[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H. Res. 1051 Introduced in House (IH)]

<DOC>






118th CONGRESS
  2d Session
H. RES. 1051

  Recognizing the importance of the national security risks posed by 
        foreign adversary controlled social media applications.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             March 5, 2024

   Mr. Gallagher (for himself and Mr. Krishnamoorthi) submitted the 
following resolution; which was referred to the Committee on Energy and 
                                Commerce

_______________________________________________________________________

                               RESOLUTION


 
  Recognizing the importance of the national security risks posed by 
        foreign adversary controlled social media applications.

Whereas TikTok collects vast amounts of data on Americans, though the total 
        extent of its collection is unknown:

    (1) On August 6, 2020, the President concluded that TikTok 
``automatically captures vast swaths of information from its users'' and 
that TikTok's ownership by ByteDance Ltd. enables the People's Republic of 
China (referred to in this resolution as the ``PRC'') and Communist Party 
of China (referred to in this resolution as the ``CCP'') to gain access to 
``Americans' personal and proprietary information,'' potentially allowing 
the CCP ``to track the locations of Federal employees and contractors, 
build dossiers of personal information for blackmail, and conduct corporate 
espionage''.

    (2) Outside reporting has confirmed the breadth of TikTok's reach, 
concluding that its data collection practices extend to age, phone number, 
precise location, internet address, device used, phone contacts, social 
network connections, content of private messages sent through the 
application, and videos watched.

    (3) On November 11, 2022, Federal Communications Commissioner Brendan 
Carr explained that ``underneath [TikTok], it operates as a very 
sophisticated surveillance app.''. He characterized it as ``a big risk'' 
for multiple reasons, including espionage. The risk posed by TikTok is 
exacerbated by the difficulty in assessing precisely which categories of 
data it collects. For example, outside researchers have found embedded 
vulnerabilities that allow the company to collect more data than the 
application's privacy policy indicates.

Whereas PRC law requires obligatory, secret disclosure of data controlled by 
        Chinese companies at the PRC's unilateral request:

    (1) Pursuant to PRC law, the PRC can require a company headquartered in 
the PRC to surrender all its data to the PRC, making it an espionage tool 
of the CCP.

    (2) The National Intelligence Law, passed in China in 2017, states that 
``any organization'' must assist or cooperate with CCP intelligence work. 
Such assistance or cooperation must also remain secret at the PRC's 
request.

    (3) The PRC's 2014 Counter-Espionage Law states that ``relevant 
organizations . . . may not refuse'' to collect evidence for an 
investigation.

    (4) The PRC's Data Security Law of 2021 states that the PRC has the 
power to access and control private data.

    (5) The PRC's Counter-Espionage Law grants PRC security agencies nearly 
unfettered discretion, if acting under an effectively limitlessly capacious 
understanding of national security, to access data from companies.

    (6) On September 17, 2020, the Department of Commerce concluded that 
the PRC, to advance ``its intelligence-gathering and to understand more 
about who to target for espionage, whether electronically or via human 
recruitment,'' is constructing ``massive databases of Americans' personal 
information'' and that ByteDance has close ties to the CCP, including a 
cooperation agreement with a security agency and over 130 CCP members in 
management positions.

    (7) On December 2, 2022, the Director of the Federal Bureau of 
Investigation, Christopher Wray, stated that TikTok's data repositories on 
Americans ``are in the hands of a government that doesn't share our values 
and that has a mission that's very much at odds with what's in the best 
interests of the United States. . . . The [CCP] has shown a willingness to 
steal Americans data on a scale that dwarfs any other''.

    (8) On December 5, 2022, the Director of National Intelligence, Avril 
Haines, stated, when asked about TikTok and PRC ownership, ``It is 
extraordinary the degree to which [the PRC] . . . [is] developing 
frameworks for collecting foreign data and pulling it in, and their 
capacity to then turn that around and use it to target audiences for 
information campaigns and other things, but also to have it for the future 
so that they can use it for a variety of means''.

    (9) On December 16, 2022, the Director of the Central Intelligence 
Agency, William Burns, explained that ``because the parent company of 
TikTok is a [PRC] company, the [CCP] is able to insist upon extracting the 
private data of a lot of TikTok users in this country, and also to shape 
the content of what goes on to TikTok as well to suit the interests of the 
Chinese leadership''.

    (10) On August 2, 2020, then-Secretary of State, Mike Pompeo, stated 
that PRC-based companies ``are feeding data directly to the Chinese 
Communist Party, their national security apparatus''.

    (11) Public reporting has repeatedly confirmed statements made by the 
executive branch regarding the tight interlinkages between ByteDance, 
TikTok, and the CCP.

