Past TikTok and WeChat: How Biden’s New EO Might Impression Overseas-Owned Apps | Sheppard Mullin Richter & Hampton LLP
[co-author: Patrick Diaz*]
June 2021, President Biden signed an Executive Order (“EO”) revoking Trump’s orders on TikTok and WeChat. Instead, President Biden’s PO is subjecting software applications controlled or owned by “foreign adversaries” (i.e. China, Cuba, Iran, North Korea, Russia and Nicolas Maduro) to a Commerce Department-led review process to assess whether an app is represents the US national security concerns. This EO fits in with the broader confrontation between the US and China when it comes to new technology, sensitive personal information, and the threats we see from cyberattacks, the vulnerabilities in US Exploit IT systems.
According to the Biden administration, the orders issued by Trump (which we have discussed here and here) were revoked because they did not contain “understandable criteria” for assessing the national security risks emanating from software applications and were therefore unenforceable. As a context, the TikTok and WeChat orders were processed intensively, although provisional injunctions of the orders nationwide until late summer 2020. These cases froze the conflict between the Chinese social media companies and the US government – which is why these apps are still running are widespread and currently in use in the United States.
Unlike the TikTok and WeChat orders, the most recent EO isn’t aimed at a single company. Therefore, any app owned by a “foreign adversary” that poses a threat to national security could potentially be subject to restrictions upon scrutiny by the Department of Commerce. The review process will be similar to that described in Executive Order (“EO 13873”) relating to Information and Communication Technologies or Services (“ICTS”) with “Foreign Adversaries” with the Department of Commerce prohibiting, approving, or having the covered transaction Approve conditions (see our discussions on this EO here and here). Ultimately, the end result could be the same: TikTok and WeChat usage may be restricted in the United States because the US government determines that TikTok and WeChat pose too great a threat to national security. However, this EO aims for a principle verification process that would also apply to other apps (i.e. the next TikTok or WeChat).
Which software applications are covered by the EO?
It’s all about the data. The underlying concern that Trump’s TikTok and WeChat orders were supposed to address was the threat posed by Chinese actors gaining access to sensitive personal data of US citizens. Biden’s EO aims at the same cause, but covers all apps used on mobile devices, tablets and computers that “collect, process or transmit data over the Internet”. A large part of the apps currently on the market could fall within the remit of the PO. However, a limiting factor is that the apps must also be designed, developed, manufactured or provided by persons who are owned or controlled by a “foreign adversary” or under the jurisdiction of a “foreign adversary” – i.e. China, Cuba, Iran, North Korea, Russia and the Maduro regime. So apps like WeChat and TikTok are covered products under the EO.
Criteria for identifying apps that could pose a national security risk
The PO outlines the following potential indicators of national security risks in relation to apps from foreign opponents:
|I.||Property, control, or management by anyone who supports the military, intelligence, or proliferation activities of a foreign adversary;|
|II.||Use the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information or sensitive personal data;|
|III.||Ownership, control or management of related software applications by persons who are co-opted or co-opted by a foreign adversary;|
|IV.||Ownership, control or management of related software applications by persons involved in malicious cyber activity;|
|V.||a lack of thorough and reliable third party testing of the related software applications;|
|WE.||the scope and sensitivity of the data collected|
|VII.||the number and sensitivity of users of the associated software application;|
|VIII.||the extent to which identified risks have been or can be countered by independently verifiable measures. “|
Transactions that involve an “increased risk” include those apps that are owned by individuals, controlled or managed by individuals who assist foreign military or intelligence agencies, or when the apps collect sensitive personal information.
So what now?
It seems clear that the EO is primarily aimed at apps owned by Chinese companies. Russian apps might also be a cause for concern – we’ve seen significant cases of Russian criminal groups and Russian intelligence agencies exploiting US technological vulnerabilities for malicious activities – but Russian software is unlikely to be widely used in the United States. Three of the other countries listed as foreign opponents (Cuba, Iran and North Korea) are already subject to extensive sanctions and are therefore already largely restricted. Although the Biden EO is certainly broader and more in line with the broader national security policy than countries that view the United States as “foreign adversaries”, the impact of the EO will primarily be on software applications of Chinese origin. The Department of Commerce has been instructed to begin the review immediately – however, this means that this PO will have no immediate impact until the Department of Commerce conducts its review and designates apps under the PO.
For the time being, US companies evaluating their use of software applications from China or other countries should consider what might come onto the market. For more information on how to re-evaluate your business relationships with China, please see our post here. As always, we will keep you informed of the rapidly changing regulatory landscape that is affecting your international business relationships.
* Patrick Diaz is a summer worker at the Sheppard Mullin Washington DC office.