[Senate Report 116-250]
[From the U.S. Government Publishing Office]
116th Congress } { Report
SENATE
2nd Session } { 116-250
_______________________________________________________________________
NO TIK TOK ON GOVERNMENT
DEVICES ACT
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
S. 3455
TO PROHIBIT CERTAIN INDIVIDUALS FROM DOWNLOADING OR
USING TIKTOK ON ANY DEVICE ISSUED BY THE UNITED STATES OR A GOVERNMENT
CORPORATION
August 10, 2020.--Ordered to be printed
______
U.S. GOVERNMENT PUBLISHING OFFICE
99-010 WASHINGTON : 2020
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
RON JOHNSON, Wisconsin Chairman
ROB PORTMAN, Ohio GARY C. PETERS, Michigan
RAND PAUL, Kentucky THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah KAMALA D. HARRIS, California
RICK SCOTT, Florida KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming JACKY ROSEN, Nevada
JOSH HAWLEY, Missouri
Gabrielle D'Adamo Singer, Staff Director
Joseph C. Folio III, Chief Counsel
Michael J.R. Flynn, Senior Counsel
David M. Weinberg, Minority Staff Director
Zachary I. Schram, Minority Chief Counsel
Jeffrey D. Rothblum, Minority Senior Professional Staff Member
Laura W. Kilbride, Chief Clerk
116th Congress } { Report
SENATE
2nd Session } { 116-250
======================================================================
NO TIK TOK ON GOVERNMENT DEVICES ACT
_______
August 10, 2020.--Ordered to be printed
_______
Mr. Johnson, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany S. 3455]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (S. 3455) to prohibit
certain individuals from downloading or using TikTok on any
device issued by the United States or a government corporation,
having considered the same, reports favorably thereon with an
amendment in the nature of a substitute and recommends that the
bill, as amended, do pass.
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................2
III. Legislative History..............................................3
IV. Section-by-Section Analysis......................................4
V. Evaluation of Regulatory Impact..................................4
VI. Congressional Budget Office Cost Estimate........................4
VII. Changes in Existing Law Made by the Bill, as Reported............5
I. Purpose and Summary
S. 3455, the No TikTok on Government Devices Act, requires
the Director of the Office of Management and Budget (OMB) to
develop standards and guidelines, consistent with the Federal
Information Security Management Act (FISMA) of 2014, to remove
the TikTok application from Federal information technology
devices and platforms. The standards and guidelines developed
by OMB must be developed in consultation with the General
Services Administration (GSA), the Cybersecurity and
Infrastructure Security Agency (CISA), the Office of the
Director of National Intelligence (ODNI), and the Department of
Defense (DoD). The bill includes an exemption for law
enforcement activities, national security interests and
activities, and security researchers.
II. Background and the Need for Legislation
In November 2017, a Beijing-based media and technology
company, ByteDance Limited (ByteDance), acquired a Shanghai-
based social media company, Musical.ly, Inc. (Musical.ly) for
approximately $1 billion.\1\ At the time of acquisition,
Musical.ly's flagship web application included a user base of
over 60 million in the United States and Europe and its offices
were located in Shanghai and Santa Monica, California.\2\ In
August 2018, ByteDance merged Musical.ly's web application with
its own social media short-form video app, TikTok, managed by
its subsidiary TikTok, Inc.\3\ TikTok is estimated to have a
global audience of approximately 800 million active users.\4\
---------------------------------------------------------------------------
\1\Liza Lin and Rolfe Winkler, Social-Media App Musical.ly Is
Acquired for as Much as $1 Billion, Wall St. J. (Nov. 9, 2017),
available at https://www.wsj.com/articles/lip-syncing-app-musical-ly-
is-acquired-for-as-much-as-1-billion-1510278123.
\2\Paul Mozur, Musical.ly, a Chinese App Big in the U.S., Sells for
$1 Billion, N.Y. Times (Nov. 10, 2017), available at https://
www.nytimes.com/2017/11/10/business/dealbook/musically-sold-app-
video.html.
\3\Paige Leskin, Inside the rise of TikTok, the viral video-sharing
app that Trump is trying to order its Chinese parent to sell, Business
Insider (Aug. 8, 2020), available at https://www.businessinsider.com/
tiktok-app-online-website-video-sharing-2019-7.
\4\Simone Chu, TikTok: The Summation of 2020's Duality and Chaos,
Harvard Political Review (Jul. 12, 2020), available at https://
harvardpolitics.com/culture/tiktok-2020/.
