US Congress Passes Bill to Ban TikTok

Written by

The US Senate has voted on a bill that will either ban TikTok or force its parent company, ByteDance, to forfeit ownership of the social media app.

TikTok skeptics in the US claimed a landslide victory, with 79 senators voting in favor of the bill and 18 against.

The vote occurred on April 24, ten days after the House of Representatives passed the bill, titled Protecting Americans from Foreign Adversary Controlled Applicants Act, by a margin of 360 to 58.

A few hours after the Senate vote, US President Joe Biden signed it.

In a public statement, Biden said, “Congress has passed my legislation to strengthen our national security and send a message to the world about the power of American leadership: We stand resolutely for democracy and freedom and against tyranny and oppression.”

Can ByteDance to Break from TikTok in the US?

The bill grants China-based ByteDance a year to disassociate from TikTok, either by exiting the US market or selling its US business to an entity based in the US or an ally country.

Failure to comply would result in legal prohibitions on app stores, including the Apple App Store and Google Play, from hosting TikTok or providing web hosting services to ByteDance-controlled applications.

At the end of March, Canadian businessman Kevin O’Leary started putting together a syndicate to potentially purchase TikTok.

His starting bid is reported to be between $20bn and $30bn, which would represent a 90% cut in valuation from the company’s last funding round.

According to Jake Moore, a global cybersecurity advisor at cybersecurity firm ESET, such an acquisition is very unlikely.

“TikTok data collection is very similar to other social media platforms such as Facebook or Instagram but the problem with TikTok is not the amount of data collected but who they are potentially sharing it with.

“The chance of it being sold to the US is rather slim, but ByteDance is unlikely to back down without a fight. Even pushing the app underground behind VPN software is a more likely outcome - similar to how some Western apps are accessed in China,” he said.

TikTok’s Ties with Chinese Intelligence Under Scrutiny

The reason why TikTok is so contentious in the US likely stems more from who the app might be sharing its customers’ data with than because of its shortfalls in data privacy protection, Moore argued.

Speaking to Infosecurity, Matthew Hmoud, head of security consulting at Adarma, explained that TikTok's operating model is not unlike many global organizations, with dispersed global teams who share, access, and collaborate on data for the delivery of services.

In a post from 2022, TikTok shared that it had implemented the globally recognized ISO 27001 Certification, and the iOXt alliance certified TikTok for meeting rigorous standards and commitments to cybersecurity, transparency, and privacy.

TikTok believes it has taken all the necessary steps to satisfy the US government’s concerns,” Hmoud said.

It is now routing all US traffic through Oracle cloud infrastructure, is setting up a dedicated US Data Security (USDS) to strengthen and oversee the data protection policies and procedures and is building out a US-based engineering team to reduce the amount of data needed to be shared by its global engineering teams.

Hmoud argued that the US government's main concern originates from its threat intelligence around Chinese policy.

ByteDance to Fight the Bill in Court

Responding to the US Congress passing the bill, Michael Beckerman, TikTok’s head of public policy for the Americas, confirmed that the company will fight the legislation in court.

In a memo viewed by the tech news website The Information, he claimed that the bill violated the First Amendment of the US Constitution, which protects freedom of speech.

“We’ll continue to fight, as this legislation is a clear violation of the First Amendment rights of the 170 million Americans on TikTok,” he wrote.

This article was updated on April 25, 2024, to include US President Joe Biden's signature.

What’s hot on Infosecurity Magazine?