[Senate Report 116-250]
[From the U.S. Government Publishing Office]

116th Congress   }                                          {    Report
2nd Session      }                                          {   116-250


                       NO TIK TOK ON GOVERNMENT 
                              DEVICES ACT


                              R E P O R T

                                 of the


                          GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                              to accompany

                                S. 3455


                August 10, 2020.--Ordered to be printed

99-010                 WASHINGTON : 2020 

                    RON JOHNSON, Wisconsin Chairman
ROB PORTMAN, Ohio                    GARY C. PETERS, Michigan
RAND PAUL, Kentucky                  THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma             MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah                    KAMALA D. HARRIS, California
RICK SCOTT, Florida                  KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming             JACKY ROSEN, Nevada

                Gabrielle D'Adamo Singer, Staff Director
                   Joseph C. Folio III, Chief Counsel
                   Michael J.R. Flynn, Senior Counsel
               David M. Weinberg, Minority Staff Director
               Zachary I. Schram, Minority Chief Counsel
     Jeffrey D. Rothblum, Minority Senior Professional Staff Member
                     Laura W. Kilbride, Chief Clerk

116th Congress }                                               {   Report
 2nd Session   }                                               {  116-250




                August 10, 2020.--Ordered to be printed


 Mr. Johnson, from the Committee on Homeland Security and Governmental 
                    Affairs, submitted the following

                              R E P O R T

                         [To accompany S. 3455]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security and Governmental 
Affairs, to which was referred the bill (S. 3455) to prohibit 
certain individuals from downloading or using TikTok on any 
device issued by the United States or a government corporation, 
having considered the same, reports favorably thereon with an 
amendment in the nature of a substitute and recommends that the 
bill, as amended, do pass.


  I. Purpose and Summary..............................................1
 II. Background and Need for the Legislation..........................2
III. Legislative History..............................................3
 IV. Section-by-Section Analysis......................................4
  V. Evaluation of Regulatory Impact..................................4
 VI. Congressional Budget Office Cost Estimate........................4
VII. Changes in Existing Law Made by the Bill, as Reported............5

                         I. Purpose and Summary

    S. 3455, the No TikTok on Government Devices Act, requires 
the Director of the Office of Management and Budget (OMB) to 
develop standards and guidelines, consistent with the Federal 
Information Security Management Act (FISMA) of 2014, to remove 
the TikTok application from Federal information technology 
devices and platforms. The standards and guidelines developed 
by OMB must be developed in consultation with the General 
Services Administration (GSA), the Cybersecurity and 
Infrastructure Security Agency (CISA), the Office of the 
Director of National Intelligence (ODNI), and the Department of 
Defense (DoD). The bill includes an exemption for law 
enforcement activities, national security interests and 
activities, and security researchers.

