The RESTRICT Act: What to Know
The US has a new bill in Congress to place restrictions on certain tech companies, products, and services for national security reasons. Here's what to know.
As French President Emmanuel Macron issues a joint declaration with Chinese President Xi Jinping, including on 5G security; as the TikTok debate in DC continues; the US Congress is considering a bill that would give the executive branch more powers to restrict certain tech companies, products, and services for national security reasons. The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act was sponsored by a bipartisan group of senators but has sparked controversy with others in Congress. Here’s what to know about the bill and its tech policy and geopolitical implications. Brought to you by Global Cyber Strategies, a Washington, DC-based research and advisory firm.
The One-Liner
The RESTRICT Act would authorize the Secretary of Commerce to review and prohibit certain transactions between persons in the US and foreign adversaries, focused on tech that pose risks to US national security — but its improvement on past proposals is weighed against its potentially major implications and repercussions for US policy on non-US technology, for years to come.
What’s in the RESTRICT Act?
Senator Mark Warner (D-VA) and Senator John Thune (R-SD), along with 10 other senators, introduced the RESTRICT Act on March 7. In short, it would authorize the Secretary of Commerce to review and prohibit certain transactions between persons in the US and foreign adversaries, focused on information and communications technologies (ICTs) that pose risks to US national security — put simply, investigating tech products and services that could pose national security risks. It didn’t name TikTok specifically, but TikTok was mentioned repeatedly throughout the cosponsors’ press releases. The RESTRICT Act could also look well beyond TikTok.
I wrote about all this recently for Lawfare, which you can read in full here (along with a deep-dive into the DATA Act, another bill related to the DC TikTok debate).
The bill identifies five main categories of risks:
As I then added:
In some ways, delineating covered transactions is far more precise than some previous policy proposals that blurred together distinct risks, such as the risk of a foreign government using a technology product or service to gather data on Americans with clearances, and the risk of that government influencing a foreign platform’s content moderation practices. Most notably, the Trump administration’s TikTok executive order and its subsequent public messaging failed to make these distinctions clear. … By contrast, the RESTRICT Act refers broadly to “sabotage or subversion,” “catastrophic effects” on the U.S. digital economy or U.S. critical infrastructure, election interference, and coercive or criminal activities. Data collection and content manipulation would be just one small part of its scope.
Perhaps this approach is better: The RESTRICT Act focuses on broad risk categories that can encompass a range of ever-changing techniques for digital sabotage, subversion, espionage, and influence; it does not pigeon-hole itself into putting the exact tactics of the day into law, which are sure to change and which a foreign actor could then easily dance around. Simultaneously, the risk categories are incredibly broad. While the definition of something like election interference could be relatively scoped, the fourth risk category, including trying to steer policy and regulatory decisions in a foreign government’s favor, is potentially boundless. It is also easy to imagine industry concerns about the broadness of these categories.
In empowering the Secretary of Commerce to review technology transactions for what the Commerce Department considers national security risks, the RESTRICT Act would also supersede the International Emergency Economic Powers Act (IEEPA):
This is the authority that former President Trump invoked in August 2020 when he signed two executive orders that attempted to ban, respectively, TikTok and WeChat in the U.S., citing national security risks. (The TikTok order was later overturned in the courts, and President Biden withdrew the TikTok and WeChat orders in June 2021.) One of the core challenges with this IEEPA approach to banning TikTok has been the “Berman amendments,” or IEEPA’s 50 U.S.C. § 1702(b)(3) provision: It excludes from the president’s IEEPA authorities the ability to prohibit transactions related to “any information or informational materials,” irrespective of the “format or medium of transmission.” Obviously, TikTok is a company whose platform transmits information.
Hence, the bill seeks to create a separate set of authorities for the US government to restrict technology transactions for national security reasons. It would not be subject to the IEEPA limit on the president restricting the import or export of “information or informational materials.” The bill would also enable the Director of National Intelligence to publish declassified information to explain a decision’s reasoning.
Irrespective of the bill’s tech risk framework, this is a positive and much-needed provision in these kinds of bills. Permitting the executive branch to disclose potentially classified evidence or reasoning behind tech security reviews (of course, if appropriate) could improve transparency to the public, the private sector, and other countries. It also helps reduce the likelihood of a Trump-Huawei-campaign 2.0, where other governments did not trust claims of “national security,” were pushed toward a single “acceptable” option (the U.S. wanted only a complete ban on Huawei 5G equipment), and often did not receive any specific information on supposed risks when they asked.
This is not a completely comprehensive review of the bill; check out the full Lawfare article for additional discussion and analysis.
Will the RESTRICT Act Become Law?
The President’s national security advisor and the Deputy Attorney General have both endorsed the bill. As I concluded the piece:
The coming weeks will indicate how much congressional interest there is in this legislation. The DATA Act is another proposal in a long line looking at TikTok and perceived security risks, but it did not even receive the support of a single Democrat on the House Foreign Affairs Committee. By contrast, the RESTRICT Act has a relatively notable amount of initial support in both parties. Among other open questions is whether White House support will prompt more Democrats to get on board — and whether more Republicans will sign on to the risk framework approach that does not immediately and necessarily impose a ban on TikTok in the US. Of course, the other essential player, and arguably the essential player here, is the executive branch. Its interest in the coming weeks in pursuing a TikTok ban or other restrictions will greatly shape this debate.
Subscribe for more public insights, and reach out on Global Cyber Strategies’ website for a range of custom-tailored research and advisory services.
—
© 2023 Global Cyber Strategies LLC.