When it comes to national security, members of Congress may want to consider heeding their own rebuffs of the Silicon Valley “move fast and break things” ethos. In response to concerns about Chinese collection of data from American citizens, several senators have proposed banning various types of Chinese technology. The attention to this critical issue is good, but a “tit for tat” response in this complex and connected global economy qualifies as moving too fast at risk of breaking things.
The Senate held a recent hearing  on Chinese influence on technology companies. The impetus was the popular video sharing app Tik Tok. The app is owned by the Chinese firm Byte Dance, currently under review by the Committee on Foreign Investment in the United States. Senators Charles Schumer and Tom Cotton expressed concerns  about Chinese owned companies, noting that the Tik Tok terms of service and privacy policies “describe how it collects data” including “user content and communications, IP addresses, location related data, device identifiers, cookies, metadata, and other sensitive personal information.”
The fact is that potentially hostile foreign actors like China have issued strong data localization laws requiring that data generated in the country be physically stored there. While Tik Tok has said that American user data are safely stored in the United States, many rightly fear that the company would agree to a request for access to this user data if it came from the Chinese government. Indeed, China collects massive amounts  of data on everyone in the world. This practice poses a national security concern. As former Federal Bureau of Investigation general counsel James Baker said to Politico in a recent interview , “When aggregated, the data could be useful in improving Chinese machine learning tools to help China better understand, predict and manipulate the behavior of Americans.”
This poses a pressing threat, but the solution is not a wholesale ban as Senator Josh Hawley has proposed. His bill places undue restrictions  on these foreign data companies, such as the prohibition of transferring American user data or encryption keys to those countries or storing that data in them. While preventing encryption keys from being stored in potentially hostile foreign countries is worth considering, banning data transfers altogether is not. These onerous, if well intentioned, restrictions will surely come with costs to American companies and consumers.
Those potential costs are not small. American companies denied an opening in the Chinese market will lose profits, harming our national economic growth. They might also see their costs rise, which they will inevitably pass on to American consumers. Security advocates might argue that these costs are necessary to maintain national security. But there are better ways to mitigate security risks with fewer costs.
Before Congress decides which national security policies are warranted, lawmakers must start by identifying the extent to which there are national security concerns with Tik Tok or any other Chinese owned or operated companies. To do so, lawmakers must decide what data they consider sensitive. Without answers to these initial questions, we cannot determine whether a ban such as the one Hawley proposes, or even a government use embargo such as the one placed on Huawei, is appropriate.
Once the relevant stakeholders have determined what is considered sensitive data, they should explore technical and policy solutions to secure that data during transfers across borders. In some cases, it is possible that a solution could be as straightforward as anonymizing or encrypting the data to render it useless in the hands of anyone without the ability to deanonymize it or without the encryption key. The bill by Hawley mentions this, and that provision merits consideration.
In general, the federal government should lower regulatory barriers to allow American companies to enter the market and compete with their foreign counterparts. But even if Tik Tok were an American company, it would almost inevitably seek to enter the growing Chinese technology market. At some point, our leaders will have to face the Chinese data localization laws and craft policies that will address, rather than ignore, the realities of American companies doing business with China.
But before taking drastic action, such as banning nearly every potential foreign hostile government owned or operated company, let us be more circumspect. Let us avoid being alarmist for the sake of being alarmist. If not, then we risk moving too fast and breaking too many things.
Image credit: Mehaniq 
- “recent hearing”: https://www.judiciary.senate.gov/meetings/how-corporations-and-big-tech-leave-our-data-exposed-to-criminals-china-and-other-bad-actors
- “expressed concerns”: https://www.cotton.senate.gov/?p=press_release&id=1239
- “massive amounts”: https://www.washingtonpost.com/world/national-security/in-a-series-of-hacks-china-appears-to-building-a-database-on-americans/2015/06/05/d2af51fa-0ba3-11e5-95fd-d580f1c5d44e_story.html
- “recent interview”: https://www.politico.com/newsletters/morning-tech/2019/11/04/tiktok-probe-wins-hill-praise-782018
- “undue restrictions”: https://www.hawley.senate.gov/senator-hawley-introduces-bill-address-national-security-concerns-raised-big-techs-partnerships
- “Mehaniq”: https://www.shutterstock.com/g/mehaniq