              II. Background and the Need for Legislation

    In November 2017, a Beijing-based media and technology 
company, ByteDance Limited (ByteDance), acquired a Shanghai-
based social media company, Musical.ly, Inc. (Musical.ly) for 
approximately $1 billion.\1\ At the time of acquisition, 
Musical.ly's flagship web application included a user base of 
over 60 million in the United States and Europe and its offices 
were located in Shanghai and Santa Monica, California.\2\ In 
August 2018, ByteDance merged Musical.ly's web application with 
its own social media short-form video app, TikTok, managed by 
its subsidiary TikTok, Inc.\3\ TikTok is estimated to have a 
global audience of approximately 800 million active users.\4\
    \1\Liza Lin and Rolfe Winkler, Social-Media App Musical.ly Is 
Acquired for as Much as $1 Billion, Wall St. J. (Nov. 9, 2017), 
available at https://www.wsj.com/articles/lip-syncing-app-musical-ly-
    \2\Paul Mozur, Musical.ly, a Chinese App Big in the U.S., Sells for 
$1 Billion, N.Y. Times (Nov. 10, 2017), available at https://
    \3\Paige Leskin, Inside the rise of TikTok, the viral video-sharing 
app that Trump is trying to order its Chinese parent to sell, Business 
Insider (Aug. 8, 2020), available at https://www.businessinsider.com/
    \4\Simone Chu, TikTok: The Summation of 2020's Duality and Chaos, 
Harvard Political Review (Jul. 12, 2020), available at https://
    Notwithstanding the global popularity of the TikTok 
application, China's national intelligence and security laws 
raise serious concerns over the obligations of Chinese-owned 
technology companies to participate in intelligence gathering 
operations and share data with government officials.\5\ 
Specifically, China's National Intelligence Law includes 
numerous broadly written provisions that compel Chinese 
organizations and citizens to ``provide support and assistance 
to'' Chinese intelligence work.\6\ These requirements allow for 
the potential that Chinese government officials could use 
TikTok to violate the civil rights and privacy of users in the 
United States or otherwise gather data that may have national 
security implications.\7\ On this basis, in November 2019, the 
Committee on Foreign Investment in the United States (CFIUS) 
began a review of ByteDance's acquisition of the social media 
service TikTok.\8\
    \5\Jack Nicas, Mike Isaac, Ana Swanson, TikTok Said to Be Under 
National Security Review, N.Y. Times (Nov. 1, 2019), available at 
    \6\47 C.F.R. 54.26 (2020), available at https://www.govinfo.gov/
    \7\See, e.g. Dangerous Partners: Big Tech and Beijing: Hearing 
Before the S. Comm. on the Judiciary, Subcomm. on Crime & Terrorism, 
116th Cong. (Mar. 2020) (Statement of Samm Sacks), available at https:/
    \8\Drew Harwell and Tony Romm, U.S. government investigating TikTok 
over national security concerns, Wall St. J. (Nov. 1, 2019), available 
at https://www.washingtonpost.com/technology/2019/11/01/us-government-
    National security concerns related to Chinese-based 
information communications technology are well-documented. As 
Federal Bureau of Investigation (FBI) Director Christopher Wray 
testified, ``we're deeply concerned about the risks of allowing 
any company or entity that is beholden to foreign governments 
that don't share our values to gain positions of power inside 
our telecommunications networks.''\9\ These long-standing 
concerns of foreign-owned ICT led the Committee to pass the 
Federal Acquisition Supply Chain Security Act of 2018, enacted 
as part of the SECURE Technology Act,\10\ to standardize a 
process for the Federal Government to evaluate supply chain 
security risks by creating the Federal Acquisition Security 
Council (FASC).\11\ In addition, at a hearing before the Senate 
Judiciary's Subcommittee on Crime and Terrorism entitled, 
``Dangerous Partners: Big Tech and Beijing,'' the Senate heard 
from the FBI Deputy Assistant Director of the Cybersecurity 
Division who testified that ``Chinese companies are 
increasingly acquiring or launching social media applications 
not housed in mainland China for the global consumer market 
[whose] data handling policies create a risk for U.S. big data 
and [personally identifiable information] to be targeted and 
exploited by [the People's Republic of China] actors.''\12\
    \9\Worldwide Threats: Hearing Before the S. Select Comm. on 
Intelligence, 115th Cong. (2018) (statement of Director Chris Wray, 
Director of the U.S. Federal Bureau of Investigation).
    \10\Pub. L. No. 115-390, 115th Cong. (2018).
    \11\S. 3085, the Federal Acquisition Supply Chain Security Act of 
2018, S. Rept.115-408 (2018).
    \12\See supra note 7 (statement of Clyde E. Wallace, Deputy 
Director, Cyber Division, Federal Bureau of Investigation), available 
at https://www.judiciary.senate.gov/imo/media/doc/
    The FASC is an inter-agency effort to manage Federal supply 
chain security risks through regular assessment of information 
communications technology purchases, information sharing, and, 
when necessary, recommend the exclusion or removal of 
vulnerable technologies.\13\ The mandate of the FASC covers 
information technology, telecommunications equipment, hardware, 
software, and cloud computing services;\14\ however, it does 
not specifically address free-to-download applications 
available in mobile device application stores, such as TikTok.
    \13\Pub. L. No. 115-390 (2018).
    \14\Id.; see also S. Rept.115-408 (2018).
    Several Federal agencies, including DoD, the State 
Department, and the Department of Homeland Security, have 
banned TikTok on devices those agencies are responsible for, 
but these decisions have been made by individual agencies and 
do not apply to the Federal Government as a whole.\15\ Under 
FISMA, OMB is responsible for developing and overseeing Federal 
cybersecurity policies, and as such it has the power to produce 
standards and guidance for the removal of TikTok across the 
Federal enterprise.\16\ This bill requires the Director of the 
OMB, in consultation with key agency stakeholders, to develop 
standards and guidelines requiring the removal of TikTok and 
any successor applications developed or provided by ByteDance 
or any ByteDance subsidiary.
    \15\Madeline Holcombe, TSA bans employee use of TikTok for the 
agency's outreach amid national security concerns, CNN.com (Feb. 25, 
2020) available at https://www.cnn.com/2020/02/25/politics/tsa-tiktok-
    \16\44 U.S.C. Sec. 3553.

