It might seem like they are just online spaces to share buzzworthy content and viral dance moves, but TikTok and WeChat-two apps, owned by Chinese companies-have been the subject of recent sanctions threatened by the Trump administration. The reason? Trump says the apps pose national security concerns-his ensuing executive orders to bar the apps from being used in the United States raise some of the most pressing questions in modern-day tech policy.
“Can the president ban TikTok or WeChat? The answer to that is yes,” says Ahmed Ghappour, Boston University School of Law associate professor and criminal law and computer security expert.
Through the authority granted under the International Emergency Economic Powers Act (IEEPA)-a federal act that allows the president to impose sanctions against foreign entities for a wide range of circumstances that could encroach on national security-Ghappour says the power to explore whether or not a business entity is a threat to the nation sits within the purview of the US president.
Trump has signed two executive orders announcing that his administration will bar people and property within the United States from carrying out transactions with the WeChat and TikTok apps by September 20, an act that escalates an ongoing trade war that Trump has waged against China. Trump’s executive orders say that the apps capture “vast swaths of information from [their] users” and that this data “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.”
In the week following the announcement, Trump extended the deadline for ByteDance, TikTok’s parent company, to sell or spin off TikTok to a company based in the US. Some American companies seem interested-Microsoft and Oracle are both in talks with ByteDance over a possible purchase of TikTok. Meanwhile, WeChat, owned by Chinese company Tencent, is expected to go offline in the US by the original deadline.
TikTok denies sharing information with the Chinese government, and plans to sue the Trump administration in executive order in court. The US government has “failed to follow due process and act in good faith, neither providing evidence that TikTok was an actual threat, nor justification for its punitive actions,” the company said in a blog post.
But the Trump administration believes that the app’s terms of service-stating it can share data with its parent company ByteDance-could allow for personal data, such as location data or search histories, to be handed over from ByteDance to the Chinese government, a possibility that has put White House officials on edge.
“Privacy policies impose the upper limits, saying that a company will use data in no more than X ways, and they’re bound by law to adhere to their upper limits,” says Mayank Varia, BU College of Arts & Sciences research associate professor of computer science and expert on cybersecurity and encryption tools. But because policies are written so vaguely, “it is hard to understand what they are actually doing” with users’ data.
The ban poses unique challenges for Chinese Americans and Chinese expatriates who rely on WeChat to connect to relatives, friends, or business partners in China, since many common social media and messaging apps in the US, like Google services, Facebook Messenger, WhatsApp, and Twitter, are blocked by the Chinese government. Many people use WeChat for far more than a communication hub, making payments, hailing taxi rides, and even reading the news on the app-including BU news. BU is one of the many US institutions active on WeChat, making university news accessible to current BU students who use the app and to student families and prospective students in China.
So what would a violation of a ban on TikTok or WeChat look like? And what would enforcement of that violation look like for individuals and companies?
“We don’t know how it’s going to be enforced,” says Ghappour. “But if the prohibition is as wide in scope as the president is authorized…it would effectively end Apple and Google’s dealings with these apps through their app stores, and result in the United States blocking these apps through IP filtering,” or other means of wiping them off the app stores.
“That doesn’t necessarily prohibit people from installing WeChat or TikTok on their devices or computers, and wouldn’t necessarily prohibit users from accessing them through a VPN or anonymous network,” says Ghappour, but those actions could put people in a potentially incriminating position.
The president’s orders remain befuddling, having not yet cleared the air on what specific transactions will be prohibited or if people could face criminal charges for disobeying the executive orders.
The American Civil Liberties Union has argued that speech concerns render Trump’s order unconstitutional, stating that subjecting users to civil or possibly criminal penalties for communicating with family members, friends, or business contacts would violate First Amendment rights.
“The idea of going after high-profile TikTok creators and preventing them from posting 15-second videos seems in direct contradiction to our traditions of free speech and historic approach to an open internet,” says Ghappour, adding that it would also put thousands of US employees in a legally precarious position, including building owners who lease out office space to the company in the US, and individuals who use the app itself.
What can tech companies do to better protect personal data? In general, when you download any app on your phone, you are providing a certain level of information in order for the company to provide the service and do its job. Anything beyond what is needed for the service being done-for example, opening and sending emails or texting a friend-is not data a company wants nor has any need for, Varia explains. He was recently chosen by Senator Ed Markey’s office to serve on the inaugural Federal Advisory Committee on Data for Evidence Building, to guide the use of data in federal policymaking and how to satisfy the government’s desire for transparency and data privacy, at the same time.
“There’s this prevailing view that, in order for a company to provide you with services, they have to be able to see the data,” says Varia. “The nice things about more advanced crypto technologies like multiparty computation is that they create a possibility for [there to be] a world in which a technology company can provide [you with] a service and the ability to search through your own emails and data, but without being able to read [your personal information and communications] themselves.”
Some tech companies have already employed data privacy measures. Messages sent between users on Facebook’s WhatsApp platform are encrypted, protecting them from third-party access. And new data privacy methods continue to emerge, like multiparty computation (MPC) which allows companies to collect personal data without the need to view the data itself, presenting a broad solution for protecting data from being misused or shared.
“If data is not limited at the front end…it’s hard to limit what happens after the fact, like what people might be worried about right now with these executive orders; how might data or metadata be used? Might it be used in a damaging way? I think those are questions that apply to all tech companies no matter where they are,” says Varia. “It becomes the question, for any company, to what extent are they good data stewards, and to what extent are they doing things that are in [the user’s] interest?”
Although questions about security remain on the table about both TikTok and WeChat, an all-out ban on the apps could potentially sever ties of communication between people in China, the US, and around the world.