Lessons Learned From the TikTok Saga

Last week, Treasury Secretary Scott Bessent announced that the United States and China had "finalized the TikTok agreement" for ByteDance to divest enough of its stake in TikTok to satisfy the Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACAA)—the 2024 law Congress passed to force TikTok's separation from Chinese control. Despite this announcement, President Trump said nothing about TikTok in his press conference after meeting with Chinese President Xi Jinping. Chinese officials, for their part, said only that "the Chinese side will work with the U.S. side to properly address issues related to TikTok." Details remain murky, though previous reporting suggests TikTok will be sold to a consortium of American and Emirati buyers, with the content recommendation algorithm "retrained" on U.S. data and licensed from ByteDance.

Assuming such a deal actually materializes, one could argue this is what Congress intended all along. Rather than banning TikTok outright, the deal achieves the best of both worlds: 170 million American users keep their platform, but without the severe national security threats posed by Chinese control.

As someone who analyzed and defended the law on both legal and policy grounds from the very beginning, I should be happy with this outcome. And yet I am anything but. I have serious concerns about whether this deal genuinely addresses the national security risks—the opacity of any algorithmic "licensing" arrangement makes verification impossible. 

But even setting those substantive doubts aside, the process by which we arrived at this point represents a profound institutional failure. The months of breathtaking executive refusal to enforce democratically enacted law, the complete failure of Congress to stand up for its own bipartisan legislation, and the shameful willingness of America's largest companies to capitulate to presidential tweets over statutory text—these are not minor procedural quibbles. They represent a fundamental breakdown in how American governance is supposed to work.

More personally, this institutional failure was mirrored by my own analytical failure. What I failed to appreciate was that sound legal frameworks and valid policy objectives mean nothing if the institutions responsible for implementing them fail to do so. So here I offer a mea culpa of sorts and a reflection on what I feel I got right and wrong throughout this whole saga.

What I Got Right (and Still Believe)

Before cataloging my failures of prediction, let me establish what hasn't changed. I still believe I got the legal and policy analysis correct.

The national security concerns posed by a China-controlled TikTok are profound: Chinese government access to 170 million Americans' data and the potential for algorithmic manipulation pose genuine risks. Congress certainly thought the risks were serious, given the overwhelming bipartisan vote (360-58 in the House) for the TikTok law.

I also stand by the legal argument for the law's constitutionality. The national security concerns were valid and the divestment-or-ban framework was a careful and appropriately tailored remedy relative to the First Amendment interests at stake. Ultimately, both the U.S. Court of Appeals for the D.C. Circuit and the Supreme Court unanimously upheld the law—at least as applied to the data security rationale. 

And the law deserves credit for (potentially) achieving what it was designed to do: securing a structural separation of TikTok from its Chinese parent company. The best-case scenario was always to spur a negotiated solution rather than a ban. The current deal—at least on paper—represents exactly that outcome. ByteDance drops below 20 percent ownership (the statutory threshold). American and allied investors gain majority control. And the algorithm is "licensed" to the new entity and is no longer controlled by ByteDance (if that is in fact the arrangement).

If the divestiture proves genuine, this is what the law envisioned: TikTok continues operating, preserving speech interests, creator livelihoods, and user access, while national security concerns are addressed through structural separation from Chinese government influence.

So what did I get wrong? What I failed to appreciate was how we would get from Point A (bipartisan national security legislation passed under one set of political conditions in spring 2024) to Point B (a U.S.-China bilateral trade deal hammered out under very different political conditions 18 months later)—and what that journey would reveal about our institutions.

The journey revealed three institutional betrayals: by the executive, by Congress, and by corporate America.

The Executive Betrayal 

The first institutional failure began three days before the statutory deadline. On Jan. 16, the outgoing Biden administration announced it would not enforce PAFACAA, with White House officials saying that it would "be up to the next administration to implement" the law. This was inappropriate—punting enforcement of a valid law to an incoming administration that had campaigned against it—but it could charitably be characterized as a transition courtesy.

What came next was something else entirely.

On Jan. 20, his first day in office, Trump issued an executive order delaying his administration's enforcement of the law for 75 days (a number apparently plucked from thin air and having no connection to the law's own limited provision for enforcement delay).

But the order went further: It directed the attorney general to send letters to TikTok's tech industry partners informing them that they would not be violating the law if they continued distributing TikTok. This wasn't merely delayed enforcement—it was the executive branch trying to legalize by fiat conduct Congress had explicitly prohibited.

