Europe's TikTok Debate Can Learn from the US
National security debates about TikTok are now growing in Europe. The debate can learn from the US conversation — and its failures.
The UK government is banning TikTok from government mobile phones. Now, TikTok is reportedly pitching what it calls “Project Clover” in the UK and elsewhere in Europe to assuage national security concerns. This name is a play on “Project Texas,” TikTok’s name for its steps taken to address national security concerns in the US, based on years of negotiations with the Committee on Foreign Investment in the United States (CFIUS). Importantly, Europe’s growing national security debates on TikTok can learn from the US conversation — and its failures. Brought to you by Global Cyber Strategies, a Washington, DC-based research and advisory firm.
The One-Liner
European debates on TikTok should learn from the US TikTok debate, which has suffered, among other things, from policymakers, politicians, pundits, and the media at least initially failing to define the problem; failing to clearly delineate between distinct security risks; failing to give cost-benefit context on security risks; and incorrectly treating “risk” as a binary.
US Lessons for Europe’s Growing TikTok Debate
About a month ago, the European Commission — part of the European Union executive — banned TikTok use on staff devices. Government spokespeople had some issues with clearly articulating their reasoning, although the motive was evidently concern about the Chinese government’s potential access to data on European Commission staff devices, via TikTok and its Chinese parent company ByteDance.
Now, UK Cabinet Office Secretary of State Oliver Dowden told the British Parliament that its ban on government TikTok use was a “precautionary move.” He continued:
Given the particular risk around government devices, which may contain sensitive information, it is both prudent and proportionate to restrict the use of certain apps, particularly when it comes to apps where a large amount of data can be stored and accessed.
Europe’s TikTok debate can learn several lessons from the US conversation over the past several years. This list draws in part on a Lawfare article I wrote in December 2020 — essentially all of which is still relevant. Among others:
Define the problem. The Trump administration did not (and, often, could not) clearly articulate its reasoning for attempting to ban TikTok in August 2020, especially in public comments. The administration also frequently blurred the lines between economic and national security actions, including beyond TikTok. For instance, former President Trump said in 2019 that he might lift restrictions on Huawei — the Chinese telecommunications firm that did indeed present national security risks to the US — in exchange for concessions in a trade deal. In the TikTok case, this blurring raised further questions about what problem(s) the White House was purportedly trying to address. Was it about national security, or was it about trade and economic competition? The US debate around TikTok has now more clearly arrived at a set of problems (mainly, that TikTok could be a data-gathering vector and/or a content manipulation vector for Beijing), although some politicians still fail to clearly define their problem statement about the app.
Delineate between distinct security risks. Collecting data on government employees is different than collecting data on non-government employees, which is different than manipulating content moderation practices or policies, and so on. Not all risks associated with TikTok are the same. Not all risks associated with other apps are the same. This matters because policymakers and politicians do not sound coherent if they cannot distinguish between completely different kinds of technological security risks. It also matters because the risk in question might change the response: for instance, in the US, a fitting response to concerns about data collection on government employees is to prohibit TikTok use on government devices (which Congress imposed in December 2022). Concerns about data-gathering on the US population writ large, by contrast, are what have spurred ongoing debates about prohibiting TikTok use in the US altogether.
Give cost-benefit context on the risks. Policy is not made in a vacuum, and taking action to restrict the use of a tech company, product, or service in a country comes with all kinds of questions about cybersecurity, privacy, executive power, citizens’ access to data or information, and more. Too many US debates about TikTok focus just on purported national security concerns and do not also include a conversation about the tradeoffs associated with restrictions on TikTok. There has (thankfully) been more conversation over the last few months about the costs and benefits of different approaches. Even then, however, many pundits and media outlets skip past the questions of law and policy — such as, in the US case, whether the executive can actually block the import and export of information (based on current International Emergency Economic Powers Act limitations, as upheld in lawsuits against the Trump administration’s TikTok ban, it cannot).
Don’t treat “risk” as a binary. This is a serious, persistent, and in some ways fundamental problem in much of the US policy debate about TikTok — and other tech companies, products, and services. Risk is not a “yes” or “no.” Instead, risk is a matter of possibility. Evaluating risks means evaluating hypothetical scenarios that could occur, attempting to determine those scenarios’ likelihood (and other things like short-term impact, long-term impact, etc.), and then determining what should be done about those possible scenarios. But many US politicians, policymakers, pundits, and members of the media will reduce the conversation to “is there a risk with TikTok” or “is there not a risk with TikTok.” Indeed, it still happens right now. This is a reductive approach to the problem and is not actual, comprehensive risk assessment — which instead speaks to possible scenarios and outcomes, rather than something that is there completely or not at all. Adopting this view of “risk” also leads to policy proposals contingent on false binaries.
Europe’s policy debate on TikTok is still very much evolving. Lessons from the US conversation over the past several years could help European policymakers, politicians, pundits, and media organizations put that debate on better footing.
Subscribe for more public insights, and reach out on Global Cyber Strategies’ website for a range of custom-tailored research and advisory services.
—
© 2023 Global Cyber Strategies LLC.