Fraud Management & Cybercrime , Governance & Risk Management , Government
Global Open Internet Under Chinese Threat, US Lawmakers Hear
TikTok Exec Makes Rare Appearance at Senate Committee HearingAspirations for a borderless global internet crashed into accusations of Chinese eagerness to exploit American's data in a pair of Capitol Hill hearings Wednesday.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
U.S. commitment to allowing all comers onto the network has come under strain following the growth among American users of Chinese apps such as WeChat and TikTok. Although less combative than its predecessor, the Biden administration has sustained the Trump presidency's suspicion of Chinese technology fueled by user data.
For some lawmakers, short-form video app TikTok in particular is anathema, especially given its typically young user base of 100 million Americans. One of its executives made a rare congressional appearance in a Senate Homeland Security Committee hearing during which she attempted to tamp down accusations that the app funnels data to the Chinese Communist Party.
The company updated its infrastructure to store all U.S. user data in the Oracle cloud environment and is working with the software giant to add new data security controls, said Vanessa Pappas, chief operating officer. "We have strict controls in terms of who and how our data is accessed," she said, to skepticism from Republican senators. She dismissed as unfounded a report from BuzzFeed News finding that U.S. user data has been repeatedly accessed from China.
Chinese employees have accessed American's data, but to work on app improvements, said Pappas, a former YouTube executive. "We have never shared data with the Chinese government," she said. Pappas also denied that TikTok parent company ByteDance is a Chinese company. It was founded in China, she said, but no longer has an official headquarters there. "We're a distributed company. We have offices around the world," and most of the leadership is concentrated in Singapore, she said.
China keeps its citizens mostly walled off from the wider internet but its isolation from Western apps has been matched by a desire to obtain vast data sets of Americans' personal data, senators heard during another hearing. Whether through hacking or through commercial apps, Chinese data collection amounts to national security risk, said Adam Klein. The former Trump-era chairman of the Privacy and Civil Liberties Oversight Board testified before a Senate Judiciary subcommittee.
A Different Model: Data Free Flow With Trust
Given the rise of China and its fundamentally different worldview, supporting a borderless internet is no longer viable, Klein said.
"Data should move freely. Innovation should be possible, but among friendly countries that share basic rule of law commitments," he told senators.
Klein pushed the idea of data free flow with trust or "friend-shoring," which was the brainchild of former Japanese Prime Minister Shinzo Abe, who was assassinated in July. This approach centers around openness and innovation and avoids repeating the European Commission's mistake of making domestic privacy regulation the focal point when determining whether or not data can flow to another country, according to Klein.
"The number of countries with whom we should consider throwing up walls and preventing the flow of data is very small," Klein says. "But, as I think everyone here recognizes, the stakes are also incredibly high with respect to that small group."
Only a handful of countries - including China, Russia and a few other lesser rivals - would end up being "untrusted" if this new model were adopted, Klein says. This would be fundamentally different than the commission's adequacy standard for privacy governing international data flows between the European Union and elsewhere.
"If your country is not adequate, it becomes much more difficult to transfer data out of the EU to that country," Klein says. "And this has created a lot of uncertainty for American and European businesses" since currently the commission does not recognize the United States as having adequate privacy protections for European citizens.
Putting China on the Ropes
Implementing data free flow with trust would require cracking down on Chinese companies such as TikTok that can help the Chinese Communist Party gather sensitive data about Americans, Klein says. It would also require preventing internet-connected devices located in the homes of Americans as well as other sensitive locations from sending data back to servers in China, according to Klein.
"We have to be somewhat modest about how completely we can seal off these leaks," Klein says. "We can't close every pinprick, but the giant hole at the bottom we can close. And so, for example, not allowing them to take data out the front door through apps that collect huge amounts of data on Americans is something we should do now."