TikTok’s travails highlight that almost every Chinese investment in the United States these days is a concern for the Committee on Foreign Investment in the United States, the U.S. national security regulator commonly called CFIUS. In a world where trade competition and parity is the policy goal of both the United States and China, the divide between China and the remainder of the world will likely only increase.

TikTok is owned by ByteDance, a Chinese technology company based in Beijing. The U.S. concerns focus on data collection and the ability of the Chinese government to access U.S. data as well as worries that TikTok’s American users will be censored or manipulated by the app. TikTok has repeatedly denied any Chinese control, but it cannot dispute that its parent is in China and that ByteDance is subject to PRC law. After what happened in Hong Kong, TikTok’s protestations that it wouldn’t be in China’s interests to exercise control rights ring hollow. Moreover, TikTok’s privacy policy is quite broad and specifically gives TikTok the right to collect “information about the device you use to access the Platform, including . . . file names and types, keystroke patterns or rhythms, and platform.” And the policy specifically allows sharing with ByteDance, TikTok’s parent. 

So, the data threat is real, though its probability is unclear.

Despite the uncertainty over whether China would or ever could effectively exercise its power to examine ByteDance’s data, President Trump has signed an executive order forcing ByteDance to divest TikTok or halt all U.S. operations by September 20th. The threats have pushed ByteDance into talks to sell TikTok’s U.S., Canadian, Australian and New Zealand operations to Microsoft. 

TikTok is caught in a global power struggle, but TikTok has also made its situation worse for itself. To understand why, you need to understand the U.S. national security review process. In the United States, acquisitions by foreign nationals are subject to review by CFIUS. The CFIUS regime was implemented in 1988 with the Exon-Florio Amendment to 1950’s Defense Production Act. Back then, Japanese companies seemed poised to take over the world. Panic spread throughout the federal government when Fujitsu sought to acquire Fairchild Semiconductor — an acquisition it subsequently abandoned due to heavy government scrutiny.

Until recently, the CFIUS regime was wholly voluntary, but there was an incentive to file a notice with CFIUS if a foreign acquirer thought it was making an acquisition in a sensitive industry. If the acquisition was subjected to a review and gained approval, then the U.S. government was generally barred from coming back and unwinding the acquisition.  

For years, though, CFIUS was an afterthought, and many buyers simply decided not to file (or didn’t know about it) unless the acquisition was in the defense industry or another flashpoint. There was a kerfuffle, for example, when Dubai Ports World tried to buy the owner of six U.S. ports in 2006. Huawei has also been a target since at least 2008 when CFIUS blocked Huawei’s attempt to acquire 3Com.

This all began to change in the Obama era. In 2012 President Obama ordered a Chinese-owned corporation named Ralls to divest a number of wind farms that were located too close to a military base. The Ralls incident marked a sea-change as CFIUS began to more frequently scrutinize Chinese transactions, including those beyond core sensitivities. After all, who would have thought a wind farm was a national security threat?  

It’s amidst this shift that TikTok comes in. ByteDance bought Musical.ly, a lip-syncing app with a large audience among children in the U.S., for a rumored $1 billion in November 2017. Though Musical.ly was Chinese-owned, its assets were American. Musical.ly merged with TikTok in August 2018. But, inexplicably, TikTok did not file for CFIUS review for the acquisition. I say inexplicably because, by 2017, the writing was on the wall that CFIUS was going to take a wider view of what implicated national security. Moreover, CFIUS was clearly focused on China even back then. 

Of the 552 transactions that CFIUS investigated between 2015 and 2017, about 25 percent were Chinese, according to a CSIS review. In 2018, CFIUS’s regulations also changed to include data concerns in its jurisdiction. This shift became crystal clear in 2019 when CFIUS ordered the unwinding of a Chinese company’s investment in Grindr, the gay dating app, due to data access concerns. Since the Grindr action, CFIUS has consistently acted to prevent Chinese companies from accessing U.S. data. The most recent action came in March 2020, when CFIUS recommended that President Trump order Beijing Shiji Information Technology Co. Ltd. to divest StayNTouch, Inc., a company acquired in 2018 that provides software management for hotel keys and other hotel operations. 

Of the 552 transactions that CFIUS investigated between 2015 and 2017, about 25 percent were Chinese.

In the wake of the StayNTouch action, it seems obvious to conclude that CFIUS has blocked off all Chinese acquisitions implicating U.S. data access. And these actions come as CFIUS has also blocked or put restrictions on a broader array of transactions in the food technology, telecommunications and real estate spheres. CFIUS has thus become a key bulwark in the national security fight, and it has become so by redefining what constitutes a U.S. national security threat. 

Much of the shift, however, is not just about national security but an increasingly mercantilist trade policy. For years, China has blocked the major U.S. apps through its Great Firewall and demanded that servers be located in its territory. For the U.S. to make equivalent claims is not out of bounds in this competition. CFIUS is merely one tool among many being utilized by the United States in this fight along with the variety of export regulations on the books. This seems to be a secular change, one that will persist no matter which party wins the next election.

In the short term, the U.S.’s own firewall will hobble China, restricting China’s technology giants to Asian markets and providing the U.S. access to the rest of the world. The reason why is that, thus far, the Chinese, other than TikTok, have failed to put forth apps or platforms that can compete with the U.S. giants. Moreover, other nations appear to be aligning with the U.S. on this; India has already blocked TikTok, for example, due to its own dispute with China.

And any foreigner (Chinese or otherwise) making a U.S. acquisition will now be advised to file a CFIUS application no matter how unrelated to national security the acquisition seems. An example of this is the pending $5 billion sale of 15 Ritz Carlton and other luxury hotels by Dajia (Anbang’s successor) to a South Korean entity. The parties there filed for CFIUS clearance despite the low risk of intervention (at least right now). 

As for ByteDance, it has no cards left to play after failing to file for the Musical.ly acquisition. It was first reported in November 2019 that CFIUS was reviewing the Musical.ly acquisition, and on Friday President Trump affirmed CFIUS’s recommendation to order the divestiture of TikTok’s U.S. assets under the Exon-Florio Act. TikTok has 90 days to comply with this order (though it will likely get an extension provided it is making efforts to sell the asset and puts in some kind of access limitations).

There is little avenue for legal appeals of this order in U.S. courts.  A Microsoft sale is thus a means for TikTok to salvage as much value as it can.

China may indeed retaliate, but it lacks leverage against the tech giants having already blocked them. This will leave other U.S. companies exposed and only hasten U.S. company’s rush to build alternative supply chains outside China (read: Apple).

The TikTok saga highlights how broad a scope the U.S. is taking on national security these days. But it is also yet another marker that the Chinese and U.S. technology spheres are sharply diverging, a split likely to remain for a long time.  

---