Reviews | Banning TikTok should be just the start

There is growing momentum in Congress to ban TikTok, the social media app owned by Chinese company ByteDance, on national security grounds. Last week, the White House voiced support for a bipartisan bill in the Senate that would give President Biden the power to ban the app, and the White House also reportedly pressured ByteDance to sell the company.

The security concern is not that we will be corrupted by goofy videos, but rather that the Chinese government might be using the TikTok apps installed on millions of American phones as a form of spyware – collecting sensitive data and personal information. , including where we are going and what we are doing. (On Friday, The Times reported that the Justice Department was investigating ByteDance’s surveillance of Americans.)

Congress is focused on TikTok for an obvious reason: it’s hugely popular and everyone has heard of it. Banning it or forcing it to be sold wouldn’t be a bad idea; the app poses serious privacy and security threats. But focusing solely on TikTok would be a gaudy and inadequate response that would do far too little to protect Americans from the wide range of data security risks China poses. Instead, Congress should pass legislation to fully protect US data and security.

TikTok is only a small part of the Chinese tech surveillance threat, much of which lurks in plain sight. China can (and probably does) buy data from the many commercial companies that effectively spy on Americans through our phones; A whole industry of little-known data brokers like Kochava and Acxiom legally collect and sell information this way. Additionally, despite the banning of some Chinese security equipment and routers, Americans still rely on Chinese software in a wide range of tools and devices, such as software for Chinese-made cranes in ports around the world. shipping and countless small drones that Americans have purchased for personal and commercial use. to use. The Chinese government has also repeatedly hacked the servers of US companies and the US government. And then there are the surveillance balloons.

Given China’s history of hacking and its ability to easily buy data on the open market, the best way to protect Americans’ data is to pass legislation that would reduce data collection in the first place. and require companies to strengthen their cybersecurity protections – shifting the burden of protecting data from the people who produce it to the companies and other entities that process it. Congress should target data brokers to restrict the type and amount of data they can sell and require them to know who they are selling it to to avoid compromising national security.

What we envision is in line with the US Data Protection and Privacy Act that Congress considered last year. Beyond protecting national security, it responds to a strong public demand for privacy: Americans of all political persuasions say they want better protection and less collection of their sensitive data.

But despite public support, as well as backing from both political parties, the White House and much of the business community, the law did not pass. He faced opposition from California officials who sought to protect their state’s privacy laws from federal preemption — even though most experts consider federal law to be stricter. Alas, there was a time when states were proud to see the laws they pioneered inspire national protections. Either way, Congress shouldn’t let state resistance get in the way of a strong national law.

To better control apps and software from Chinese companies, the government needs new tools, such as the ability to ban TikTok in the bipartisan Senate bill that the White House voiced support for last week. It is important, however, that these tools include the power not only to ban or penalize these applications, but also to impose security and transparency measures, and, if necessary, to force the sale of applications.

TikTok and other Chinese companies have tried to voluntarily address security concerns, offering to store US data on servers in the US and provide source code transparency. TikTok, for example, has touted a plan called Protect Texas, in which Texas-based software company Oracle would store TikTok’s U.S. data and audit TikTok’s source code to ensure Beijing can’t tamper with it. propaganda purposes.

But neither the current laws nor the proposed laws offer an effective means of enforcing these voluntary commitments or imposing them on companies that resist. Congress should empower the government to impose such measures and impose fines and bans on companies that do not comply.

Opponents of aggressive data security law will argue that the United States, as an open and democratic country, should refrain from limiting foreign companies’ access to its markets. Others worry that such a law could encourage countries like France and India, already skeptical of American tech companies, to use the American example as a reason to impose greater restrictions on American companies. .

These criticisms are misplaced. Being an open and democratic country does not mean being a sucker. Accepting unequal treatment is not a badge of honor. The United States would be justified in responding to China’s limits on American companies by imposing its own limits.

And when it comes to our allies in Europe, Asia and Latin America, that’s what diplomacy is for. The United States should form a coalition of nations that agree to take privacy and security seriously, guaranteeing market access for everyone on that basis – building on the Declaration for the Future of the Internet that the Biden administration introduced last year.

Passing a comprehensive data security law would require more work for Congress than targeting a single company. But privacy and the need to compete effectively with Beijing are among the small number of issues that have broad popular appeal and bipartisan support on Capitol Hill. Congress has a rare opportunity to serve national security and respond to public demand as well. It should not be wasted.

Pierre Harrell (@petereharrell) served as Senior Director of the National Security Council from 2021 to 2022. Tim Wu (@superwusterlisten)) is a professor at Columbia Law School who served as Special Assistant to the President of the National Economic Council from 2021 to 2023.

The Times undertakes to publish a variety of letters For the editor. We would like to know what you think of this article or one of our articles. Here is some advice. And here is our email: letters@nytimes.com.

Follow the Opinion section of the New York Times on Facebook, Twitter (@NYTopinion) And instagram.