Software

Applications

Biden cancels Trump's bans on TikTok, WeChat, other Chinese apps

But executive order expands on supply chain security initiative with call for evidence-based vetting of technology


The White House on Tuesday revoked stalled Trump-era orders that sought to ban social media apps TikTok, WeChat, and others in the United States as national security threats.

In place of those orders, the Biden administration has expanded another Trump-era Executive Order focused on communications and supply chain security.

The Trump Executive Orders – 13942, 13943, and 13971 – said " that additional steps must be taken" in banning the two apps, as well as Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office, because they have ties to companies in China. The orders claimed that the apps threatened the personal information of Americans because app data could be accessed by Chinese authorities.

TikTok and a group of WeChat users separately challenged the orders in court and the legal judgements prevented the bans from being implemented. Those cases presumably have been made moot with the revocation of the orders.

Neither TikTok nor WeChat responded to requests for comment.

Not over yet

Nonetheless, apps made by Chinese-owned companies, and those originating in other countries deemed a threat, may still face challenges in the US.

President Biden, in an "Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries," declared that it's worth elaborating on Trump's 2019 Executive Order 13873 of May 15, 2019, titled "Securing the Information and Communications Technology and Services Supply Chain."

It was widely speculated that Trump's TikTok ban followed from its users trolling the former president's political rallies. Going forward, the US government has been directed to rely on facts as a basis for sanctions.

"The Federal Government should evaluate these threats through rigorous, evidence-based analysis and should address any unacceptable or undue risks consistent with overall national security, foreign policy, and economic objectives, including the preservation and demonstration of America’s core values and fundamental freedoms," President Biden's order says.

Biden's Executive Order 13873 declared threats to the information and communications supply chain of the US to be a national emergency and Biden asserts that even more needs to be done to deal with this threat. In the wake of the SolarWinds and Hafnium attacks, many in the public and private sectors believe that IT and supply chain defenses need to be shored up.

Biden's order outlines several factors that should be considered in evaluating the risk posed by technology products and services. These include: ties to people linked to military or intelligence organizations; the utility of applications for surveillance and espionage; ownership that's subject to foreign adversary coercion or control, or ties to people involved in malicious cyber activities; lack of third-party auditing; the sensitivity of application data; the number and sensitivity of app users; and whether claimed risks can be independently verified.

As a result, apps like TikTok and WeChat could again find themselves in the crosshairs of the US government if they fail to make their privacy claims verifiable or to be more transparent in how their software operates.

Biden's order also directs the Commerce Department to come up with recommendations "to protect against harm from the unrestricted sale of, transfer of, or access to United States persons' sensitive data, including personally identifiable information, personal health information, and genetic information, and harm from access to large data repositories" from those associated with foreign adversaries.

These Commerce Department rules could lay the groundwork for a more comprehensive federal privacy regime, long sought in light of state privacy statutes but not yet realized thanks to persistent political gridlock.

In a passage likely to get the attention of firms selling spyware to authoritarian governments, Biden also emphasized that the US wants to hold people accountable if they abuse human rights and he suggested there might be punishment for those who use software to enable human rights violations

"If persons who own, control, or manage connected software applications engage in serious human rights abuse or otherwise facilitate such abuse, the United States may impose consequences on those persons in action separate from this order," the President's order says. ®

Send us news
10 Comments

Row breaks out over true severity of two DNSSEC flaws

Some of us would be happy being rated 7.5 out of 10, just sayin'

White House and lawmakers increase pressure on UnitedHealth to ease providers' pain

US senator calls cyber attack 'inexcusable,' calls for mandatory security rules

Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Plus potential links to I-Soon, researchers say

Labor watchdog wants SpaceX's gag clauses to disintegrate like its exploding rockets

This is why Big Biz wants to dismantle America's crucial regulators

Forget TikTok – Chinese spies want to steal IP by backdooring digital locks

Uncle Sam can use this snooping tool, too, but that's beside the point

Microsoft Copilot for Security prepares for April liftoff

Automated AI helper intended to make security more manageable

US critical infrastructure cyberattack reporting rules inch closer to reality

After all, it's only about keeping the essentials on – no rush

Biden's budget proposal boosts CISA funding to $3B

Plus almost $1.5b for health-care cybersecurity

Amazon finishes pumping $4B into AI darling Anthropic

Adds $2.75B to the ML sweepstakes ante and is counting on Claude

In the rush to build AI apps, please, please don't leave security behind

Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

Whizkids jimmy OpenAI, Google's closed models

Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets

Miscreants are exploiting enterprise tech zero days more and more, Google warns

Crooks know where the big bucks are