Biden cancels Trump's bans on TikTok, WeChat, other Chinese apps
But executive order expands on supply chain security initiative with call for evidence-based vetting of technology
The White House on Tuesday revoked stalled Trump-era orders that sought to ban social media apps TikTok, WeChat, and others in the United States as national security threats.
In place of those orders, the Biden administration has expanded another Trump-era Executive Order focused on communications and supply chain security.
The Trump Executive Orders – 13942, 13943, and 13971 – said " that additional steps must be taken" in banning the two apps, as well as Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office, because they have ties to companies in China. The orders claimed that the apps threatened the personal information of Americans because app data could be accessed by Chinese authorities.
TikTok and a group of WeChat users separately challenged the orders in court and the legal judgements prevented the bans from being implemented. Those cases presumably have been made moot with the revocation of the orders.
Neither TikTok nor WeChat responded to requests for comment.
Not over yet
Nonetheless, apps made by Chinese-owned companies, and those originating in other countries deemed a threat, may still face challenges in the US.
President Biden, in an "Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries," declared that it's worth elaborating on Trump's 2019 Executive Order 13873 of May 15, 2019, titled "Securing the Information and Communications Technology and Services Supply Chain."
It was widely speculated that Trump's TikTok ban followed from its users trolling the former president's political rallies. Going forward, the US government has been directed to rely on facts as a basis for sanctions.
"The Federal Government should evaluate these threats through rigorous, evidence-based analysis and should address any unacceptable or undue risks consistent with overall national security, foreign policy, and economic objectives, including the preservation and demonstration of America’s core values and fundamental freedoms," President Biden's order says.
Biden's Executive Order 13873 declared threats to the information and communications supply chain of the US to be a national emergency and Biden asserts that even more needs to be done to deal with this threat. In the wake of the SolarWinds and Hafnium attacks, many in the public and private sectors believe that IT and supply chain defenses need to be shored up.
- China hauls in 13 web giants for ‘supervision interviews’
- Beijing's new privacy rules ban apps collecting unnecessary data, require free service without data slurps
- TikTok no worse than Facebook for privacy, says Citizen Lab (although Chinese TikTok is a horror)
- TikTok to cough up $92m to settle data privacy sueballs over harvesting too much data
Biden's order outlines several factors that should be considered in evaluating the risk posed by technology products and services. These include: ties to people linked to military or intelligence organizations; the utility of applications for surveillance and espionage; ownership that's subject to foreign adversary coercion or control, or ties to people involved in malicious cyber activities; lack of third-party auditing; the sensitivity of application data; the number and sensitivity of app users; and whether claimed risks can be independently verified.
As a result, apps like TikTok and WeChat could again find themselves in the crosshairs of the US government if they fail to make their privacy claims verifiable or to be more transparent in how their software operates.
Biden's order also directs the Commerce Department to come up with recommendations "to protect against harm from the unrestricted sale of, transfer of, or access to United States persons' sensitive data, including personally identifiable information, personal health information, and genetic information, and harm from access to large data repositories" from those associated with foreign adversaries.
These Commerce Department rules could lay the groundwork for a more comprehensive federal privacy regime, long sought in light of state privacy statutes but not yet realized thanks to persistent political gridlock.
In a passage likely to get the attention of firms selling spyware to authoritarian governments, Biden also emphasized that the US wants to hold people accountable if they abuse human rights and he suggested there might be punishment for those who use software to enable human rights violations
"If persons who own, control, or manage connected software applications engage in serious human rights abuse or otherwise facilitate such abuse, the United States may impose consequences on those persons in action separate from this order," the President's order says. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Federal government of the United States
- Government of the United Kingdom
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Shield
- Trusted Platform Module
- Zero trust