    G    (A) The Secretary of ByteDance's CCP committee, Zhang Fuping, also 
serves as ByteDance's Editor-in-Chief and Vice President and has vowed that 
the CCP committee would ``take the lead'' across ``all product lines and 
business lines'', which include TikTok.

    G    (B) On May 30, 2023, public reporting revealed that TikTok has 
stored sensitive financial information, including the Social Security 
numbers and tax identifications of TikTok influencers and United States 
small businesses, on servers in China accessible by ByteDance employees.

    G    (C) On December 22, 2022, public reporting revealed that ByteDance 
employees accessed TikTok user data and IP addresses to monitor the 
physical locations of specific United States citizens.

    G    (D) On June 17, 2022, public reporting revealed that, according to 
leaked audio from more than 80 internal TikTok meetings, China-based 
employees of ByteDance repeatedly accessed nonpublic data about United 
States TikTok users, including the physical locations of specific United 
States citizens.

    G    (E) On January 20, 2023, public reporting revealed that TikTok and 
ByteDance employees regularly engage in practice called ``heating,'' which 
is a manual push to ensure specific videos ``achieve a certain number of 
video views''.

    G    (F) In a court filing in June 2023, a former employee of ByteDance 
alleged that the CCP spied on pro-democracy protestors in Hong Kong in 2018 
by using backdoor access to TikTok to identify and monitor activists' 
locations and communications.

    G    (G) On November 1, 2023, public reporting revealed that TikTok's 
internal platform, which houses its most sensitive information, was 
inspected in person by CCP cybersecurity agents in the lead-up to the CCP's 
20th National Congress.

Whereas the PRC's access to American users' data poses unacceptable risks to 
        United States national security:

    (1) As a general matter, foreign adversary controlled social media 
applications present a clear threat to the national security of the United 
States.

    (2) The Department of Homeland Security has warned that the PRC's data 
collection activities in particular have resulted in ``numerous risks to 
U.S. businesses and customers, including: the theft of trade secrets, of 
intellectual property, and of other confidential business information; 
violations of U.S. export control laws; violations of U.S. privacy laws; 
breaches of contractual provisions and terms of service; security and 
privacy risks to customers and employees; risk of PRC surveillance and 
tracking of regime critics; and reputational harm to U.S. businesses''. 
These risks are imminent and other, unforeseen risks may also exist.

    (3) On September 28, 2023, the Department of State's Global Engagement 
Center issued a report that found that ``TikTok creates opportunities for 
PRC global censorship''. The report stated that United States Government 
information as of late 2020 showed that ``ByteDance maintained a regularly 
updated internal list identifying people who were likely blocked or 
restricted from all ByteDance platforms, including TikTok, for reasons such 
as advocating for Uyghur independence''.

    (4) On November 15, 2022, the Director of the Federal Bureau of 
Investigation, Christopher Wray, testified before the Committee on Homeland 
Security of the House of Representatives that TikTok's national security 
concerns ``include the possibility that the [CCP] could use it to control 
data collection on millions of users or control the recommendation 
algorithm, which could be used for influence operations if they so choose, 
or to control software on millions of devices, which gives it an 
opportunity to potentially technically compromise personal devices''.

    (5) On March 8, 2023, the Director of the Federal Bureau of 
Investigation, Christopher Wray, testified before the Select Committee on 
Intelligence of the Senate that the CCP, through its ownership of 
ByteDance, could use TikTok to collect and control users' data and drive 
divisive narratives internationally.

Whereas Congress has extensively investigated whether TikTok poses a national 
        security threat because it is owned by ByteDance:

    (1) On October 26, 2021, during the testimony of Michael Beckerman, 
TikTok head of public policy for the Americas, before a hearing of the 
Subcommittee on Consumer Protection of the Committee on Commerce, Science, 
and Transportation of the Senate, lawmakers expressed concerns that 
TikTok's audio and user location data could be used by the CCP.

    (2) On September 14, 2022, lawmakers expressed concerns over TikTok's 
algorithm and content recommendations posing a national security threat 
during a hearing before the Committee on Homeland Security and Governmental 
Affairs of the Senate with Vanessa Pappas, Chief Operating Officer of 
TikTok.

    (3) On March 23, 2023, during the testimony of TikTok CEO, Shou Chew, 
before the Committee on Energy and Commerce of the House of 
Representatives, lawmakers expressed concerns about the safety and security 
of the application, including TikTok's relationship with the CCP.

    (4) On February 28, 2023, former Deputy National Security Advisor, 
Matthew Pottinger, emphasized that it has already been confirmed that 
TikTok's parent company ByteDance has used the application to surveil 
United States journalists as a means to identify and retaliate against 
potential sources. The PRC has also shown a willingness to harass 
individuals abroad who take stances that contradict the Communist Party 
lines. The application can further be employed to help manipulate social 
discourse and amplify false information to tens of millions of Americans.

