For the past several years the Biden Administration and TikTok have been negotiating a deal to resolve national security concerns posed by the Chinese-owned app. Here’s an exclusive look inside a draft of the deal and what TikTok might have to give up to keep operating in the United States.
By Emily Baker-White, Forbes Staff
TikTok's Chinese parent company ByteDance has spent years negotiating a national security agreement with the Biden Administration that would avoid a ban on the short video app in the United States. Now, a draft of that agreement from summer 2022 reveals just how much control ByteDance may have to give the U.S. government. Were it to be finalized, the agreement would provide the government near unfettered access to internal TikTok information and unprecedented control over essential functions that it does not have over any other major free speech platform.
The document, nearly 100 pages long, is designated as a confidential attorneys’ draft and contains comment exchanges between lawyers for ByteDance and the Committee on Foreign Investment in the United States (CFIUS), a group of federal agencies that investigates foreign investment in business deals that could threaten national interests.
The draft agreement, as it was being negotiated at the time, would give government agencies like the DOJ or the DOD the authority to:
- Examine TikTok’s U.S. facilities, records, equipment and servers with minimal or no notice,
- Block changes to the app’s U.S. terms of service, moderation policies and privacy policy,
- Veto the hiring of any executive involved in leading TikTok’s U.S. Data Security org,
- Order TikTok and ByteDance to pay for and subject themselves to various audits, assessments and other reports on the security of TikTok’s U.S. functions, and,
- In some circumstances, require ByteDance to temporarily stop TikTok from functioning in the United States.
The draft agreement would make TikTok’s U.S. operations subject to extensive supervision by an array of independent investigative bodies, including a third-party monitor, a third-party auditor, a cybersecurity auditor and a source code inspector. It would also force TikTok U.S. to exclude ByteDance leaders from certain security-related decision making, and instead rely on an executive security committee that would operate in secrecy from ByteDance. Members of this committee would be responsible first for protecting the national security of the United States, as defined by the Executive Branch, and only then for making the company money.
Ama Adams, a managing partner and CFIUS expert at Ropes & Gray, said that some of the government powers in the draft agreement were somewhat typical — including the right to inspect a company’s facilities and materials, and the use of a third-party monitor. But “setting up a structure that has allegiance to the United States — I’ve never seen language, per se, to that extent.”
These provisions seem designed to address fears — expressed by the Biden Administration, the Trump Administration, and legislators in both parties — that TikTok’s foreign ownership and control threaten U.S. national security. More than 150 million Americans use TikTok for an average of 90 minutes each day, which gives the app vast influence over American commerce, culture and discourse, and access to sensitive, private information about nearly half the American public. Without government oversight, lawmakers and regulators fear that ByteDance might be required by the Chinese government to use the app to spy on Americans or influence what messages we see. (Disclosure: In a previous life, I held policy positions at Facebook and Spotify.)
“That would raise serious concerns about the government’s ability to censor or distort what people are saying or watching on TikTok.”
More than four years ago, CFIUS began investigating ByteDance over these concerns. In 2020, the Trump Administration attempted to ban the app outright, but that effort was foiled when a federal court found that the Administration had not given ByteDance the necessary due process. This draft agreement is a snapshot of an ongoing attempt to avoid more radical government action against the company, including forcing ByteDance to sell TikTok to a U.S. company, or banning it entirely.
But in trying to prevent foreign interference with TikTok, the draft agreement could give the U.S. government some of the same types of power that it fears the Chinese government could abuse. In one revealing comment exchange, attorneys for ByteDance explain to CFIUS that they have added language that prevents the government from demanding changes to TikTok's recommendation algorithm simply because it recommended content that the government does not like.
“If this agreement would give the U.S. government the power to dictate what content TikTok can or cannot carry, or how it makes those decisions, that would raise serious concerns about the government’s ability to censor or distort what people are saying or watching on TikTok,” Patrick Toomey, deputy director of the ACLU’s National Security Project, told Forbes.