Four subsequent executive orders continued this pattern. And for more than 9 months, companies have openly violated a validly enacted statute based solely on presidential say-so. Even now, we still aren’t sure that the deal that administration officials have been hinting about won’t unravel amidst broader U.S.-China tensions.

But even more troubling than the non-enforcement itself was the legal theory undergirding it. Freedom of Information Act requests revealed that the Justice Department sent letters to the technology companies arguing that enforcement would "interfere with core Presidential powers in national security and foreign affairs" and thus the law "is properly read not to infringe upon" the president's constitutional prerogatives. This argument is breathtaking in its scope—effectively asserting that whenever a president determines a duly enacted statute is inconvenient for foreign affairs, he can simply set it aside.

Beyond the constitutional theory, the negotiation process itself raises troubling questions.

First, we have no idea how it was determined who got to buy TikTok. Was the sale conducted through competitive bidding, with the best of the many offers winning on its merits? Or was political loyalty to Trump the price of admission, whether as a formal condition or an implicit understanding? The fact that Trump allies—notably Oracle and its CEO, Larry Ellison, a longtime Trump supporter—ended up as buyers should at least raise eyebrows. My mistaken assumption was that the next administration would stand back and let markets operate normally. Instead, the White House may have actively selected winners based on criteria that remain opaque. 

Second, we have no idea what the terms of any deal are or how (or even whether) they address concerns over national security. What are we conceding to China? Beijing's approval was always going to be necessary for ByteDance to sell. But I assumed China would simply decide yes or no on its own terms. More fundamentally, it didn't occur to me that the president would make it a strategic national priority to negotiate with China over this issue. After all, whether TikTok exists in the United States is simply not a matter of geopolitical importance for American interests.

Yet Trump appears to have made it one. As usual, he appears to be conflating his personal political interest in TikTok—a platform he perceives as having benefited him—from the nation's broader strategic priorities. (Recall that Trump himself tried to ban TikTok during his first term, but apparently he flipped his position after coming to believe that TikTok helped him in the 2024 election.) But whatever trade-offs were made in the U.S.-China relationship to secure this deal remain completely hidden from public and congressional view. The inversion is remarkable. The law was premised on prioritizing national security over convenience. Trump appears to have inverted this calculus, potentially sacrificing broader American security and economic interests to save one app.

The Congressional Betrayal

The second institutional failure belongs to Congress. In April 2024, lawmakers acted with unusual speed and bipartisan unity. Congress passed the law after classified briefings depicted an urgent threat: Chinese government access to 170 million Americans' data, the potential for mass surveillance, and algorithmic manipulation serving Beijing's interests. Members framed this as a national security emergency too important to delay.

And yet just nine months later, on Jan. 16—the same day Biden announced his own non-enforcement—Senate Majority Leader Chuck Schumer called for extending the deadline. His reasoning is worth quoting in full: "It's clear that more time is needed to find an American buyer and not disrupt the lives and livelihoods of millions of Americans, of so many influencers who have built up a good network of followers."

Read that again. In nine months, we went from combatting an urgent national security threat to worrying about "influencers who have built up a good network of followers."

And once Trump began his serial non-enforcement, Congress showed near-complete indifference. To be sure, a handful of members voiced objections—Sen. Tom Cotton (R-Ark.) warned companies in January about "ruinous liability" and declared "there will be no extensions, no concessions, and no compromises," while Mark Warner (D-Va.) accused Trump in June of "flouting the law." But these were scattered voices that went nowhere. The political incentives run entirely against confronting Trump. For Republicans, challenging Trump on any issue remains political suicide. For Democrats, having lost significant ground with young voters in the 2024 election, anything that might anger TikTok's youthful user base is apparently off the table.

And so there have been no congressional hearings on whether the executive orders were lawful. There have been no investigations of whether 10 months of non-enforcement violated the separation of powers. There has been no oversight of the deal-making process. And there is—at least so far—no interest in verifying whether today's announced deal actually addresses the national security concerns that had supposedly made the law urgently necessary in the first place.

This last point deserves emphasis. Without knowing the details of the algorithm licensing arrangement—which remain opaque—it's impossible to assess whether any divestiture will be real or merely cosmetic. Will the algorithm truly be outside Chinese control or will it just be renamed while remaining functionally under Beijing's influence? Congress has the constitutional authority to investigate and the institutional capacity to demand answers. It has demonstrated zero appetite to do so.