    (5) On March 23, 2023, Nury Turkel, the Chair of the United States 
Commission on International Religious Freedom, raised the alarm that 
TikTok's parent company, ByteDance, has a strategic partnership with 
China's Ministry of Public Security, and China's domestic version of the 
application, Douyin, has been used to collect data and sensitive 
information from Uyghurs and other oppressed ethnic minority groups.

    (6) On July 26, 2023, William Evanina, the former Director of the 
National Counterintelligence and Security Center, pointed to TikTok as just 
one of many areas of concern that combine to paint a concerning picture of 
the CCP's capabilities and intent as an adversarial, malign competitor.

    (7) On November 30, 2023, John Garnaut of the Australian Strategic 
Policy Institute (ASPI) remarked that TikTok has sophisticated capabilities 
that create the risk that TikTok can clandestinely shape narratives and 
elevate favorable opinions while suppressing statements and news that the 
PRC deems negative.

    (8) On January 18, 2024, the Select Committee on Strategic Competition 
between the United States and the Chinese Communist Party of the House of 
Representatives was briefed by a set of senior interagency officials to 
discuss these matters.

    (9) On March 22, 2023, elements of the intelligence community provided 
a classified briefing on the threat to members of the Permanent Select 
Committee on Intelligence of the House of Representatives and leadership 
for the Committee on Energy and Commerce of the House of Representatives.

    (10) On April 26, 2023, the executive branch provided a classified 
briefing on the threat to members of the Committee on Commerce, Science, 
and Transportation and the Select Committee on Intelligence of the Senate.

    (11) On June 5, 2023, the executive branch provided a classified 
briefing on the threat to staff of the Committee on Banking of the Senate 
and the Committee on Energy and Commerce of the House of Representatives.

    (12) In June 2023, at the request of the Permanent Select Committee on 
Intelligence of the House of Representatives, the intelligence community 
provided a classified threat briefing open to all Members of the House of 
Representatives.

    (13) On November 15, 2023, elements of the intelligence community 
provided a classified briefing to the Select Committee on Intelligence and 
the Committee on Commerce, Science, and Transportation of the Senate on, 
inter alia, the Peoples Republic of China's conduct of global foreign 
malign influence operations, including through platforms such as TikTok.

Whereas Congress and the executive branch are of one mind on the risks presented 
        by TikTok's data collection practices:

    (1) On May 15, 2019, the President issued an Executive Order on 
Securing the Information and Communications Technology and Services Supply 
Chain, which stated that ``unrestricted acquisition or use in the United 
States of information and communications technology or services designed, 
developed, manufactured, or supplied by persons owned by, controlled by, or 
subject to the jurisdiction or direction of foreign adversaries . . . 
constitutes an unusual and extraordinary threat to the national security, 
foreign policy, and economy of the United States''.

    (2) On June 9, 2021, the President issued an Executive Order on 
Protecting Americans' Sensitive Data from Foreign Adversaries, which stated 
that ``[f]oreign adversary access to large repositories of United States 
persons' data also presents a significant risk.'' The EO stated that ``the 
United States must act to protect against the risks associated with 
connected software applications that are designed, developed, manufactured, 
or supplied by persons owned or controlled by, or subject to the 
jurisdiction or direction of, a foreign adversary''.

    (3) In May 2019, in connection with a review by the Committee on 
Foreign Investment in the United States (CFIUS), a company based in the PRC 
agreed to divest its interest in a popular software application reportedly 
due to concerns relating to potential access by the PRC to American user 
data from the application.

    (4) On July 8, 2020, then-National Security Advisor, Robert O'Brien, 
stated that the CCP uses TikTok and other PRC-owned applications to collect 
personal, private, and intimate data on Americans to use ``for malign 
purposes''.

    (5) On August 14, 2020, the President found ``there is credible 
evidence . . . that ByteDance, Ltd. . . . might take action that threatens 
to impair the national security of the United States''.

    (6) In February 2023, the Deputy Attorney General, Lisa Monaco, stated, 
``Our intelligence community has been very clear about [the CCP's] efforts 
and intention to mold the use of [TikTok] using data in a worldview that is 
completely inconsistent with our own.''. Deputy Attorney General Monaco 
also stated, ``I don't use TikTok and I would not advise anybody to do so 
because of [national security] concerns''.

    (7) On July 13, 2022, Federal Communications Commission Commissioner, 
Brendan Carr, testified before the Subcommittee on National Security of the 
Committee on Oversight and Reform of the House of Representatives that 
``there is a unique set of national security concerns when it comes to 
[TikTok]''.