---------------------------------------------------------------------------
Notwithstanding the global popularity of the TikTok
application, China's national intelligence and security laws
raise serious concerns over the obligations of Chinese-owned
technology companies to participate in intelligence gathering
operations and share data with government officials.\5\
Specifically, China's National Intelligence Law includes
numerous broadly written provisions that compel Chinese
organizations and citizens to ``provide support and assistance
to'' Chinese intelligence work.\6\ These requirements allow for
the potential that Chinese government officials could use
TikTok to violate the civil rights and privacy of users in the
United States or otherwise gather data that may have national
security implications.\7\ On this basis, in November 2019, the
Committee on Foreign Investment in the United States (CFIUS)
began a review of ByteDance's acquisition of the social media
service TikTok.\8\
---------------------------------------------------------------------------
\5\Jack Nicas, Mike Isaac, Ana Swanson, TikTok Said to Be Under
National Security Review, N.Y. Times (Nov. 1, 2019), available at
https://www.nytimes.com/2019/11/01/technology/tiktok-national-security-
review.html.
\6\47 C.F.R. 54.26 (2020), available at https://www.govinfo.gov/
content/pkg/FR-2020-01-03/pdf/2019-27610.pdf.
\7\See, e.g. Dangerous Partners: Big Tech and Beijing: Hearing
Before the S. Comm. on the Judiciary, Subcomm. on Crime & Terrorism,
116th Cong. (Mar. 2020) (Statement of Samm Sacks), available at https:/
/www.judiciary.senate.gov/meetings/dangerous-partners-big-tech-and-
beijing.
\8\Drew Harwell and Tony Romm, U.S. government investigating TikTok
over national security concerns, Wall St. J. (Nov. 1, 2019), available
at https://www.washingtonpost.com/technology/2019/11/01/us-government-
investigating-tiktok-over-national-security-concerns/.
---------------------------------------------------------------------------
National security concerns related to Chinese-based
information communications technology are well-documented. As
Federal Bureau of Investigation (FBI) Director Christopher Wray
testified, ``we're deeply concerned about the risks of allowing
any company or entity that is beholden to foreign governments
that don't share our values to gain positions of power inside
our telecommunications networks.''\9\ These long-standing
concerns of foreign-owned ICT led the Committee to pass the
Federal Acquisition Supply Chain Security Act of 2018, enacted
as part of the SECURE Technology Act,\10\ to standardize a
process for the Federal Government to evaluate supply chain
security risks by creating the Federal Acquisition Security
Council (FASC).\11\ In addition, at a hearing before the Senate
Judiciary's Subcommittee on Crime and Terrorism entitled,
``Dangerous Partners: Big Tech and Beijing,'' the Senate heard
from the FBI Deputy Assistant Director of the Cybersecurity
Division who testified that ``Chinese companies are
increasingly acquiring or launching social media applications
not housed in mainland China for the global consumer market
[whose] data handling policies create a risk for U.S. big data
and [personally identifiable information] to be targeted and
exploited by [the People's Republic of China] actors.''\12\
---------------------------------------------------------------------------
\9\Worldwide Threats: Hearing Before the S. Select Comm. on
Intelligence, 115th Cong. (2018) (statement of Director Chris Wray,
Director of the U.S. Federal Bureau of Investigation).
\10\Pub. L. No. 115-390, 115th Cong. (2018).
\11\S. 3085, the Federal Acquisition Supply Chain Security Act of
2018, S. Rept.115-408 (2018).
\12\See supra note 7 (statement of Clyde E. Wallace, Deputy
Director, Cyber Division, Federal Bureau of Investigation), available
at https://www.judiciary.senate.gov/imo/media/doc/
Wallace%20Testimony.pdf.
---------------------------------------------------------------------------
The FASC is an inter-agency effort to manage Federal supply
chain security risks through regular assessment of information
communications technology purchases, information sharing, and,
when necessary, recommend the exclusion or removal of
vulnerable technologies.\13\ The mandate of the FASC covers
information technology, telecommunications equipment, hardware,
software, and cloud computing services;\14\ however, it does
not specifically address free-to-download applications
available in mobile device application stores, such as TikTok.
---------------------------------------------------------------------------
\13\Pub. L. No. 115-390 (2018).
\14\Id.; see also S. Rept.115-408 (2018).