The long-term damage to Congress's credibility is severe. When the Supreme Court upheld the law, and when commentators like me defended it, the assumption was that Congress's judgment on national security matters could be taken seriously. That trust is now destroyed. Either the threat was real—in which case Congress's abandonment of oversight is inexcusable—or it was never that serious, in which case the emergency legislation was never justified. I tend to think it's the former situation, but, either way, Congress has badly undermined the credibility it needs the next time it asks courts or the public to take its national security assessments seriously.

Ultimately I simply underestimated congressional fecklessness. Perhaps, like Charlie Brown stubbornly believing that, this time, Lucy won't pull the football away, I was naive to trust that Congress would stand up for its institutional prerogatives over its members' short-term political incentives. But after decades of watching Congress shirk its institutional responsibilities, I'm not sure why I thought this time would be different.

The Corporate Betrayal

The third institutional failure is, in some ways, the most surprising. On Jan. 19, the TikTok law went into effect. The law required companies providing services to TikTok—app stores like Apple and Google, cloud providers like Oracle and Akamai, and others—to stop doing business with the platform. The penalties were unambiguous: $5,000 per user. The maximum potential fine across all 170 million American TikTok users was $850 billion. And that liability would accrue quickly, especially for cloud service providers, given that TikTok has tens of millions of users daily. 

The statute was clear and unambiguous in its prohibition. The only way companies could legally avoid liability was if the president certified to Congress that ByteDance had executed a qualified divestiture. My concern at the time was that Trump would simply certify this whether or not ByteDance had actually divested. Even if such certification were effectively fraudulent, it would still probably provide legal cover to the companies—they could point to the formal certification and argue it wasn't their job to look behind it into its truth; that was Congress's oversight responsibility.

But what happened was absurd, even relative to my expectations. On Jan. 19, after pulling service from TikTok for half a day, Oracle and Akamai restored service—before Trump was even president—based purely on signals from his campaign. They didn't wait for Trump to take office. They didn't wait for an executive order. They acted on back-channel assurances alone.

Apple and Google waited a few weeks longer, but what ultimately pushed them to comply were the Justice Department letters from Attorney General Pam Bondi. These letters, while on official letterhead, were hardly a model of convincing legal argumentation. As I've written about previously, they were logically deficient and constitutionally dubious.

This I truly did not see coming. These are some of the world's largest companies with the most elite lawyers—both in-house and outside counsel. The TikTok law was not an exercise in ambiguous statutory interpretation. It was clear and unequivocal. I don't know if the lawyers convinced themselves that Trump could effectively void the law, or whether company leadership overrode their legal advice—and I'm not sure which is worse. 

But either way, America's leading companies chose to go along with executive lawlessness and exposed themselves to hundreds of billions of dollars in potential liability based on nothing more than assurances from a president-elect and legally dubious letters from his attorney general. In effect, these companies have made themselves vulnerable to a form of presidential blackmail—completely beholden to Trump's continued forbearance and exposed to executive pressure at any moment.

The stakes here extend far beyond TikTok or this law. Democracy depends on a robust civil society willing to check government power. When we talk about civil society, we typically focus on journalists, academics, nonprofits, and civic organizations. These actors are certainly important. But the most critical component of civil society is often overlooked: the private sector. Major corporations represent society's productive forces—its economic power, its innovation capacity, and its ability to organize resources independently of the state. When giant companies like Apple, Google, and Oracle enthusiastically go along with executive lawlessness rather than stand up to it, they're not just making business decisions. They're fundamentally altering the balance of power between the executive and civil society. And they're doing so in a way that bodes extremely poorly for American democracy going forward.

***

Here's the bitter irony at the heart of this entire sorry episode: Congress passed the TikTok law because it couldn't trust China with access to American data and algorithmic control. But the law's implementation—such as it's been—has revealed we can't trust our own institutions either. We can't trust the president to enforce laws that he doesn't like, Congress to maintain oversight when it gets politically inconvenient, or corporations to follow clear statutory obligations when they see an opportunity to curry favor with the White House.

Which brings me back to my own lesson learned. Policy analysts often evaluate proposals by asking whether they're good ideas assuming institutions function as designed. But that's like the old physics joke about assuming a spherical chicken in a frictionless vacuum. As the entire field of public choice exists to remind us, whether institutions can actually implement a policy isn't separate from evaluating the policy—it's central to it. In this case, I got the law right but the institutions wrong.

Disclosure: I consult for one of the parties reportedly involved in the TikTok divestment on unrelated matters.