                        III. Legislative History

    Senator Josh Hawley (R-MO) introduced S. 3455, the No 
TickTok on Government Devices Act, on March 12, 2020, with 
Senator Rick Scott (R-FL) and Senator Tom Cotton (R-AR). The 
bill was referred to the Committee on Homeland Security and 
Governmental Affairs. Senators Joni Ernst (R-IA), John Kennedy 
(R-LA), and Martha McSally (R-AZ) later joined as cosponsors.
    The Committee considered S. 3455 at a business meeting on 
July 22, 2020. Senator Hawley offered a substitute amendment 
that specifies that OMB, within 60 days of passage, shall issue 
standards and guidelines to Executive Branch agencies regarding 
the removal of the TikTok application from information 
technology (rather than previous language that would have 
banned the use of the application by Federal employees but 
without specific direction from OMB on how to do so), and makes 
minor technical corrections. The bill was ordered reported 
favorably as modified by the Hawley amendment by voice vote en 
bloc. Senators present for the en bloc vote on the amendment 
and the bill as amended were Johnson, Portman, Paul, Lankford, 
Romney, Scott, Enzi, Hawley, Peters, Carper, Hassan, Harris, 
and Rosen.

        IV. Section-by-Section Analysis of the Bill, as Reported

Section 1. Short title

    This section established that the bill may be referred to 
as the ``No TikTok on Government Devices Act''.

Section 2. Prohibition on the use of TikTok

    Subsection (a) defines the terms ``covered application'', 
``executive agency'', and ``information technology.''
    Subsection (b) requires the Director of OMB, in 
consultation with the Administrator of GSA, the Director of 
CISA, the Director of National Intelligence, and the Secretary 
of Defense, and consistent with the information security 
requirements of FISMA, to develop standards and guidelines for 
the removal of covered applications from information 
    This subsection also includes directs OMB to include in its 
standards and guidelines exemptions for law enforcement 
activities, national security interests and security 

                   V. Evaluation of Regulatory Impact

    Pursuant to the requirements of paragraph 11(b) of rule 
XXVI of the Standing Rules of the Senate, the Committee has 
considered the regulatory impact of this bill and determined 
that the bill will have no regulatory impact within the meaning 
of the rules. The Committee agrees with the Congressional 
Budget Office's statement that the bill contains no 
intergovernmental or private-sector mandates as defined in the 
Unfunded Mandates Reform Act (UMRA) and would impose no costs 
on state, local, or tribal governments.

             VI. Congressional Budget Office Cost Estimate

                                     U.S. Congress,
                               Congressional Budget Office,
                                    Washington, DC, August 5, 2020.
Hon. Ron Johnson,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S. 
        Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 3455, the No TikTok 
on Government Devices Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Matthew 
                                         Phillip L. Swagel,


    S. 3455 would require the Office of Management and Budget 
(OMB) in consultation with other government agencies to develop 
guidelines that would require the removal of the social 
networking service TikTok from any executive branch information 
    Several federal laws, regulations, and policies prohibit 
the use of government property for unauthorized purposes. S. 
3455 would expand those prohibitions to include TikTok or any 
successor service provided by its developer. Some federal 
agencies including the Department of Defense have already 
banned TikTok from their devices. Based on the cost of similar 
requirements, CBO estimates that implementing S. 3455 would 
cost less than $500,000 over the 2020-2025 period, subject to 
the availability of appropriated funds. Those costs would 
primarily be for administrative expenses at OMB to develop the 
guidelines and for other government agencies to comply with the 
new restriction.
    Enacting S. 3455 could affect direct spending by some 
agencies that are allowed to use fees, receipts from the sale 
of goods, and other collections to cover operating costs. CBO 
estimates that any net changes in direct spending by those 
agencies would be negligible because most of them can adjust 
amounts collected to reflect changes in operating costs.
    The CBO staff contact for this estimate is Matthew 
Pickford. The estimate was reviewed by H. Samuel Papenfuss, 
Deputy Director of Budget Analysis.

       VII. Changes in Existing Law Made by the Bill, as Reported

    Because this legislation would not repeal or amend any 
provision of current law, it would not make changes in existing 
law within the meaning of clauses (a) and (b) of paragraph 12 
of rule XXVI of the Standing Rules of the Senate.