the charitable organization were frozen without giving it adequate notice and time to respond. This violated the organization’s right owing to non-adherence to due process by the government. However, the Ninth Circuit Court, a federal court of appeals, held in this matter that the Office of Foreign Assets Control, in refusing to reveal their reasons for investigating the organisation and thereby denying it an opportunity to respond to their suspicions, had made a harmless error since it did not affect the outcome of the case.
Criticism of the Order
While looking at the merits of the case, it is important to analyse the executive IEEPA order (“Order”) which was passed.
- The order reads as follows:
“Tiktok automatically captures vast swaths of information from its users, including Internet and other network activity information such as location data and browsing and search histories. This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”
In 2019, the Chinese-owned app, Grindr, was forced to divest since it posed a risk to US national security. Data collected by it included HIV status, sexual identity and location, and their privacy policy stated that this information could be shared with the parent company. One of the major concerns of the government was that this information could be used to blackmail federal agents and employees.
In this regard, Tiktok has repeatedly assured users of its platform in the US that their data is not stored in China and hence, cannot be misused by the Chinese government. The company has also clarified that their application has a “software barrier” that ensures data of US users is stored separately from the other data stored by ByteDance. In addition to this, it is also pertinent to note that the government had already banned federal employees from using the application.
There is absolutely no proof that Tiktok has allowed the Chinese government access to its data. Moreover, the Chinese cyber security law passed in 2016 allows the government to conduct security checks on data stored in China. Since Tiktok stores the data of American citizens in Singapore and the US itself, China will not have access to this data by virtue of the 2016 Chinese law.
Furthermore, Chinese companies don’t always comply with their government’s requests for sharing data since it might affect their business. For instance, the government-owned People’s Bank of China wanted Alibaba and Tencent to share their customer loans data to help them create a national system to record the credit histories of even those without formal records. However, both the companies refused.
Additionally, there is always a risk of data being misused by hacking, and other similar illegitimate means. Kromtech, a security software organisation, discovered that data recorded and stored by an unnamed GPS tracker in the Amazon S3 bucket, used in more than 540,000 vehicles, could be accessed easily. The data included vehicle information such as license plates, passwords of connected accounts, unique number or International Mobile Equipment Identity (IMEI). Verizon too faced a similar data breach wherein multiple gigabytes of user information was made publicly accessible. It was subsequently blamed on a third-party data leak.
- The order further alleges that the app is heavily influenced by the Chinese government. It states that:
“Tiktok also reportedly censors content that the Chinese Communist Party deems politically sensitive, such as content concerning protests in Hong Kong and China’s treatment of Uyghurs and other Muslim minorities. This mobile application may also be used for disinformation campaigns that benefit the Chinese Communist Party, such as when Tiktok videos spread debunked conspiracy theories about the origins of the 2019 Novel Coronavirus.”
Internal documents uncovered by the Guardian in September 2019 revealed that Tiktok moderators were instructed to censor content that the Chinese government would not approve of such as Tibetan Independence. However, a Tiktok statement in May 2020 clarified that those policies were no longer in force.
Regarding the issue of “disinformation”, in April, Tiktok created a feature through which misinformation could be reported, with COVID-19 as a sub-category. Even otherwise, misinformation appears to be a universal problem with almost all social media apps. It is not a valid ground to ban an app. Mark Zuckerberg was under fire when he revealed that Facebook doesn’t fact check political ads. Whatsapp, infamous for spreading fake news, limits the number of times a message can be forwarded to combat misinformation. However, this is not a one-stop solution. Hence, the Order might be more politically motivated than based on a real threat.
Alternatives to Such Executive Orders
In the 2018 landmark case of Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Schrems II case), the European Court of Justice ruled that the data of European citizens can only be transferred to a foreign country if the country ensures a level of data protection equivalent to that provided by the General Data Protection Regulation (GDPR). This case was filed by privacy activist Max Schrems who was concerned about Facebook handling the data of European citizens after the Edward Snowden revelation. His main argument was that this transfer of data violated the European Fundamental right to privacy and data protection. This case proves that there exists a much more pragmatic alternative to banning or ordering the divestment of such apps, which could have been used by the US in order to tackle the issues which can possibly arise in situations like these.
However unlike the GDPR, the US neither has a federal-level general consumer data privacy law nor a data security law. Hence, there is a need for such laws to be made and then implemented. Only then can the US pass legislation similar to the EU which would ensure that their citizens’ data is protected.
Conclusion
An executive order issued under the IEEPA is heavily legally protected and can be issued even without concrete proof of wrongdoing. As a result, the Trump Administration’s arbitrary ban was passed despite lack of evidence that Tiktok data was being misused by the Chinese government. Furthemore, since courts in the past have refused to question such orders of the President, citing concerns over national security, the suit filed by Tiktok is most likely to be unsuccessful. As other alternatives were not explored, divestiture was seen as the only solution to the Tiktok imbroglio. Presently, after negotiations, Oracle and Walmart have been allowed a 20% share of Tiktok by the Administration. However, it needs to be said that Beijing still needs to sign off on this deal, which exacerbates the eventual possibility of uncertainty.
The author is a BBA LLB (Hons.) candidate at GNLU.
NUALS Law Journal 