    (8) On March 23, 2023, the Secretary of State, Antony Blinken, 
testified before the Committee on Foreign Affairs of the House of 
Representatives that TikTok is a threat to national security that should be 
``ended one way or another''.

Whereas the executive branch has sought to address the risks identified above 
        through requiring ByteDance to divest its ownership of TikTok:

    (1) On August 14, 2020, the President issued an Executive order 
directing ByteDance to divest any assets or property used to enable or 
support ByteDance's operation of the TikTok application in the United 
States and any data obtained or derived from TikTok application or 
Musical.ly application users in the United States. The Order, however, 
remains the subject of litigation.

    (2) On August 6, 2020, the President issued an Executive order (E.O. 
13942) that directed the Secretary of Commerce to take actions that would 
have prohibited certain transactions related to TikTok in 45 days if 
ByteDance failed to divest its ownership of TikTok. The companies and 
content creators using the TikTok mobile application filed lawsuits 
challenging those prohibitions, as a result of which two district courts 
issued preliminary injunctions enjoining the prohibitions.

    (3) Following the multiple judicial rulings that enjoined the executive 
branch from enforcing the regulations contemplated in E.O. 13942, on June 
9, 2021, the President issued a new Executive order that rescinded E.O. 
13942, and directed the Secretary of Commerce to more broadly assess and 
take action, where possible, against connected software applications that 
pose a threat to national security.

Whereas Congress has passed, and the executive branch has implemented, a ban on 
        ByteDance-controlled applications like TikTok from Government devices 
        because of the national security threat such applications pose; even so, 
        the application's widespread popularity limits the effectiveness of this 
        step:

    (1) Prior to 2022, several Federal agencies, including the Departments 
of Defense, State, and Homeland Security, had issued orders banning TikTok 
on devices for which those specific agencies are responsible.

    (2) On December 29, 2022, following its adoption by Congress, the 
President signed into law a bill banning the use of TikTok on Government 
devices due to the national security threat posed by the application under 
its current ownership.

    (3) A majority of States in the United States have also banned TikTok 
on State government devices due to the national security threat posed by 
the application under its current ownership.

    (4) To date, as long as TikTok is subject to the ownership or control 
of ByteDance, no alternative to preventing or prohibiting TikTok's 
operation of the application in the United States has been identified that 
would be sufficient to address the above-identified risks.

    (5) The national security risks arise from and are related to the 
ownership or control of TikTok by a foreign adversary controlled company. 
Severing ties to such foreign adversary controlled company, for example by 
a full divestment, would mitigate such risks.

    (6) As has been widely reported, TikTok, Inc. has proposed an 
alternative, a proposal referred to as ``Project Texas,'' which is an 
initiative to try and satisfy concerns relating to TikTok's handling of 
United States user data.

    G    (A) Under the proposal, United States user data would be stored in 
the United States, using the infrastructure of a trusted third party.

    G    (B) That initiative would have allowed the application algorithm, 
source code, and development activities to remain in China under 
ByteDance's control and subject to PRC laws, albeit subject to proposed 
safeguards relating to cloud infrastructure and other data security 
concerns. Project Texas would also have allowed ByteDance to continue to 
have a role in certain aspects of TikTok's United States operations.

    G    (C) Project Texas would have allowed TikTok to continue to rely on 
the engineers and back-end support in China to update its algorithms and 
the source code needed to run the TikTok application in the United States.

    G    (D) Allowing code development in and access to United States user 
data from China potentially exposes United States users to malicious code, 
backdoor vulnerabilities, surreptitious surveillance, and other problematic 
activities tied to source code development.

    G    (E) Allowing back-end support, code development, and operational 
activities to remain in China would also require TikTok to continue to send 
United States user data to China to update the machine learning algorithms 
and source code for the application, and to conduct related back-end 
services, like managing users' accounts.

    (7) On January 31, 2024, the Director of the Federal Bureau of 
Investigation, Christopher Wray, testified before the Select Committee on 
Strategic Competition between the United States and the Chinese Communist 
Party of the House of Representatives that TikTok gives the PRC ``the 
ability to control data collection on millions of users, which can be used 
for all sorts of intelligence operations or influence operations,'' and 
``the ability, should they so choose, to control the software on millions 
of devices, which means the opportunity to technically compromise millions 
of devices''.

    (8) The risks posed by TikTok's data collection would be addressed by 
the Protecting Americans from Foreign Adversary Controlled Applications 
Act, despite the potential that the PRC might purchase similar types of 
data from private data brokers.

    (9) The degree of risk posed by TikTok has increased alongside the 
application's immense popularity in the United States.

    Resolved, That the House of Representatives has determined that 
ByteDance and TikTok pose an unacceptable risk to the national security 
of the United States.
                                 <all>