Published by The Lawfare Institute
in Cooperation With
Global Tech Platforms Stonewall Hong Kong Authorities’s Data Requests
Major tech companies announced plans this month to suspend compliance with data requests from Hong Kong’s government following China’s enactment of a new national security law for the city. On July 6, Facebook said it would halt its reviews of such requests, including those directed to WhatsApp, a popular messaging app that Facebook owns. Google and Microsoft made similar announcements that same day. Other large American platforms like LinkedIn and Zoom later followed suit. And some international platforms have suspended compliance, including Telegram, a Russian messaging app used widely in Hong Kong’s protest movement. Social media app TikTok, which the Chinese company ByteDance owns and markets abroad, released plans to leave Hong Kong altogether.
Under normal circumstances, tech companies often provide data about users in particular jurisdictions to those jurisdictions’s governments or law enforcement upon request. In the latter half of 2019, Hong Kong authorities made 241 such requests of Facebook and WhatsApp. But with the city’s security law in place, tech companies are worried that data requests could help Hong Kong’s authorities suppress speech they oppose. The security law includes vague provisions that apply extraterritorially and potentially criminalize a wide range of speech that could be construed as subverting the government or otherwise threatening security. One Facebook representative, when discussing the company’s decision, explained that it sought to protect “freedom of expression” as a “fundamental human right.” A spokesperson from Twitter emphasized that the company had paused compliance out of a need to evaluate the new law’s implications.
Many analysts believe that tech companies’s noncompliance with data requests could jeopardize their long-term status in Hong Kong. The security law’s prohibitions against subverting government authority apply to foreign companies, as the law permits offenses to be charged against “a person who is not a permanent resident.” And the Hong Kong government has made clear that companies’s failure to cooperate with official requests could lead to criminal actions against them and their employees. Additionally, the security law places other requirements on tech companies that could also cause conflict with local authorities going forward. For instance, the law obligates companies to remove criminalized content from their platforms, and police may enforce the law by seizing electronic devices—such as companies’s servers—without a warrant.
Given the law’s potential impacts on tech firms, commentators have suggested it could lead platforms to exit Hong Kong entirely, or significantly scale down operations. “The national security law,” says Samm Sacks, a fellow at New America and at Yale Law School’s Paul Tsai China Center, “is going to lead to a complete overhaul of how tech companies approach Hong Kong.” Some argue, though, that the security law’s practical effect on companies may be limited. China could choose to apply its law selectively, analysts have suggested, and the law exempts tech companies from sharing data that is “not reasonably available.”
Many tech companies would face only a minimal financial burden if they pulled back from Hong Kong. Hong Kong accounts for less than 0.3 percent of total users for LinkedIn, Facebook and Twitter (though the Chinese mainland is a larger source of revenue for companies like Facebook). But scaling down operations may be harder for others. Google, Amazon and Microsoft, for instance, each maintain data centers in Hong Kong. And companies that derive a large share of their revenue from China as a whole could have more to lose if exiting the city sours relations with Beijing. Analysts believe Apple, in particular, has much at risk given its large manufacturing presence and hardware sales in China.
Decisions by global tech firms to halt data requests come as Hong Kong’s security law stokes tensions between China and many other nations. The European Union expressed strong concerns over human rights in the city during the bloc’s summit with Chinese leaders last month, and on June 19, the European Parliament voted in favor of taking China to the International Court of Justice over the Hong Kong security legislation. U.K. Prime Minister Boris Johnson offered a pathway to British citizenship for an estimated three million Hong Kong residents after the security law’s passage. China has also lashed out at its critics. After Canadian Prime Minister Justin Trudeau criticized the security law, a Chinese spokesperson stated his remarks could “damage” Canada-China relations and “seriously violated international law.” U.S. Secretary of State Mike Pompeo recently lauded American tech giants for “refusing to surrender” data to Hong Kong.
United States Considers Banning TikTok
Secretary of State Mike Pompeo said in a July 6 interview that the Trump administration may restrict U.S. users’s access to the Chinese social media and video app TikTok, over concerns that the Chinese government could use the app to gather data on U.S. citizens and spread propaganda. When asked if Americans should download TikTok, Pompeo said, “Only if you want your private information in the hands of the Chinese Communist Party.”
