[Chapter-delegates] TikTok and related US actions

Fri Aug 7 04:54:07 PDT 2020

I wonder whether ISOC should take a position regarding actions that the US
is taking, or proposing to take, regarding the use of Chinese ICT products
and services.

I presume that everybody on this list is aware of US President Trump's
intention of banning TikTok, or at least forcing its US operations to be
sold to a US company.  Here is the actual Executive Order (and a
corresponding order regarding WeChat):

https://www.whitehouse.gov/presidential-actions/executive-order-addressing-t
hreat-posed-tiktok/  

https://www.whitehouse.gov/presidential-actions/executive-order-addressing-t
hreat-posed-wechat/  

The rationale for the TikTok Order includes the following:

"TikTok automatically captures vast swaths of information from its users,
including Internet and other network activity information such as location
data and browsing and search histories.  This data collection threatens to
allow the Chinese Communist Party access to Americans' personal and
proprietary information - potentially allowing China to track the locations
of Federal employees and contractors, build dossiers of personal information
for blackmail, and conduct corporate espionage."

"TikTok also reportedly censors content that the Chinese Communist Party
deems politically sensitive, such as content concerning protests in Hong
Kong and China's treatment of Uyghurs and other Muslim minorities.  This
mobile application may also be used for disinformation campaigns that
benefit the Chinese Communist Party, such as when TikTok videos spread
debunked conspiracy theories about the origins of the 2019 Novel
Coronavirus."

The first paragraph is about data collection. It appears to me that banning
the application outright is a disproportionate measure. It would have
sufficed to ban the undesirable data collection.

The second paragraph is about censorship and disinformation. Banning the
application does not reduce censorship. Again, it appears to me that the
outright ban is disproportionate. It would have sufficed to ban the
censorship and disinformation.

Separately, it seems to me that analogous arguments can be made for Facebook
and Twitter. For example:

"Facebook automatically captures vast swaths of information from its users,
including Internet and other network activity information such as location
data and browsing and search histories.  This data collection threatens to
allow the US government to access the personal and proprietary information
of US persons under warrant and non-US persons without individual warrants -
potentially allowing the US government to track the locations of employees
of contractors of other governments, build dossiers of personal information
for blackmail, and conduct espionage."

"Facebook also reportedly censors content that the Facebook deems
unacceptable, such as hate speech, incitement to violence, nudity, etc.
Facebook may also be used for disinformation campaigns that benefit
political parties, such as when Facebook was used to spread incorrect
information on political issues and the 2019 Novel Coronavirus."

Should ISOC take a position on these issues? Should other states follow the
path opened by the US and proceed to ban Facebook, Twitter, etc?

Doesn't the US position invalidate the proposals it has put forth in WTO and
free trade agreements regarding free flow of data?

More importantly, the TikTok ban is just one step of an announced US
campaign to curtail the use of Chinese ICT products and services. I
reproduce below statements from the US Department of State.

Again, should ISOC take a position on this matter? Should states choose
camps and decide to exclude ICTs developed or provided by vendors in other
countries? In this context, note that US-made hardware has been known to
contain undocumented backdoors:

https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software
,37480.html  
https://www.csoonline.com/article/2136221/cisco-confirms-undocumented-backdo
or.html  
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20180328-xesc  
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20180307-cpcp  
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20180516-dnac  
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20180606-waas-snmp 
https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentica
tion-backdoor/  

Again, doesn't the US position invalidate the proposals it has put forth in
WTO and free trade agreements regarding ICT products and services?

Best,
Richard

==========

Press release at:

https://www.state.gov/announcing-the-expansion-of-the-clean-network-to-safeg
uard-americas-assets/  

The Clean Network program is the Trump Administration's comprehensive
approach to guarding our citizens' privacy and our companies' most sensitive
information from aggressive intrusions by malign actors, such as the Chinese
Communist Party (CCP). Today, I am announcing the launch of five new lines
of effort to protect America's critical telecommunications and technology
infrastructure.

These programs are rooted in internationally accepted digital trust
standards and built upon the 5G Clean Path initiative, announced on April
29, 2020, to secure data traveling on 5G networks into U.S. diplomatic
facilities overseas and within the United States.