Glenn Gerstell, a senior adviser at the Center for Strategic and International Studies and former general counsel for the NSA, said it was not surprising that the draft agreement would give the government broad power. “My sense is that the agreement was intended to be one of the most broadly drawn agreements CFIUS has entered into, precisely because of the very unusual nature of the threat and circumstance,” he told Forbes.
Because the draft is approximately a year old, it is not clear how it may have changed — or even whether negotiations between the parties have continued. In March, CFIUS demanded that ByteDance pursue a sale or face a ban, after the government began a federal criminal investigation into the company for spying on journalists, including this reporter. Since then, both the company and CFIUS itself — which is prevented by law from discussing ongoing matters — have been silent about the status of negotiations.
[Do you have information about TikTok or CFIUS that the public should know? Reach out securely to Emily Baker-White at ebakerwhite@forbes.com ]
In response to a detailed list of questions about the draft agreement, a spokesperson for the Treasury Department, which chairs the CFIUS committee, said: “In every case the Committee reviews, CFIUS takes all necessary actions within its authority to safeguard national security and will not resolve any transaction unless it determines there are no unresolved national security concerns.” The department did not respond to a question about how it prevents government overreach in the enforcement of CFIUS contracts. The Department of Justice declined to comment, but Deputy Attorney General Lisa Monaco previously advised consumers not to use the app.
TikTok spokesperson Alex Haurek provided Forbes with the following statement: “It is inappropriate and completely unfair to be asked to comment on a document that we cannot validate.” Forbes did not provide TikTok with a copy of the draft agreement in order to protect sources.
The statement continued: “As has been widely reported, we've been working with CFIUS for well over a year to implement a national security agreement and have invested significant resources in implementing a firewall to isolate U.S. user data. Today, all new protected U.S. user data is stored in the Oracle Cloud Infrastructure in the U.S. with tightly controlled and monitored gateways. We are doing more than any peer company to safeguard U.S. national security interests."
If finalized, the draft agreement would mean TikTok is subject to significantly more government oversight than domestic competitors like Facebook, Instagram, YouTube and Twitter, which operate largely free from government intervention in their policymaking, contracts and internal affairs — so long as they avoid violating existing U.S. laws. But regulators are torn about the extent to which the government should be involved in controlling social media, with some pushing for the end of the legal immunity for what users post, and others arguing that would usher in widespread censorship. Just last month, a judge in Louisiana placed limits on whether and how government officials could petition those platforms to remove content. The communications in the case were nonbinding requests from the government that notified platforms of content that might violate their rules.
Some of the draft contract provisions that ByteDance’s attorneys argued most vehemently against appeared to be ones that would permit the government to unilaterally and at any moment alter specific parts of the contract in the future — highly unusual in any contract. In one exchange in the comments, ByteDance lawyers object to a term that would allow the government to change which types of data ByteDance employees would be allowed to access under the agreement. ByteDance asks the government for more clarity, saying that it can’t reasonably run advertising and e-commerce businesses if the data it has access to could be changed at any time. The government responds, somewhat vaguely, by saying that the types of data that are given protected status may need to change over time for national security reasons.
There is a similar exchange in another part of the contract about when the government should have veto power over ByteDance’s contracts with vendors. In it, ByteDance tells CFIUS that giving the government veto power over all of its contracts would be commercially impracticable. CFIUS responds by noting that, in certain situations, they may need to veto a contract but not tell ByteDance why.
The reason for this secrecy is likely that executive departments like the DOJ and DOD rely on human intelligence — spies and their sources — to alert them to potential national security threats. If they received a tip about a certain vendor, or about foreign government collection of certain forms of data, they might want to veto the vendor or reclassify the data type without alerting anyone that they knew about the tip.
CFIUS agreements are generally kept confidential. “Not everyone wants the provisions of their [national security agreement] to be public,” said Adams, noting that the agreements often contain proprietary information that could help a business’s competitors.
But Toomey argues the circumstances of TikTok's deal, whatever they turn out to be, are unprecedented and deserve public scrutiny. “Any agreement that would give the government such extraordinary power over a communications platform used by millions of Americans should be public, not secret.”