---------------------------------------------------------------------------
Several Federal agencies, including DoD, the State
Department, and the Department of Homeland Security, have
banned TikTok on devices those agencies are responsible for,
but these decisions have been made by individual agencies and
do not apply to the Federal Government as a whole.\15\ Under
FISMA, OMB is responsible for developing and overseeing Federal
cybersecurity policies, and as such it has the power to produce
standards and guidance for the removal of TikTok across the
Federal enterprise.\16\ This bill requires the Director of the
OMB, in consultation with key agency stakeholders, to develop
standards and guidelines requiring the removal of TikTok and
any successor applications developed or provided by ByteDance
or any ByteDance subsidiary.
---------------------------------------------------------------------------
\15\Madeline Holcombe, TSA bans employee use of TikTok for the
agency's outreach amid national security concerns, CNN.com (Feb. 25,
2020) available at https://www.cnn.com/2020/02/25/politics/tsa-tiktok-
national-security/index.html.
\16\44 U.S.C. Sec. 3553.
---------------------------------------------------------------------------
III. Legislative History
Senator Josh Hawley (R-MO) introduced S. 3455, the No
TickTok on Government Devices Act, on March 12, 2020, with
Senator Rick Scott (R-FL) and Senator Tom Cotton (R-AR). The
bill was referred to the Committee on Homeland Security and
Governmental Affairs. Senators Joni Ernst (R-IA), John Kennedy
(R-LA), and Martha McSally (R-AZ) later joined as cosponsors.
The Committee considered S. 3455 at a business meeting on
July 22, 2020. Senator Hawley offered a substitute amendment
that specifies that OMB, within 60 days of passage, shall issue
standards and guidelines to Executive Branch agencies regarding
the removal of the TikTok application from information
technology (rather than previous language that would have
banned the use of the application by Federal employees but
without specific direction from OMB on how to do so), and makes
minor technical corrections. The bill was ordered reported
favorably as modified by the Hawley amendment by voice vote en
bloc. Senators present for the en bloc vote on the amendment
and the bill as amended were Johnson, Portman, Paul, Lankford,
Romney, Scott, Enzi, Hawley, Peters, Carper, Hassan, Harris,
and Rosen.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1. Short title
This section established that the bill may be referred to
as the ``No TikTok on Government Devices Act''.
Section 2. Prohibition on the use of TikTok
Subsection (a) defines the terms ``covered application'',
``executive agency'', and ``information technology.''
Subsection (b) requires the Director of OMB, in
consultation with the Administrator of GSA, the Director of
CISA, the Director of National Intelligence, and the Secretary
of Defense, and consistent with the information security
requirements of FISMA, to develop standards and guidelines for
the removal of covered applications from information
technology.
This subsection also includes directs OMB to include in its
standards and guidelines exemptions for law enforcement
activities, national security interests and security
researchers.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill and determined
that the bill will have no regulatory impact within the meaning
of the rules. The Committee agrees with the Congressional
Budget Office's statement that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act (UMRA) and would impose no costs
on state, local, or tribal governments.
VI. Congressional Budget Office Cost Estimate
U.S. Congress,
Congressional Budget Office,
Washington, DC, August 5, 2020.
Hon. Ron Johnson,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for S. 3455, the No TikTok
on Government Devices Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Matthew
Pickford.
Sincerely,
Phillip L. Swagel,
Director.
Enclosure.
S. 3455 would require the Office of Management and Budget
(OMB) in consultation with other government agencies to develop
guidelines that would require the removal of the social
networking service TikTok from any executive branch information
technology.
Several federal laws, regulations, and policies prohibit
the use of government property for unauthorized purposes. S.
3455 would expand those prohibitions to include TikTok or any
successor service provided by its developer. Some federal
agencies including the Department of Defense have already
banned TikTok from their devices. Based on the cost of similar
requirements, CBO estimates that implementing S. 3455 would
cost less than $500,000 over the 2020-2025 period, subject to
the availability of appropriated funds. Those costs would
primarily be for administrative expenses at OMB to develop the
guidelines and for other government agencies to comply with the
new restriction.
Enacting S. 3455 could affect direct spending by some
agencies that are allowed to use fees, receipts from the sale
of goods, and other collections to cover operating costs. CBO
estimates that any net changes in direct spending by those
agencies would be negligible because most of them can adjust
amounts collected to reflect changes in operating costs.
The CBO staff contact for this estimate is Matthew
Pickford. The estimate was reviewed by H. Samuel Papenfuss,
Deputy Director of Budget Analysis.
VII. Changes in Existing Law Made by the Bill, as Reported
Because this legislation would not repeal or amend any
provision of current law, it would not make changes in existing
law within the meaning of clauses (a) and (b) of paragraph 12
of rule XXVI of the Standing Rules of the Senate.