Today the technology and law programs that we supervise at the American University Washington College of Law and the Hoover Institution at Stanford University, are publishing a report entitled “Chinese Technology Platforms Operating in the United States.” The report sets forth a framework for understanding the various threats posed by Chinese-owned technology platforms operating in the United States (e.g. TikTok), and for assessing the various costs and benefits of proposed responses to these threats. The report is a joint-product by a group of people with diverse backgrounds, experiences, and perspectives on these matters: Jennifer Daskal, Chris Inglis, Paul Rosenzweig, Samm Sacks, Bruce Schneier, Alex Stamos, Vince Stewart and the two of us.
Some background and elaboration:
Among the many challenges the Biden administration has inherited, a frayed U.S.-China relationship figures prominently. The Trump administration's approach to China was driven by China’s emergence as a great power competitor, and frictions inherent in that recognition manifested across a range of issues not the least of which were trade and regulation of Chinese technologies. The Trump administration took direct aim at a number of technologies, from Huawei’s 5G to Chinese manufactured small drones. In late 2020 and early 2021, it took steps to effectively ban TikTok, WeChat and other Chinese-owned apps from operating in the United States, at least in their current form.
Trump’s executive actions and policies designed to respond to the growing influence of China-controlled technologies generally shared one common aspect—they were all justified, in significant part, on protecting U.S. national security. Yet, the presence of these apps, related internet platforms, and other Chinese technologies present a range of risks, including to data privacy, freedom of speech, and economic competitiveness, not traditionally associated with national security. At the same time, and as a result, potential responses raise cross-cutting considerations and risk unintended collateral impacts.
The Biden administration is reviewing these Trump administration actions and policies (and yesterday it postponed the government’s case against TikTok.) It remains to be seen whether president Biden will dramatically reverse course in the burgeoning tech war with China, though there is a clear sense already that its approach will be more nuanced.
The new administration will need to respond to China’s growing tech sector, the spread of China-controlled platforms, and the increasing national security threats they entail. The administration will have to decide what to do about TikTok and WeChat. It also will need to establish a broader U.S. strategy for addressing the range of security risks (e.g., economic, national security, cybersecurity) and threats to civil liberties posed by the spread of China-developed and controlled technologies.
Recognizing the evolving national-security aspects of Chinese technology and the attendant policy challenges, the Technology, Law & Security Program at American University Washington College of Law and the National Security, Technology, and Law Working Group at the Hoover Institution at Stanford University convened the working group mentioned above to produce the attached report.
The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories—one reflected in numerous publicly available threat assessments—that China’s power is growing, that a large part of that power is in the digital sphere, and that China can and will wield that power in ways that adversely affect our national security. However, the specific threats and risks posed by different Chinese technologies vary, and effective policies must start with a targeted understanding of the nature of risks and an assessment of the impact US measures will have on national security and competitiveness. The goal of the paper is not to specifically quantify the risk of any particular technology, but rather to analyze the various threats, put them into context, and offer a framework for assessing proposed responses in ways that the signatories hope can aid those doing the risk analysis in individual cases.