Pompeo’s comments come shortly after the Indian government’s announcement on June 30 that it would ban access to TikTok—as well as dozens of other Chinese apps—within its borders. In a statement, India’s technology regulator said the decision came after the government received “credible inputs that such apps pose [a] threat to [the] sovereignty and integrity of India.”
U.S. regulators have not provided clear evidence that TikTok’s parent company, Bytedance, provides U.S. users’s personally identifiable information to the Chinese government. But U.S. security analysts argue that a suite of Chinese laws give regulators broad authority to demand data from private companies based in the People’s Republic. China’s 2017 National Intelligence Law, for example, requires organizations to “support, assist and cooperate with state intelligence work.” Meanwhile, the 2014 Counter-Espionage Law says that organizations “may not refuse” requests for “relevant evidence” from state authorities investigating espionage. Because TikTok has more than 165 million downloads in the United States, the data it collects could theoretically help Beijing in a variety of intelligence gathering and surveillance campaigns. For its part, Bytedance has said repeatedly that it does not provide user data to the Chinese government and would not do so if asked.
Still, revelations about the company have alarmed analysts and policymakers. In February 2019, the company paid a fine of $5.7 million to the Federal Trade Commission for illegally collecting data from children under 13. And this month the Federal Trade Commission and the Justice Department began investigating allegations that TikTok failed to comply with the law after paying the fine. Last year, leaked internal moderation guidelines from TikTok demonstrated that the company was censoring content from U.S. users in accordance with Chinese content moderation practices; the company later said they had revised these guidelines for the U.S. market. And in June, an update to Apple’s iOS alerted users that TikTok was accessing their clipboards, even while the app was in the background. The company had pledged to end the practice last year.
In discussing TikTok, Pompeo did not make clear how the Trump administration intended to restrict access to the app. Analysts have speculated that the President could invoke the International Economic Emergency Powers Act to bar the company from doing business in the United States on national security grounds. In Executive Order 13873, issued in May of 2019, the President laid the groundwork for such a move: the order bans any “acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology” that poses a risk of “sabotage” or “subversion.” Meanwhile, the Committee on Foreign Investment in the United States (CFIUS) has broad power to regulate mergers and acquisitions on national security grounds. If CFIUS were to find that TikTok posed a risk to U.S. national security, the President could order the company to restructure and further separate its U.S. presence from its Chinese parent-company.
Apart from action from the Federal Trade Commission, various federal government regulators have raised concerns about TikTok. Last November, when CFIUS launched a national security probe into the video streaming service, sources close to the investigation said that CFIUS was concerned about Bytedance’s data collection and censorship practices. In December, the Department of Defense told military personnel to delete TikTok from their phones, so that “unwanted actors” would not have access to the personally identifiable information users transmit through the app. In January, the Department of Homeland Security and the State Department followed suit. And in March, Sen. Josh Hawley introduced a bill that would prohibit federal employees from using TikTok on government devices.
American firms have raised similar concerns. Wells Fargo told its employees to delete TikTok from their company devices. Amazon sent a similar message to its employees on July 10 before quickly reversing course and saying the email was sent in error.
In Other News
Last week, reports suggested that Trump administration officials had drafted a proposal to bar members of the Chinese Communist Party (CCP) from visiting the United States. The CCP has 92 million registered members, many of whom have little or no role in Chinese governance. A spokesperson for the Chinese Ministry of Foreign Affairs called the idea of denying visas to CCP members “ridiculous” and added that the CCP had been “chosen” by the Chinese people.
Secretary of State Mike Pompeo said on July 15 that the United States would restrict visas to the United States for employees of Huawei and other Chinese firms over concerns about their connection to Beijing’s forced detention and labor programs in Xinjiang. Pompeo said that companies who provide “material support to regimes engaging in human rights violations and abuses globally” would be subject to stricter scrutiny. He added that "Certain Huawei employees provide material support to the CCP regime that commits human rights abuses.” A spokesperson for Huawei said that “Huawei operates independent of the Chinese government,” and added that the company was “disappointed by this unfair and arbitrary action.”