The five new lines of effort for the Clean Network are as follows:

*    Clean Carrier: To ensure untrusted People's Republic of China (PRC)
carriers are not connected with U.S. telecommunications networks. Such
companies pose a danger to U.S. national security and should not provide
international telecommunications services to and from the United States.

*    Clean Store: To remove untrusted applications from U.S. mobile app
stores. PRC apps threaten our privacy, proliferate viruses, and spread
propaganda and disinformation. American's most sensitive personal and
business information must be protected on their mobile phones from
exploitation and theft for the CCP's benefit.

*    Clean Apps: To prevent untrusted PRC smartphone manufacturers from
pre-installing -or otherwise making available for download - trusted apps on
their apps store. Huawei, an arm of the PRC surveillance state, is trading
on the innovations and reputations of leading U.S. and foreign companies.
These companies should remove their apps from Huawei's app store to ensure
they are not partnering with a human rights abuser.

*    Clean Cloud: To prevent U.S. citizens' most sensitive personal
information and our businesses' most valuable intellectual property,
including COVID-19 vaccine research, from being stored and processed on
cloud-based systems accessible to our foreign adversaries through companies
such as Alibaba, Baidu, and Tencent.

*    Clean Cable: To ensure the undersea cables connecting our country to
the global internet are not subverted for intelligence gathering by the PRC
at hyper scale. We will also work with foreign partners to ensure that
undersea cables around the world aren't similarly subject to compromise.

Momentum for the Clean Network program is growing. More than thirty
countries and territories are now Clean Countries, and many of the world's
biggest telecommunications companies are Clean Telcos. All have committed to
exclusively using trusted vendors in their Clean Networks.

The United States calls on our allies and partners in government and
industry around the world to join the growing tide to secure our data from
the CCP's surveillance state and other malign entities. Building a Clean
fortress around our citizens' data will ensure all of our nations' security.

===========

Remarks by US Secretary of State Pompeo, at:

https://www.state.gov/secretary-michael-r-pompeo-at-a-press-availability-10/

In April, I announced our team's Clean Path initiative to keep Americans'
data safe from untrusted vendors. Today, I'm pleased to announce the
expansion of the Clean Network with the launch of five new lines of effort.
I'll walk through them quickly.

First, Clean Carrier. We are working to ensure that untrusted Chinese
telecom companies don't provide international telecommunications services
between the United States and foreign destinations.

I join Attorney General Barr, Secretary Esper, and Acting Secretary Wolf in
urging the FCC to revoke and terminate the authorizations of China Telecom
and three other companies providing services to and from the United States.

Second, we call Clean Store. We want to see untrusted Chinese apps removed
from U.S. app stores. President Trump has mentioned impending action on
TikTok, and for good reason. With parent companies based in China, apps like
TikTok, WeChat, and others are significant threats to the personal data of
American citizens, not to mention tools for CCP [Chinese Communist Party]
content censorship.

Third, Clean Apps. We're working to prevent Huawei and other untrusted
vendors from pre-installing or making available for download the most
popular U.S. apps. We don't want companies to be complicit in Huawei's human
rights abuses or the CCP's surveillance apparatus.

Fourth, Clean Cloud. We're protecting Americans' most sensitive personal
information and our businesses' most valuable intellectual property -
including COVID vaccine research - from being accessed on cloud-based
systems run by companies such as Alibaba, Baidu, China Mobile, China
Telecom, and Tencent.

The State Department will work closely with Commerce and other agencies to
limit the ability of Chinese cloud service providers to collect, to store,
and to process vast amounts of data and sensitive information here in the
United States.

Fifth and finally, Clean Cable. We're working to ensure that the CCP can't
compromise information carried by the undersea cables that connect our
country and others to the global internet.

Huawei Marine significantly underbids other companies on multiple
procurements to connect Asia, the Pacific, Africa, and Europe using Chinese
state-backed underseas technology.

We can't allow that to continue. We call on all freedom-loving nations and
companies to join the Clean Network.