On July 14, the British government announced a phased ban on the use of Huawei equipment for 5G. Starting from December 31, the Chinese telecom giant will be barred from providing new materials for 5G telecommunications in the U.K., while existing equipment provided by Huawei for 5G must be removed by 2027. The move reverses a January decision to allow Huawei to play a limited role in the country’s 5G rollout. “As facts have changed, so has our approach,” said Oliver Dowden, the government minister in charge of telecommunications. “This has not been an easy decision, but it is the right one for the U.K.’s telecoms networks, for our national security and our economy, both now and indeed in the long run.” The move counts as a victory for the Trump administration, which has long lobbied Britain and other U.S. allies to bar Huawei from their 5G systems.
On July 14, President Trump signed into law the Hong Kong Autonomy Act, which will require the U.S. to sanction Chinese officials in response to a national security law targeting Hong Kong. Trump also issued an executive order ending special trade privileges with the city. The new national security law is widely seen as a violation of Hong Kong’s legal autonomy under the “one country, two systems” model enshrined in the city’s Basic Law—a mini-constitution established when Britain handed over the former colony to China in 1997. The new national security law includes sweeping provisions that criminalize “secession, subversion, terrorism, and collusion with foreign forces.” Beijing has already pointed to the law to suggest that an unofficial primary for the city’s pro-democracy movement might be illegal.
Secretary of State Mike Pompeo issued a statement on July 13 rejecting most of China’s maritime claims in the South China Sea. The statement claims that “Beijing has offered no coherent legal basis for its “Nine-Dashed Line” claim in the South China Sea since formally announcing it in 2009,” and goes on to reject the PRC’s expansive claims to jurisdiction in the waters of the South China Sea—consistent with the ruling of a 2016 international arbitral tribunal. While the U.S. has previously indicated that it views China’s activity in the region as unlawful, the statement marks the first time Washington has rejected specific Chinese claims. The announcement comes amid rising tensions in the South China Sea. In early July, the U.S. Navy sent two aircraft carriers into the waters shortly after the Pentagon issued a statement expressing concern over Chinese military activity in the region. In response, Chinese Communist Party mouthpiece Global Times ran an op-ed saying that the U.S. presence in the South China Sea was “at the pleasure of” the People’s Liberation Army.
China on July 13 sanctioned U.S. officials including Sen. Marco Rubio, Sen. Ted Cruz, Representative Chris Smith and Ambassador at Large for International Religious Freedom Sam Brownback. China’s sanctions came in response to new U.S. sanctions on Chinese officials involved in China’s Uighur detention, forced labor and sterilization programs, through which China has imprisoned more than a million residents of Xinjiang province as part of a campaign of cultural erasure. China’s Ministry of Foreign Affairs spokesperson, Hua Chunying, said the retaliatory sanctions would be in place from July 13, but gave no details on what they would entail.
In the Nikkei Asian Review, Max J. Zenglein advocates for the European Union to adopt a more assertive posture towards China. In Foreign Affairs, Sheena Chestnut Greitens and Julian Gewirtz argue that democratic nations must push back against the spread of China’s public health model. In the Washington Post, John Pomfret calls for a truce between the United States and China on foreign media restrictions. And the Wall Street Journal editorial board writes in support of the State Department’s decision to declare China’s actions in the South China Sea unlawful.
For the Diplomat, Yaqiu Wang discusses the state of human rights activism in China, three years after the death of Chinese Nobel Peace Laureate Liu Xiaobo. Writing for the Brookings Institution, David Dollar, Yiping Huang and Yang Yao analyze domestic reforms that China should prioritize in the wake of the COVID-19 pandemic. For the Council on Foreign Relations, Brad W. Setser and Dylan Yalbir find that China has made little progress toward meeting trade commitments outlined in its phase one deal with the United States. At the Peterson Institute for International Economics, Nicholas R. Lardy and Tianlei Huang contend that despite rhetoric of decoupling, the United States and China are not unwinding their financial linkages.
For Lawfare, Richard Altieri, Vishnu Kannan and Laya Maheshwari analyze the media coverage in China and India, respectively, surrounding the two countries’s June 16 border clash. Adira Levine explores transparency issues regarding the National Security Commission on Artificial Intelligence—a congressionally established body that analyzes the security implications of artificial intelligence. On the Lawfare Podcast, Alvin Cheung, Jeremy Daum and Sophia Yan discuss similarities between China’s policies in Xinjiang, Hong Kong and Tibet.